IBM

IBM PKCS com.ibm.security.pkcs12 Package


[ Programming Guide Home | IBM PKCS Home | Introduction | Packages ]

com.ibm.security.pkcs12

The IBM PKCS package, com.ibm.security.pkcs12, consists of classes to help in creating and manipulating a PFX Protocol Data Unit (PDU), which is a bundling of personal identity information. The pkcs12 package implements version 1.0 of the PKCS #12 standard.

Depending on the action you need to perform, you may need to use one or more of the following classes.

PFX

Use the PFX class for most PFX usage, including creating PFX PDUs that you know will be imported into a browser or that you will send to another party. Also use this class when instantiating PFX PDUs from encodings exported from a browser or received from another party, unless you know that the received PFX is in a format incompatible with browser PFXs (in which case, instantiate a PKCS12PFX object).

Consult the PKCS12Pfx.java file for code samples of how to create a PFX.

Consult the PKCS12PFx.java file for code samples of how to extract information from a PFX.

The sample .java files can be found within docs\pkcs\pkcssamples.jar.

PKCS12PFX

Use the PKCS12PFX class when creating PFX PDUs that adhere to the PKCS #12 standard, but that may exercise options that are not recognized by common Web browsers and other applications. Thus, PKCS #12 PFXs may not be importable into the browser or application.

For example, the data in PKCS #12 PFXs may be unprotected, password-protected or public-key protected. Each data item may be protected in a different manner with a different password or private key. The data in browser-importable PFXs must be either unprotected or password-protected, and all data that is password protected must use the same password. As another example, the data integrity in a PKCS #12 PFX may be unensured, or ensured with a MAC or a digital signature. Data integrity in a browser-importable PFX must be ensured with a MAC and the password used to generate the MAC must be the same as the password used to protect any password-protected data.

The code samples below demonstrate the protection modes in separate examples, but be aware that unprotected, password-protected and public-key protected data can all coexist in the same PFX and the data integrity of that PFX may be ensured with a MAC, a digital signature or neither.

Consult the PKCS12Pkcs12PfxSample1.java file for code samples of how to create a PKCS12PFX object with no data privacy.

Consult the PKCS12Pkcs12PfxSample2.java file for code samples of how to create a PKCS12PFX object with password-based data integrity and privacy.

Consult the PKCS12Pkcs12PfxSample3.java file for code samples of how to create a PKCS12PFX object with public key-based data integrity and privacy.

Consult the PKCS12Pkcs12PfxSample1.java file for code samples of how to extract information from an unprotected PKCS12PFX.

Consult the PKCS12Pkcs12PfxSample2.java file for code samples of how to extract information from a password-protected PKCS12PFX.

Consult the PKCS12Pkcs12PfxSample3.java file for code samples of how to extract information from a public-key protected PKCS12PFX.

All the sample .java files can be found within docs\pkcs\pkcssamples.jar and on a Unix system in docs/pkcs/pkcssamples.jar. Within the jar file there is a src directory containing the source code for the samples.