|
Chilkat • HOME • Android™ • Classic ASP • C • C++ • C# • Mono C# • .NET Core C# • C# UWP/WinRT • DataFlex • Delphi ActiveX • Delphi DLL • Visual FoxPro • Java • Lianja • MFC • Objective-C • Perl • PHP ActiveX • PHP Extension • PowerBuilder • PowerShell • PureBasic • CkPython • Chilkat2-Python • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • Visual Basic 6.0 • VB.NET • VB.NET UWP/WinRT • VBScript • Xojo Plugin • Node.js • Excel • Go
(MFC) Export a Private Key from an MS Storage ProviderDemonstrates how to export a private key from a Microsoft Storage Provider. Note: This example requires Chilkat v9.5.0.83 or greater.
#include <CkCert.h> #include <CkPrivateKey.h> #include <CkKeyContainer.h> void ChilkatSample(void) { CkString strOut; // This example requires Chilkat v9.5.0.83 or greater. // We'll export a certificate's private key from the MS storage provider. // It is assumed the certificate + private key is already installed on the Windows system. // The export does not remove the key from the Windows storage provider. // First, let's get a certificate in one of the many ways we can do it. // (I ran certmgr.msc, opened a certificate, and noted it's thumbprint.) CkCert cert; bool success = cert.LoadByThumbprint("ea5a129c1919a52d238ee28d9f3a8f345b768388","hex"); if (success == false) { strOut.append(cert.lastErrorText()); strOut.append("\r\n"); SetDlgItemText(IDC_EDIT1,strOut.getUnicode()); return; } strOut.append("Found: "); strOut.append(cert.subjectDN()); strOut.append("\r\n"); // First export the private key the easy way. CkPrivateKey *privKey = cert.ExportPrivateKey(); if (cert.get_LastMethodSuccess() == false) { strOut.append(cert.lastErrorText()); strOut.append("\r\n"); SetDlgItemText(IDC_EDIT1,strOut.getUnicode()); return; } // OK.. we have the private key. Do whatever we want with it.. delete privKey; // ------------------------------------------------------------- // Now let's export in a more roundabout way by getting information about the // storage provider and key name and then we'll export completely independent // of the certificate. // // Remember: The private key is not contained within the certificate. An X.509 certificate // embeds the public key, but the counterpart private key is stored elsewhere, such // as in a .pfx/.p12, or as in this case, in the Windows "protected store", or perhaps on // a smartcard or hardware token. (But a private key stored on a smartcard or token cannot // be exported. It must remain on the hardware.) // const char *storageProvider = cert.cspName(); const char *keyName = cert.keyContainerName(); strOut.append("Information about the certificate's private key:"); strOut.append("\r\n"); strOut.append("Storage Provider: "); strOut.append(storageProvider); strOut.append("\r\n"); strOut.append("Key Name: "); strOut.append(keyName); strOut.append("\r\n"); // Export using just the name of the storage provider and key. CkKeyContainer keyCon; CkPrivateKey privKey2; bool silentFlag = false; success = keyCon.ExportKey(keyName,storageProvider,silentFlag,privKey2); if (success == false) { strOut.append(keyCon.lastErrorText()); strOut.append("\r\n"); SetDlgItemText(IDC_EDIT1,strOut.getUnicode()); return; } // OK.. we have the private key in privKey2. Do whatever we want with it.. // Perhaps we save as encrypted PKCS8 PEM. success = privKey2.SavePkcs8EncryptedPemFile("myPassword","qa_output/privKey2.pem"); if (success == false) { strOut.append(privKey2.lastErrorText()); strOut.append("\r\n"); SetDlgItemText(IDC_EDIT1,strOut.getUnicode()); return; } strOut.append("Success."); strOut.append("\r\n"); SetDlgItemText(IDC_EDIT1,strOut.getUnicode()); } |
||||
© 2000-2022 Chilkat Software, Inc. All Rights Reserved.