diff -Naurp openssl-0.9.8e.orig/apps/pkcs12.c openssl-0.9.8e/apps/pkcs12.c --- openssl-0.9.8e.orig/apps/pkcs12.c 2006-12-27 09:39:51.000000000 +0000 +++ openssl-0.9.8e/apps/pkcs12.c 2008-01-23 11:50:58.411520000 +0000 @@ -100,6 +100,7 @@ int MAIN(int argc, char **argv) char **args; char *name = NULL; char *csp_name = NULL; + int LMK = 0; PKCS12 *p12 = NULL; char pass[50], macpass[50]; int export_cert = 0; @@ -221,6 +222,8 @@ int MAIN(int argc, char **argv) args++; name = *args; } else badarg = 1; + } else if (!strcmp (*args, "-LMK")) { + LMK = 1; } else if (!strcmp (*args, "-CSP")) { if (args[1]) { args++; @@ -326,6 +329,7 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-password p set import/export password source\n"); BIO_printf (bio_err, "-passin p input file pass phrase source\n"); BIO_printf (bio_err, "-passout p output file pass phrase source\n"); + BIO_printf (bio_err, "-LMK Add a Microsoft Local Machine Key Set attribute to the pkcs7 bag\n"); #ifndef OPENSSL_NO_ENGINE BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n"); #endif @@ -556,7 +560,9 @@ int MAIN(int argc, char **argv) if (csp_name && key) EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name, MBSTRING_ASC, (unsigned char *)csp_name, -1); - + if (LMK) + EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, + MBSTRING_ASC, (unsigned char *) "", 0); #ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); diff -Naurp openssl-0.9.8e.orig/crypto/objects/objects.txt openssl-0.9.8e/crypto/objects/objects.txt --- openssl-0.9.8e.orig/crypto/objects/objects.txt 2006-12-04 18:48:16.000000000 +0000 +++ openssl-0.9.8e/crypto/objects/objects.txt 2008-01-23 11:50:58.418512000 +0000 @@ -303,6 +303,7 @@ pkcs9 20 : : friendlyName pkcs9 21 : : localKeyID !Cname ms-csp-name 1 3 6 1 4 1 311 17 1 : CSPName : Microsoft CSP Name +1 3 6 1 4 1 311 17 2 : LocalKeySet : Microsoft Local Key set !Alias certTypes pkcs9 22 certTypes 1 : : x509Certificate certTypes 2 : : sdsiCertificate