diff -Naurp openssl-0.9.8g.orig/apps/pkcs12.c openssl-0.9.8g/apps/pkcs12.c --- openssl-0.9.8g.orig/apps/pkcs12.c 2007-09-06 13:43:45.000000000 +0100 +++ openssl-0.9.8g/apps/pkcs12.c 2008-01-23 12:22:39.103075000 +0000 @@ -100,6 +100,7 @@ int MAIN(int argc, char **argv) char **args; char *name = NULL; char *csp_name = NULL; + int LMK = 0; PKCS12 *p12 = NULL; char pass[50], macpass[50]; int export_cert = 0; @@ -224,6 +225,8 @@ int MAIN(int argc, char **argv) args++; name = *args; } else badarg = 1; + } else if (!strcmp (*args, "-LMK")) { + LMK = 1; } else if (!strcmp (*args, "-CSP")) { if (args[1]) { args++; @@ -332,6 +335,7 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-password p set import/export password source\n"); BIO_printf (bio_err, "-passin p input file pass phrase source\n"); BIO_printf (bio_err, "-passout p output file pass phrase source\n"); + BIO_printf (bio_err, "-LMK Add a Microsoft Local Machine Key Set attribute to the pkcs7 bag\n"); #ifndef OPENSSL_NO_ENGINE BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n"); #endif @@ -562,7 +566,9 @@ int MAIN(int argc, char **argv) if (csp_name && key) EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name, MBSTRING_ASC, (unsigned char *)csp_name, -1); - + if (LMK) + EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, + MBSTRING_ASC, (unsigned char *) "", 0); #ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); diff -Naurp openssl-0.9.8g.orig/crypto/objects/objects.txt openssl-0.9.8g/crypto/objects/objects.txt --- openssl-0.9.8g.orig/crypto/objects/objects.txt 2007-04-24 00:50:08.000000000 +0100 +++ openssl-0.9.8g/crypto/objects/objects.txt 2008-01-23 12:22:39.109072000 +0000 @@ -303,6 +303,7 @@ pkcs9 20 : : friendlyName pkcs9 21 : : localKeyID !Cname ms-csp-name 1 3 6 1 4 1 311 17 1 : CSPName : Microsoft CSP Name +1 3 6 1 4 1 311 17 2 : LocalKeySet : Microsoft Local Key set !Alias certTypes pkcs9 22 certTypes 1 : : x509Certificate certTypes 2 : : sdsiCertificate