(AutoIt) Set .pfx/.p12 Safe Bag Attributes

Demonstrates how to set safebag attributes in a .pfx/.p12. This example creates a .pfx from a .pem containing a private key and certificates, but also sets PFX safebag attributes before writing the .pfx.

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows

; We have a PEM containing one private key, and two certificates:
; The private key is an ECDSA private key.
; The private key is associated with the 1st certificate.
; The 2nd certificate is the issuer of the 1st certificate.

; -----BEGIN PRIVATE KEY-----
; ME0CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEMzAxAgEBBCDgAn4Dal+0iEhIsYBk
; 6SdSR344vyj0suhOIxsjmM19s6AKBggqhkjOPQMBBw==
; -----END PRIVATE KEY-----
; -----BEGIN CERTIFICATE-----
; MIIBXzCCAQSgAwIBAgIUGp2obfF61BG7QTsqpyT+VvxxJC0wCgYIKoZIzj0EAwIw
; DTELMAkGA1UEAwwCQ0EwHhcNMjAwMzI5MTU1MTEwWhcNMzAwMzI3MTU1MTEwWjAN
; MQswCQYDVQQDDAJFRTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEil+DhBUss8
; kMCjEWvZHA+jdy1mQ76a2HFd+5p+AcFGQxNeG8/HXZax7FFzcrczWrli25R8P8j1
; cqhwPY4HtwujQjBAMB0GA1UdDgQWBBTenwm6x4A4W5BzZ2OckKA2IFtPSTAfBgNV
; HSMEGDAWgBTx1U/gWiRhAASl6FV04DxP3XmcazAKBggqhkjOPQQDAgNJADBGAiEA
; rkqbz5t1M/CjqXSKE5ebBLQ3npF+q7GRC8C2ovDi/xoCIQDGve7OP/ppIDcCNonr
; +WSRf5M/6Wvw1lnEsAXf3nLTeQ==
; -----END CERTIFICATE-----
; -----BEGIN CERTIFICATE-----
; MIIBcDCCARWgAwIBAgIUAnQiKKy/PdLnH0A6vYKBq21w1JAwCgYIKoZIzj0EAwIw
; DTELMAkGA1UEAwwCQ0EwHhcNMjAwMzI5MTU1MTEwWhcNMzAwMzI3MTU1MTEwWjAN
; MQswCQYDVQQDDAJDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPB6yVvqt8cL
; EneRtnjoi87H0ATi+JP1w2qkz4GLOaPtFxAnV0LdQCuN91SGbAlKrSkhFyWWimjh
; Rqe9+b/1WCijUzBRMB0GA1UdDgQWBBTx1U/gWiRhAASl6FV04DxP3XmcazAfBgNV
; HSMEGDAWgBTx1U/gWiRhAASl6FV04DxP3XmcazAPBgNVHRMBAf8EBTADAQH/MAoG
; CCqGSM49BAMCA0kAMEYCIQCcIfssfrOruVYvqhxbLGeyc5ppEX53zUU35wIE2t7C
; fAIhAKhOTEvN+pdEn+cNwW3AEi7D08ZUQx3P80i4EnFPs0OQ
; -----END CERTIFICATE-----

$oPfx = ObjCreate("Chilkat.Pfx")
$oSbPem = ObjCreate("Chilkat.StringBuilder")
Local $bSuccess = $oSbPem.LoadFile("qa_data/pfx/test_ecdsa.pem","utf-8")
If ($bSuccess = False) Then
    ConsoleWrite("Failed to load the PEM file." & @CRLF)
    Exit
EndIf

; The PEM in this example is unencrypted.  There is no password.
Local $sPassword = ""
$bSuccess = $oPfx.LoadPem($oSbPem.GetAsString(),$sPassword)
If ($bSuccess = False) Then
    ConsoleWrite($oPfx.LastErrorText & @CRLF)
    Exit
EndIf

; Let's add some safebag attributes for the private key...
Local $bForPrivateKey = True
Local $iKeyIdx = 0
$bSuccess = $oPfx.SetSafeBagAttr($bForPrivateKey,$iKeyIdx,"localKeyId","16777216","decimal")
If ($bSuccess = False) Then
    ConsoleWrite($oPfx.LastErrorText & @CRLF)
    Exit
EndIf

$bSuccess = $oPfx.SetSafeBagAttr($bForPrivateKey,$iKeyIdx,"keyContainerName","{B99EB9E7-6AF7-42AF-A43A-D4B2225B7605}","ascii")
If ($bSuccess = False) Then
    ConsoleWrite($oPfx.LastErrorText & @CRLF)
    Exit
EndIf

$bSuccess = $oPfx.SetSafeBagAttr($bForPrivateKey,$iKeyIdx,"storageProvider","Microsoft Software Key Storage Provider","ascii")
If ($bSuccess = False) Then
    ConsoleWrite($oPfx.LastErrorText & @CRLF)
    Exit
EndIf

; Add the localKeyId safebag attribute to the 1st certificate.
$bForPrivateKey = False
Local $iCertIdx = 0
$bSuccess = $oPfx.SetSafeBagAttr($bForPrivateKey,$iCertIdx,"localKeyId","16777216","decimal")
If ($bSuccess = False) Then
    ConsoleWrite($oPfx.LastErrorText & @CRLF)
    Exit
EndIf

; Write the pfx.
$bSuccess = $oPfx.ToFile("secret","qa_output/ee.pfx")
If ($bSuccess = False) Then
    ConsoleWrite($oPfx.LastErrorText & @CRLF)
    Exit
EndIf

; Let's load the .pfx we just wrote to see if the safebag attributes exist.
$oPfx2 = ObjCreate("Chilkat.Pfx")
$bSuccess = $oPfx2.LoadPfxFile("qa_output/ee.pfx","secret")
If ($bSuccess = False) Then
    ConsoleWrite($oPfx2.LastErrorText & @CRLF)
    Exit
EndIf

; After calling LoadPfxFile, the LastJsonData shows what's in the loaded PFX.
Local $oJson = $oPfx2.LastJsonData()
$oJson.EmitCompact = False
ConsoleWrite($oJson.Emit() & @CRLF)

; The LastJsonData shows what's in the PFX just loaded:

; {
;   "authenticatedSafe": {
;     "contentInfo": [
;       {
;         "type": "Data",
;         "safeBag": [
;           {
;             "type": "pkcs8ShroudedKeyBag",
;             "attrs": {
;               "keyContainerName": "{B99EB9E7-6AF7-42AF-A43A-D4B2225B7605}",
;               "msStorageProvider": "Microsoft Software Key Storage Provider",
;               "localKeyId": "16777216"
;             }
;           }
;         ]
;       },
;       {
;         "type": "EncryptedData",
;         "safeBag": [
;           {
;             "type": "certBag",
;             "attrs": {
;               "localKeyId": "16777216"
;             },
;             "subject": "EE",
;             "serialNumber": "1a9da86df17ad411bb413b2aa724fe56fc71242d"
;           },
;           {
;             "type": "certBag",
;             "subject": "CA",
;             "serialNumber": "02742228acbf3dd2e71f403abd8281ab6d70d490"
;           }
;         ]
;       }
;     ]
;   }
; }