Your company here — click to reach over 10,000 unique daily visitors

PKCS12_gen_mac.3ossl - Man Page

Functions to create and manipulate a PKCS#12 structure


 #include <openssl/pkcs12.h>

 int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
                    unsigned char *mac, unsigned int *maclen);
 int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen);
 int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
                    unsigned char *salt, int saltlen, int iter,
                    const EVP_MD *md_type);
 int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
                      int saltlen, const EVP_MD *md_type);


PKCS12_gen_mac() generates an HMAC over the entire PKCS#12 object using the supplied password along with a set of already configured parameters. The default key generation mechanism used is PKCS12KDF.

PKCS12_verify_mac() verifies the PKCS#12 object's HMAC using the supplied password.

PKCS12_setup_mac() sets the MAC part of the PKCS#12 structure with the supplied parameters.

PKCS12_set_mac() sets the MAC and MAC parameters into the PKCS#12 object.

pass is the passphrase to use in the HMAC. salt is the salt value to use, iter is the iteration count and md_type is the message digest function to use.


If salt is NULL then a suitable salt will be generated and used.

If iter is 1 then an iteration count will be omitted from the PKCS#12 structure.

PKCS12_gen_mac(), PKCS12_verify_mac() and PKCS12_set_mac() make assumptions regarding the encoding of the given passphrase. See passphrase-encoding(7) for more information.

Return Values

All functions return 1 on success and 0 if an error occurred.

Conforming to

IETF RFC 7292 (<https://tools.ietf.org/html/rfc7292>)

See Also

d2i_PKCS12(3), EVP_KDF-PKCS12KDF(7), PKCS12_create(3), passphrase-encoding(7)

Referenced By

The man pages PKCS12_set_mac.3ossl(3), PKCS12_setup_mac.3ossl(3) and PKCS12_verify_mac.3ossl(3) are aliases of PKCS12_gen_mac.3ossl(3).

2024-07-09 3.2.2 OpenSSL