On Fri, Dec 16, 2011, Michael S. Zick wrote: > On Fri December 16 2011, _daxh_ wrote: > > > > Hello. > > > > I have signed certificate stored in cert.pem file. Also I have private key > > stored in iPhoneMyBase64PrivateKey.pem. Then I can use the fillowing openSSL > > comand: > > > > $openssl pkcs12 -export -out certificate.pfx -inkey > > iPhoneMyBase64PrivateKey.pem -in cert.pem > > > > to create certificate.pfx, that could be properly installed into iPhone > > system security stoarage as Security Profile. > > > > How to create this pfx file from cert and privatekey without openSSL ? > > because I need to create it programmatycally on iPhone. > > > > I already familiar with ASN.1, I've already read different pdf's at rsa > > laboratories and etc. But there are a lot of different options, and I can > > not understand what parts should be encrypted, with what keys, what parts > > should be signed and so on. > > > > So, is it possible to find somewhere somekind of step-by-step guide: > > > > Here is the "step-by-step" of the command you are using: > http://cvs.openssl.org/fileview?f=openssl/apps/pkcs12.c&v=1.79.2.12 > > Also found along the same path in your copy of the source. > > Just ignore the parts that do not apply in your end-use case. >
While that will work the pkcs12.c application is a general purpose PKCS#12 file creator which may well be more complex than the OPs needs. There is also a much simpler PCKS12_create() function with and example in demos/pkcs12/pkwrite.c however that assumes you have OpenSSL available on the iPhone (not sure about that). An alternative might be to find out what happens when you import a PKCS#12 file (i.e. the API it uses to import a certificate and private key) and use those directly on the PEM files without going through an intermediate PKCS#12 files. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org