z/OS Cryptographic Services System SSL Programming
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


gsk_decode_import_key()

z/OS Cryptographic Services System SSL Programming
SC14-7495-00

Decodes certificate and key from PKCS #12-encoded data stream.

Format

   #include <gskcms.h>

   gsk_status gsk_decode_import_key (
                                          gsk_buffer *         stream,
                                          const char *         password,
                                          pkcs_cert_key *      subject_certificate,
                                          pkcs_certificates *  issuer_certificates)

Parameters

stream
Specifies the byte stream of the encoded certificate.
password
Specifies the password for the import file. The password is single-byte EBCDIC in the local code page and must consist of characters which can be represented using 7-bit ASCII (letters, numbers, and punctuation). It may not be an empty string.
subject_certificate
Returns the decoded certificate and key.
issuer_certificates
Returns the decoded certificate chain for the subject certificate.

Results

The function return value will be 0 if no error is detected. Otherwise, it will be one of the return codes listed in the gskcms.h include file. These are some possible errors:
[CMSERR_ALG_NOT_SUPPORTED]
The decryption algorithm is not valid.
[CMSERR_BAD_ENCODING]
The certificate request stream is not valid.
[CMSERR_NO_MEMORY]
Insufficient storage is available.
[CMSERR_NO_IMPORT_CERTIFICATE]
No certificate in input stream.
[CMSERR_PW_INCORRECT]
The password is not correct.

Usage

The gsk_decode_import_key() function decodes a data stream into a pkcs_cert_key structure. The pkcs_cert_key structure subject_certificate returns the subject certificate and key, while the pkcs_certificates structure issuer_certificates returns the certificate chain for the subject certificate (all other certificates not part of the subject certificates chain are discarded). The root certificate for the chain is the final entry in the array.

The certificate and key must have been encoded according to the Personal Information Exchange Syntax (PKCS #12). The supplied stream can be the binary ASN.1 sequence or the Base64 encoding of the ASN.1 sequence. A Base64 encoded stream is assumed to be in the local code page and must include the encoding header and footer lines.

In FIPS mode, the only supported decryption algorithm for the import file is:
  • x509_alg_pbeWithSha1And3DesCbc - Triple DES with SHA-1 digest.
Parent topic: Certificate Management Services (CMS) API reference

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014