zxid

 view release on metacpan or  search on metacpan

pkcs12.c  view on Meta::CPAN

  
  if (!(bags = (STACK_OF(PKCS12_SAFEBAG)*)sk_new(NULL))) GOTO_ERR("no memory?");  
  if (!(bag = M_PKCS12_x5092certbag(x509))) GOTO_ERR("M_PKCS12_x5092certbag");
  
  if (friendly_name) PKCS12_add_friendlyname(bag, friendly_name, -1);
  PKCS12_add_localkeyid(bag, keyid, keyidlen);
  sk_push((_STACK*)bags, (char*)bag);
  
  /* Turn certbags into encrypted (why?) authsafe */
  
  if (!(authsafe = PKCS12_pack_p7encdata(NID_pbe_WithSHA1And40BitRC2_CBC,
					 pkcs12_passwd, -1 /* use strlen */,
					 NULL /*salt*/, 0 /*saltlen*/,
					 PKCS12_DEFAULT_ITER, bags)))
    GOTO_ERR("PKCS12_pack_p7encdata");
  sk_pop_free((_STACK*)bags, (void (*)(void *))PKCS12_SAFEBAG_free);
  bags = NULL;

  if (!(safes = (STACK_OF(PKCS7)*)sk_new(NULL))) GOTO_ERR("no memory?");
  sk_push((_STACK*)safes, (char*)authsafe);
  
  /* Make a shrouded key bag */

  p8 = EVP_PKEY2PKCS8 (pkey);
  /*PKCS8_add_keyusage(p8, KEY_EX|KEY_SIG);  / * MS needs this? */

pkcs12.c  view on Meta::CPAN

      PKCS12_add_localkeyid(bag, keyid, keyidlen);
    } /*else if(canames && (catmp = sk_shift(canames))) 
	PKCS12_add_friendlyname(bag, catmp, -1);*/
    sk_push((_STACK*)bags, (char *)bag);
  }
  
  /*if (canames) sk_free(canames);*/
  
  /* Turn certbags into encrypted authsafe */

  if (!(authsafe = PKCS12_pack_p7encdata(NID_pbe_WithSHA1And40BitRC2_CBC,
					 pkcs12_passwd, -1 /* use strlen */,
					 NULL /*salt*/, 0 /*saltlen*/,
					 PKCS12_DEFAULT_ITER, bags)))
    GOTO_ERR("PKCS12_pack_p7encdata");
  sk_pop_free((_STACK*)bags, (void (*)(void *))PKCS12_SAFEBAG_free);
	
  if (!(safes = (STACK_OF(PKCS7)*)sk_new(NULL))) GOTO_ERR("no memory?");
  sk_push((_STACK*)safes, (char *)authsafe);
  
  /* Make a shrouded key bag */

  p8 = EVP_PKEY2PKCS8 (pkey);
  EVP_PKEY_free(pkey);
  /*PKCS8_add_keyusage(p8, KEY_EX|KEY_SIG);  / * MS needs this? */

pkcs12.c  view on Meta::CPAN

   * write them to pkbio */
  
  for (i = 0; i < sk_num((_STACK*)authsafes); i++) {
    PKCS7* authsafe = (PKCS7*)sk_value((_STACK*)authsafes, i);
    int bagnid = OBJ_obj2nid(authsafe->type);
    
    if (bagnid == NID_pkcs7_data) {
      bags = M_PKCS12_unpack_p7data(authsafe);
    } else if (bagnid == NID_pkcs7_encrypted) {
      /* undo transport armour encryption */
      bags = M_PKCS12_unpack_p7encdata(authsafe, pkcs12_passwd, -1);
    } else continue; /* unrecognized bag type */    
    if (!bags) GOTO_ERR("02 no bags found (is this a PKCS12 file?)");
    
    /* Now iterate over all bags found */
    
    for (j = 0; j < sk_num((_STACK*)bags); j++) {
      PKCS12_SAFEBAG* bag = (PKCS12_SAFEBAG*)sk_value((_STACK*)bags, j);
      
      switch (M_PKCS12_bag_type(bag)) {
      case NID_keyBag:

pkcs12.c  view on Meta::CPAN

  if (!(cbio = BIO_new(BIO_s_mem()))) GOTO_ERR("no memory?");
  
  for (i = 0; i < sk_num ((_STACK*)authsafes); i++) {
    PKCS7* authsafe = (PKCS7*)sk_value((_STACK*)authsafes, i);
    int bagnid = OBJ_obj2nid(authsafe->type);
    
    if (bagnid == NID_pkcs7_data) {
      bags = M_PKCS12_unpack_p7data(authsafe);
    } else if (bagnid == NID_pkcs7_encrypted) {
      /* undo transport armour encryption */
      bags = M_PKCS12_unpack_p7encdata(authsafe, pkcs12_passwd, -1);
    } else continue; /* unrecognized bag type */    
    if (!bags) GOTO_ERR("02 no bags found (is this a PKCS12 file?)");
    
    /* Now iterate over all bags found */
    
    for (j = 0; j < sk_num((_STACK*)bags); j++) {
      EVP_PKEY* pkey;
      PKCS8_PRIV_KEY_INFO *p8;
      PKCS12_SAFEBAG* bag = (PKCS12_SAFEBAG*)sk_value((_STACK*)bags, j);
      

zxid-faq.pd  view on Meta::CPAN

implementation, providing functionality roughly similar to
CardSpace. You can download it from

  http://www.bandit-project.org/index.php/Digital_Me

rpm2cpio digitalme-0.4.1238-2.1.i586.rpm | cpio -di

97.15.2 Setting up IdP account
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

For one InfoCard aware IdP, please see: http://www.cdatazone.org/index.php?/archives/27-Managed-Infocard-Demo.html

1. Register at the IdP site (e.g. https://www.ctindustries.net/icard/index.php)
2. Download the card ("Retrieve Managed Card" link (savea as "cdatamanaged.crd" by default).
3. Install the card to DigitalMe

97.15.3 Yubikey Support
~~~~~~~~~~~~~~~~~~~~~~~

ZXID supports the yubikey USB One Time Password (OTP) tokens from yubico.com.
The token should be personalized such that the prefix of the ticket is the
UID and the remainder is the ticket proper. The AES128 shared secret in hex is
populated in UID/.yk directory. See also zxid-log.pd for description.



( run in 0.232 second using v1.01-cache-2.11-cpan-ec4f86ec37b )