This section describes the implementation of PKCS#12 specification library. However we do not describe PKCS#12 itself and I don't think it is necessary to know it if you just want to use it.
This library provides procedures for PKCS#12 operations.
The example shows how to use keystore APIs:
(import (rnrs) (rsa pkcs :12))
(define keystore (load-pkcs12-keystore-file "keystore.p12" "pass"))
(pkcs12-keystore-get-key keystore "key-name" "key-pass")
;; -> <private-key>
(pkcs12-keystore-get-certificate keystore "cert-name")
;; -> <x509-certificate>
;; certs are list of X509 certificate associated with given private-key
(pkcs12-keystore-set-key! keystore "key-name2" private-key "key-pass2" certs)
;; cert must be an X509 certificate
(pkcs12-keystore-set-certificate! keystore "cert-name2" cert)
(store-pkcs12-keystore-to-file keystore "keystore2.p12" "pass2")
PKCS#12 keystore class.
Returns #t if given obj is PKCS#12 keystore object, otherwise #f.
Returns newly created PKCS#12 keystore object.
Loads PKCS#12 keystore from given input-port or file and returns newly created keystore object.
The load-pkcs12-keystore loads from given binary input port.
The load-pkcs12-keystore-file loads from given file.
storepass must be a string and a password for given keystore.
Retrives a private key associated with alias from keystore. If there is no key entry associated with alias then #f is returned.
alias must be a string.
keypass must be a string. It is used to decrypt the private key and it is not allowed to pass empty password.
Retrives a certificate associated with alias from keystore. If there is no certificate entry associated with alias then #f is returned.
alias must be a string.
Retrives certificate chain associated with given key alias _alias_from keystore. If there is no certificate chain then '() is
returned.
alias must be a string.
Returns #t if keystore contains alias. Otherwise #f.
Writes given keystore to output-port or file.
The store-pkcs12-keystore writes to given binary output port
output-port.
The store-pkcs12-keystore-to-file writes to given file file.
storepass must be a string and is used to encrypt whole contents.
alias must be a string represents the name of private-key in the keystore.
private-key must be an RSA private key.
key-pass must be a string and is used to encrypt given private-key.
certs must be a list of X509 certificates which associated with private-key.
Stores given private-key to keystore.
The implementation allows users to set separate password from storepass. Be aware that current implementation of Bouncy Castle JCE uses the same password as storepass to encrypt a private key. Thus if you use different password, then it is not compatible with Bouncy Castle.
alias must be a string represents the name of cert in keystore.
cert must be an X509 certificate.
Stores given cert to keystore.
alias must be a string.
Removes the entry associated with alias in keystore.
Returns all defined names in keystore.