Chilkat HOME .NET Core C# Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi ActiveX Delphi DLL Go Java Lianja Mono C# Node.js Objective-C PHP ActiveX PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(Classic ASP) Rewrite PFX using AES256-SHA256Demonstrates how to load a .pfx/.p12, examine the encryption algorithm used, and rewrite using aes256-sha256. Note: This example requires Chilkat v9.5.0.83 or greater.
<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> </head> <body> <% ' This example requires Chilkat v9.5.0.83 or greater. ' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.Pfx") set pfx = Server.CreateObject("Chilkat.Pfx") ' Let's load a .pfx and examine the encryption algorithms used to protect the private key: success = pfx.LoadPfxFile("qa_data/pfx/test_secret.pfx","secret") If (success = 0) Then Response.Write "<pre>" & Server.HTMLEncode( pfx.LastErrorText) & "</pre>" Response.End End If ' Examine the algorithms: ' "pbeWithSHAAnd3_KeyTripleDES_CBC" or "pbes2"? Response.Write "<pre>" & Server.HTMLEncode( "Algorithm: " & pfx.AlgorithmId) & "</pre>" ' If the algorithm is "pbes2" then examine the actual encryption and HMAC algorithms used within pbes2. ' (If the algorithm is NOT "pbes2", then the following properties are meaningless and will not be modified from their previous values prior to loading the PFX.) Response.Write "<pre>" & Server.HTMLEncode( "Pbes2CryptAlg: " & pfx.Pbes2CryptAlg) & "</pre>" Response.Write "<pre>" & Server.HTMLEncode( "Pbes2HmacAlg: " & pfx.Pbes2HmacAlg) & "</pre>" ' Our output so far: ' Algorithm: pbeWithSHAAnd3_KeyTripleDES_CBC ' Pbes2CryptAlg: aes256-cbc ' Pbes2HmacAlg: hmacWithSha256 ' This tells us that the PFX we loaded was protected using triple-DES with SHA1. ' (Most existing .pfx/.p12 files use 3DES w/ SHA1.) ' The Pbes2CryptAlg and Pbes2HmacAlg properties do not apply here because the AlgorithmId is not equal to "pbes2". We can ignore those values. ' Examine the LastJsonData for the call to LoadPfxFile. This gives us information about what is contained in the PFX, including extended attributes. ' json is a Chilkat.JsonObject Set json = pfx.LastJsonData() json.EmitCompact = 0 Response.Write "<pre>" & Server.HTMLEncode( json.Emit()) & "</pre>" ' Here's a sample LastJsonData: ' Use this online tool to generate parsing code from sample JSON: ' Generate Parsing Code from JSON ' { ' "authenticatedSafe": { ' "contentInfo": [ ' { ' "type": "Data", ' "safeBag": [ ' { ' "type": "pkcs8ShroudedKeyBag", ' "attrs": { ' "localKeyId": "16444216", ' "keyContainerName": "{F09B755A-1E90-444D-9851-02B86CA14961}", ' "msStorageProvider": "Microsoft Enhanced Cryptographic Provider v1.0" ' } ' } ' ] ' }, ' { ' "type": "EncryptedData", ' "safeBag": [ ' { ' "type": "certBag", ' "attrs": { ' "localKeyId": "16444216" ' }, ' "subject": "....", ' "serialNumber": "9999999999999999999999999999" ' }, ' { ' "type": "certBag", ' "attrs": { ' "authRootSha256Hash": "0vkOXTXKxNQffUTOZq/4heGBX7M5GFhTqH5mwFyb7x4=", ' "friendlyName": "XYZ", ' "enhKeyUsage": [ ' { ' "oid": "1.3.6.1.5.5.7.3.2", ' "usage": "clientAuth" ' }, ' { ' "oid": "1.3.6.1.5.5.7.3.4", ' "usage": "emailProtection" ' }, ' { ' "oid": "1.3.6.1.5.5.7.3.3", ' "usage": "codeSigning" ' }, ' { ' "oid": "1.3.6.1.5.5.7.3.8", ' "usage": "timeStamping" ' }, ' { ' "oid": "1.3.6.1.4.1.311.10.3.4", ' "usage": "encryptedFileSystem" ' }, ' { ' "oid": "1.3.6.1.5.5.8.2.2", ' "usage": "iKEIntermediate" ' }, ' ' { ' "oid": "1.3.6.1.5.5.7.3.6", ' "usage": "ipsecTunnel" ' }, ' { ' "oid": "1.3.6.1.5.5.7.3.7", ' "usage": "ipsecUser" ' }, ' { ' "oid": "1.3.6.1.5.5.7.3.5", ' "usage": "ipsecEndSystem" ' } ' ] ' }, ' "subject": "...", ' "serialNumber": "8888888888888888888888888888" ' }, ' { ' "type": "certBag", ' "subject": "...", ' "serialNumber": "777777777777777777777777777" ' } ' ] ' } ' ] ' } ' } ' ------------------------------------------------------------------------------------------ ' OK... now let's change the AlgorithmId to "pbes2" pfx.AlgorithmId = "pbes2" ' We already know from above that the PBES2 crypt and HMAC algorithms are "aes256-cbc" and "hmacWithSha256". ' Let's set them anyway just for the example... pfx.Pbes2CryptAlg = "aes256-cbc" pfx.Pbes2HmacAlg = "hmacWithSha256" ' Rewrite the PFX using pbes2/aes256 + sha256 success = pfx.ToFile("secret","qa_output/test_secret_aes256.pfx") If (success = 0) Then Response.Write "<pre>" & Server.HTMLEncode( pfx.LastErrorText) & "</pre>" Response.End End If Response.Write "<pre>" & Server.HTMLEncode( "Success.") & "</pre>" %> </body> </html> |
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.