pkcs12 import and other improvements
Werner Koch
wk@gnupg.org
Thu Jun 27 09:46:01 2002
Hi!
I have just commited a few changes to NewPG which allows to import a
private key from a PKCS-12 [1] file. It is just a very basic import:
There is some limited support to import a private key from a PCKS-12
file. Note, that this does only import the private key and not any
certificates available in that file. Assume that gpgsm has been
installed in the defualt location, you should do this.
/usr/local/lib/newpg/protect-tool --p12-import --store <file.p12>
This require that the gpg-agent is running, alternative you may give
the passphrase on the commandline using the option "-P <passphrase>"
- however this is in general not a good idea. If that key already
exists, the protect-tool refuses to store it unless you use the
option "--force".
Note that this is no in the recently released tarball. I also fixed
some errors with the pinentry invocation.
As a side-effect you can use of the files agent/simple-pwquery.[ch] to
implement access to the pinentry via a running gpg-agent from your own
programs. These files are more or less self-contained and
configurable in the header file.
Next to come: Passphrase changing and export of private keys in
PKCS-12 format.
Shalom-Salam,
Werner
[1] You might want to read Peter Gutmanm's description of the sucked
PKCS-12 format at http://www.cs.auckland.ac.nz/~pgut001/pubs/pfx.html