CryptoSys PKI  23.0.0
Public Types | Static Public Member Functions | List of all members
dipki::Pfx Class Reference

PKCS-12 (PFX) File Functions. More...

Public Types

enum  Opts : unsigned int
 Bitwise options for creating a PFX file [BitFlags]. More...
 

Static Public Member Functions

static int MakeFile (const std::string &fileToMake, const std::string &certList, const std::string &privateKeyFile="", const std::string &password="", const std::string &friendlyName="", Opts opts=Opts::Default)
 Create a PFX (PKCS-12) file from an X.509 certificate and (optional) encrypted private key file. More...
 
static bool SignatureIsValid (const std::string &fileName, const std::string &password)
 Verify the MacData signature in a PKCS-12 file. More...
 

Detailed Description

PKCS-12 (PFX) File Functions.

Member Enumeration Documentation

◆ Opts

enum dipki::Pfx::Opts : unsigned int

Bitwise options for creating a PFX file [BitFlags].

Enumerator
Default 

Default options.

StrongCert 

Encrypt the certificate with "stronger" Triple DES (default is "weak" 40-bit RC2).

PlainCert 

Store the certificate in unencrypted form (default is encrypted with 40-bit RC2).

CloneKey 

Store the private key in the exact form of the pkcs-8 input file (default is to re-encrypt with Triple DES).

DoubleEncrypt 

Double-encrypt the private key (specialist option).

Aes256_Sha256 

Encrypt both the private key and certificate using "AES256-SHA256".

AltFormat 

Create a PFX file with the exact peculiarities used by Microsoft (default is OpenSSL).

FormatPem 

Create the output file in PEM format (default is DER-encoded binary).

Member Function Documentation

◆ MakeFile()

static int dipki::Pfx::MakeFile ( const std::string &  fileToMake,
const std::string &  certList,
const std::string &  privateKeyFile = "",
const std::string &  password = "",
const std::string &  friendlyName = "",
Opts  opts = Opts::Default 
)
static

Create a PFX (PKCS-12) file from an X.509 certificate and (optional) encrypted private key file.

Parameters
fileToMakename of output file to be created
certList(required) Filename of the subject's X.509 certificate (or a string containing the certificate in base64 or PEM representation) followed by optional extra certificates to be included separated by a semicolon ";"
privateKeyFilefilename of the subject's encrypted private key in pkcs-8 format (optional)
passwordpassword for private key file and new PFX file
friendlyNamefriendly name identification for the subject (optional)
optsSpecialist options
Returns
Zero if successful.
Remarks
The default behaviour is to encrypt the certificate using "weak" 40-bit RC2 and the private key (if provided) using "standard" Triple DES (pbeWithSHAAnd3-KeyTripleDES-CBC).

◆ SignatureIsValid()

static bool dipki::Pfx::SignatureIsValid ( const std::string &  fileName,
const std::string &  password 
)
static

Verify the MacData signature in a PKCS-12 file.

Parameters
fileNameName of PKCS-12 file to be checked (or a string with its PEM representation).
passwordPassword for file.
Returns
true if signature is OK.
Remarks
This just checks that the MacData signature is OK using the given password.
Copyright © 2004-24 D.I. Management Services Pty Limited t/a CryptoSys ABN 78 083 210 584 Australia. All rights reserved. <www.di-mgt.com.au> <www.cryptosys.net>. Generated on Mon Sep 23 2024 15:37:33 by Doxygen 1.9.1.