z/OS Cryptographic Services System SSL Programming
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


gsk_encode_export_certificate()

z/OS Cryptographic Services System SSL Programming
SC14-7495-00

Encodes an X.509 certificate into a DER or PKCS #7 data stream.

Format

   #include <gskcms.h>

   gsk_status gsk_encode_export_certificate (
                                          pkcs_certificate *   subject_certificate,
                                          pkcs_certificates *  issuer_certificates,
                                          gskdb_export_format  format,
                                          gsk_buffer *         stream)

Parameters

subject_certificate
Specifies the certificate.
issuer_certificates
Specifies the certificate chain for the subject certificate.
format
Specifies the export format. These values may be specified:
gskdb_export_der_binary
Binary ASN.1 DER-encoded
gskdb_export_der_base64
Base64 ASN.1 DER-encoded
gskdb_export_pkcs7_binary
Binary PKCS #7 Cryptographic Message Syntax
gskdb_export_pkcs7_base64
Base64 PKCS #7 Cryptographic Message Syntax
stream
Returns the byte stream for the encoded certificate. The application should call the gsk_free_buffer function to release the storage when it is no longer needed.

Results

The function return value will be 0 if no error is detected. Otherwise, it will be one of the return codes listed in the gskcms.h include file. These are some possible errors:
[CMSERR_BAD_RNG_OUTPUT]
In FIPS mode, random bytes generation produced duplicate output.
[CMSERR_FMT_NOT_SUPPORTED]
An unsupported export file stream format is specified.
[CMSERR_NO_MEMORY]
Insufficient storage is available.

Usage

The gsk_encode_export_certificate() function encodes an X.509 certificate using either the ASN.1 DER encoding for the certificate or the Cryptographic Message Syntax (PKCS #7) encoding for the certificate. This can be either the binary value or the Base64 encoding of the binary value. A Base64 encoded stream will be in the local code page and will include the encoding header and footer lines.

The export data stream contains just the requested certificate when the DER format is selected. The export data stream contains the requested certificate and its certification chain when the PKCS #7 format is selected. The certificate chain for the subject certificate is supplied from the pkcs_certificates structure issuer_certificates with the root certificate being the final entry in the array. A partial certification chain will be exported if the complete chain is not supplied in issuer_certificates.

Parent topic: Certificate Management Services (CMS) API reference

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014