C++
C++
Generate a CSR with keyUsage, extKeyUsage, and other Extensions
See more CSR Examples
Demonstrates how to generate a CSR containing a 1.2.840.113549.1.9.14 extensionRequest with the following extensions:- 1.3.6.1.4.1.311.20.2 enrollCerttypeExtension
- 2.5.29.15 keyUsage
- 2.5.29.37 extKeyUsage
- 2.5.29.14 subjectKeyIdentifier
Chilkat C++ Downloads
#include <CkEcc.h>
#include <CkPrng.h>
#include <CkPrivateKey.h>
#include <CkCsr.h>
#include <CkBinData.h>
#include <CkXml.h>
#include <CkPublicKey.h>
void ChilkatSample(void)
{
bool success = false;
// This requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// This example will generate a secp256r1 ECDSA key for the CSR.
CkEcc ecc;
CkPrng prng;
CkPrivateKey privKey;
success = ecc.GenKey("secp256r1",prng,privKey);
if (success == false) {
std::cout << "Failed to generate a new ECDSA private key." << "\r\n";
return;
}
CkCsr csr;
// Add common CSR fields:
csr.put_CommonName("mysubdomain.mydomain.com");
csr.put_Country("GB");
csr.put_State("Yorks");
csr.put_Locality("York");
csr.put_Company("Internet Widgits Pty Ltd");
csr.put_EmailAddress("support@mydomain.com");
// Add the following 1.2.840.113549.1.9.14 extensionRequest
// Note: The easiest way to know the content and format of the XML to be added is to examine
// a pre-existing CSR with the same desired extensionRequest. You can use Chilkat to
// get the extensionRequest from an existing CSR.
//
// Here is a sample extension request:
// <?xml version="1.0" encoding="utf-8"?>
// <set>
// <sequence>
// <sequence>
// <oid>1.3.6.1.4.1.311.20.2</oid>
// <asnOctets>
// <universal tag="30" constructed="0">AEUAbgBkAEUAbgB0AGkAdAB5AEMAbABpAGUAbgB0AEEAdQB0AGgAQwBlAHIAdABpAGYAaQBjAGEAdABl
// AF8AQwBTAFIAUABhAHMAcwB0AGgAcgBvAHUAZwBoAC8AVgAx</universal>
// </asnOctets>
// </sequence>
// <sequence>
// <oid>2.5.29.15</oid>
// <bool>1</bool>
// <asnOctets>
// <bits n="3">A0</bits>
// </asnOctets>
// </sequence>
// <sequence>
// <oid>2.5.29.37</oid>
// <asnOctets>
// <sequence>
// <oid>1.3.6.1.5.5.7.3.3</oid>
// </sequence>
// </asnOctets>
// </sequence>
// <sequence>
// <oid>2.5.29.14</oid>
// <asnOctets>
// <octets>MCzBMQAViXBz8IDt8LsgmJxJ4Xg=</octets>
// </asnOctets>
// </sequence>
// </sequence>
// </set>
// Use this online tool to generate code from sample XML:
// Generate Code to Create XML
// A few notes:
// The string "AEUAbgBkAEUAbgB0AGkAdAB5AEMAbABpAGUAbgB0AEEAdQB0AGgAQwBlAHIAdABpAGYAaQBjAGEAdABlAF8AQwBTAFIAUABhAHMAcwB0AGgAcgBvAHUAZwBoAC8AVgAx"
// is the base64 encoding of the utf-16be byte representation of the string "EndEntityClientAuthCertificate_CSRPassthrough/V1"
const char *s = "EndEntityClientAuthCertificate_CSRPassthrough/V1";
CkBinData bdTemp;
bdTemp.AppendString(s,"utf-16be");
const char *s_base64_utf16be = bdTemp.getEncoded("base64");
// The string should be "AEUA....."
std::cout << s_base64_utf16be << "\r\n";
// Here's the code to generate the above extension request.
CkXml xml;
xml.put_Tag("set");
xml.UpdateChildContent("sequence|sequence|oid","1.3.6.1.4.1.311.20.2");
xml.UpdateAttrAt("sequence|sequence|asnOctets|universal",true,"tag","30");
xml.UpdateAttrAt("sequence|sequence|asnOctets|universal",true,"constructed","0");
xml.UpdateChildContent("sequence|sequence|asnOctets|universal",s_base64_utf16be);
xml.UpdateChildContent("sequence|sequence[1]|oid","2.5.29.15");
xml.UpdateChildContent("sequence|sequence[1]|bool","1");
xml.UpdateAttrAt("sequence|sequence[1]|asnOctets|bits",true,"n","3");
// A0 is hex for decimal 160.
xml.UpdateChildContent("sequence|sequence[1]|asnOctets|bits","A0");
xml.UpdateChildContent("sequence|sequence[2]|oid","2.5.29.37");
xml.UpdateChildContent("sequence|sequence[2]|asnOctets|sequence|oid","1.3.6.1.5.5.7.3.3");
// This is the subjectKeyIdentifier extension.
// The string "MCzBMQAViXBz8IDt8LsgmJxJ4Xg=" is base64 that decodes to 20 bytes, which is a SHA1 hash.
// This is simply a hash of the DER of the public key.
CkPublicKey pubKey;
privKey.ToPublicKey(pubKey);
CkBinData bdPubKeyDer;
bdPubKeyDer.AppendEncoded(pubKey.getEncoded(true,"base64"),"base64");
const char *ski = bdPubKeyDer.getHash("sha1","base64");
xml.UpdateChildContent("sequence|sequence[3]|oid","2.5.29.14");
xml.UpdateChildContent("sequence|sequence[3]|asnOctets|octets",ski);
// Add the extension request to the CSR
csr.SetExtensionRequest(xml);
// Generate the CSR with the extension request
const char *csrPem = csr.genCsrPem(privKey);
if (csr.get_LastMethodSuccess() == false) {
std::cout << csr.lastErrorText() << "\r\n";
return;
}
std::cout << csrPem << "\r\n";
}