zxid
view release on metacpan or search on metacpan
if (!(bags = (STACK_OF(PKCS12_SAFEBAG)*)sk_new(NULL))) GOTO_ERR("no memory?");
if (!(bag = M_PKCS12_x5092certbag(x509))) GOTO_ERR("M_PKCS12_x5092certbag");
if (friendly_name) PKCS12_add_friendlyname(bag, friendly_name, -1);
PKCS12_add_localkeyid(bag, keyid, keyidlen);
sk_push((_STACK*)bags, (char*)bag);
/* Turn certbags into encrypted (why?) authsafe */
if (!(authsafe = PKCS12_pack_p7encdata(NID_pbe_WithSHA1And40BitRC2_CBC,
pkcs12_passwd, -1 /* use strlen */,
NULL /*salt*/, 0 /*saltlen*/,
PKCS12_DEFAULT_ITER, bags)))
GOTO_ERR("PKCS12_pack_p7encdata");
sk_pop_free((_STACK*)bags, (void (*)(void *))PKCS12_SAFEBAG_free);
bags = NULL;
if (!(safes = (STACK_OF(PKCS7)*)sk_new(NULL))) GOTO_ERR("no memory?");
sk_push((_STACK*)safes, (char*)authsafe);
/* Make a shrouded key bag */
p8 = EVP_PKEY2PKCS8 (pkey);
/*PKCS8_add_keyusage(p8, KEY_EX|KEY_SIG); / * MS needs this? */
PKCS12_add_localkeyid(bag, keyid, keyidlen);
} /*else if(canames && (catmp = sk_shift(canames)))
PKCS12_add_friendlyname(bag, catmp, -1);*/
sk_push((_STACK*)bags, (char *)bag);
}
/*if (canames) sk_free(canames);*/
/* Turn certbags into encrypted authsafe */
if (!(authsafe = PKCS12_pack_p7encdata(NID_pbe_WithSHA1And40BitRC2_CBC,
pkcs12_passwd, -1 /* use strlen */,
NULL /*salt*/, 0 /*saltlen*/,
PKCS12_DEFAULT_ITER, bags)))
GOTO_ERR("PKCS12_pack_p7encdata");
sk_pop_free((_STACK*)bags, (void (*)(void *))PKCS12_SAFEBAG_free);
if (!(safes = (STACK_OF(PKCS7)*)sk_new(NULL))) GOTO_ERR("no memory?");
sk_push((_STACK*)safes, (char *)authsafe);
/* Make a shrouded key bag */
p8 = EVP_PKEY2PKCS8 (pkey);
EVP_PKEY_free(pkey);
/*PKCS8_add_keyusage(p8, KEY_EX|KEY_SIG); / * MS needs this? */
* write them to pkbio */
for (i = 0; i < sk_num((_STACK*)authsafes); i++) {
PKCS7* authsafe = (PKCS7*)sk_value((_STACK*)authsafes, i);
int bagnid = OBJ_obj2nid(authsafe->type);
if (bagnid == NID_pkcs7_data) {
bags = M_PKCS12_unpack_p7data(authsafe);
} else if (bagnid == NID_pkcs7_encrypted) {
/* undo transport armour encryption */
bags = M_PKCS12_unpack_p7encdata(authsafe, pkcs12_passwd, -1);
} else continue; /* unrecognized bag type */
if (!bags) GOTO_ERR("02 no bags found (is this a PKCS12 file?)");
/* Now iterate over all bags found */
for (j = 0; j < sk_num((_STACK*)bags); j++) {
PKCS12_SAFEBAG* bag = (PKCS12_SAFEBAG*)sk_value((_STACK*)bags, j);
switch (M_PKCS12_bag_type(bag)) {
case NID_keyBag:
if (!(cbio = BIO_new(BIO_s_mem()))) GOTO_ERR("no memory?");
for (i = 0; i < sk_num ((_STACK*)authsafes); i++) {
PKCS7* authsafe = (PKCS7*)sk_value((_STACK*)authsafes, i);
int bagnid = OBJ_obj2nid(authsafe->type);
if (bagnid == NID_pkcs7_data) {
bags = M_PKCS12_unpack_p7data(authsafe);
} else if (bagnid == NID_pkcs7_encrypted) {
/* undo transport armour encryption */
bags = M_PKCS12_unpack_p7encdata(authsafe, pkcs12_passwd, -1);
} else continue; /* unrecognized bag type */
if (!bags) GOTO_ERR("02 no bags found (is this a PKCS12 file?)");
/* Now iterate over all bags found */
for (j = 0; j < sk_num((_STACK*)bags); j++) {
EVP_PKEY* pkey;
PKCS8_PRIV_KEY_INFO *p8;
PKCS12_SAFEBAG* bag = (PKCS12_SAFEBAG*)sk_value((_STACK*)bags, j);
zxid-faq.pd view on Meta::CPAN
implementation, providing functionality roughly similar to
CardSpace. You can download it from
http://www.bandit-project.org/index.php/Digital_Me
rpm2cpio digitalme-0.4.1238-2.1.i586.rpm | cpio -di
97.15.2 Setting up IdP account
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
For one InfoCard aware IdP, please see: http://www.cdatazone.org/index.php?/archives/27-Managed-Infocard-Demo.html
1. Register at the IdP site (e.g. https://www.ctindustries.net/icard/index.php)
2. Download the card ("Retrieve Managed Card" link (savea as "cdatamanaged.crd" by default).
3. Install the card to DigitalMe
97.15.3 Yubikey Support
~~~~~~~~~~~~~~~~~~~~~~~
ZXID supports the yubikey USB One Time Password (OTP) tokens from yubico.com.
The token should be personalized such that the prefix of the ticket is the
UID and the remainder is the ticket proper. The AES128 shared secret in hex is
populated in UID/.yk directory. See also zxid-log.pd for description.
( run in 0.232 second using v1.01-cache-2.11-cpan-ec4f86ec37b )