(C) Export a Private Key from an MS Storage Provider

Demonstrates how to export a private key from a Microsoft Storage Provider.

Note: This example requires Chilkat v9.5.0.83 or greater.

Chilkat C/C++ Library Downloads
MS Visual C/C++ Linux/CentOS C/C++ Alpine Linux C/C++ MAC OS X C/C++	armhf/aarch64 C/C++ C++ Builder iOS C/C++ Android C/C++	Solaris C/C++ MinGW C/C++

#include <C_CkCert.h>
#include <C_CkPrivateKey.h>
#include <C_CkKeyContainer.h>

void ChilkatSample(void)
    {
    HCkCert cert;
    BOOL success;
    HCkPrivateKey privKey;
    const char *storageProvider;
    const char *keyName;
    HCkKeyContainer keyCon;
    HCkPrivateKey privKey2;
    BOOL silentFlag;

    // This example requires Chilkat v9.5.0.83 or greater.

    // We'll export a certificate's private key from the MS storage provider.
    // It is assumed the certificate + private key is already installed on the Windows system.
    // The export does not remove the key from the Windows storage provider.

    // First, let's get a certificate in one of the many ways we can do it.
    // (I ran certmgr.msc, opened a certificate, and noted it's thumbprint.)
    cert = CkCert_Create();
    success = CkCert_LoadByThumbprint(cert,"ea5a129c1919a52d238ee28d9f3a8f345b768388","hex");
    if (success == FALSE) {
        printf("%s\n",CkCert_lastErrorText(cert));
        CkCert_Dispose(cert);
        return;
    }

    printf("Found: %s\n",CkCert_subjectDN(cert));

    // First export the private key the easy way.
    privKey = CkCert_ExportPrivateKey(cert);
    if (CkCert_getLastMethodSuccess(cert) == FALSE) {
        printf("%s\n",CkCert_lastErrorText(cert));
        CkCert_Dispose(cert);
        return;
    }

    // OK.. we have the private key.  Do whatever we want with it..

    CkPrivateKey_Dispose(privKey);

    // -------------------------------------------------------------
    // Now let's export in a more roundabout way by getting information about the 
    // storage provider and key name and then we'll export completely independent
    // of the certificate.
    // 
    // Remember: The private key is not contained within the certificate.  An X.509 certificate
    // embeds the public key, but the counterpart private key is stored elsewhere, such
    // as in a .pfx/.p12, or as in this case, in the Windows "protected store", or perhaps on
    // a smartcard or hardware token.  (But a private key stored on a smartcard or token cannot
    // be exported.  It must remain on the hardware.)
    // 

    storageProvider = CkCert_cspName(cert);
    keyName = CkCert_keyContainerName(cert);

    printf("Information about the certificate's private key:\n");
    printf("Storage Provider: %s\n",storageProvider);
    printf("Key Name: %s\n",keyName);

    // Export using just the name of the storage provider and key.
    keyCon = CkKeyContainer_Create();
    privKey2 = CkPrivateKey_Create();
    silentFlag = FALSE;
    success = CkKeyContainer_ExportKey(keyCon,keyName,storageProvider,silentFlag,privKey2);
    if (success == FALSE) {
        printf("%s\n",CkKeyContainer_lastErrorText(keyCon));
        CkCert_Dispose(cert);
        CkKeyContainer_Dispose(keyCon);
        CkPrivateKey_Dispose(privKey2);
        return;
    }

    // OK.. we have the private key in privKey2.  Do whatever we want with it..
    // Perhaps we save as encrypted PKCS8 PEM.
    success = CkPrivateKey_SavePkcs8EncryptedPemFile(privKey2,"myPassword","qa_output/privKey2.pem");
    if (success == FALSE) {
        printf("%s\n",CkPrivateKey_lastErrorText(privKey2));
        CkCert_Dispose(cert);
        CkKeyContainer_Dispose(keyCon);
        CkPrivateKey_Dispose(privKey2);
        return;
    }

    printf("Success.\n");


    CkCert_Dispose(cert);
    CkKeyContainer_Dispose(keyCon);
    CkPrivateKey_Dispose(privKey2);

    }