Sample code for 30+ languages & platforms
DataFlex

Set .pfx/.p12 Safe Bag Attributes

See more PFX/P12 Examples

Demonstrates how to set safebag attributes in a .pfx/.p12. This example creates a .pfx from a .pem containing a private key and certificates, but also sets PFX safebag attributes before writing the .pfx.

Chilkat DataFlex Downloads

DataFlex
Use ChilkatAx-win32.pkg

Procedure Test
    Boolean iSuccess
    Handle hoPfx
    Handle hoSbPem
    String sPassword
    Boolean iForPrivateKey
    Integer iKeyIdx
    Integer iCertIdx
    Handle hoPfx2
    Variant vJson
    Handle hoJson
    String sTemp1

    Move False To iSuccess

    // We have a PEM containing one private key, and two certificates:
    // The private key is an ECDSA private key.
    // The private key is associated with the 1st certificate.
    // The 2nd certificate is the issuer of the 1st certificate.

    // -----BEGIN PRIVATE KEY-----
    // ME0CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEMzAxAgEBBCDgAn4Dal+0iEhIsYBk
    // 6SdSR344vyj0suhOIxsjmM19s6AKBggqhkjOPQMBBw==
    // -----END PRIVATE KEY-----
    // -----BEGIN CERTIFICATE-----
    // MIIBXzCCAQSgAwIBAgIUGp2obfF61BG7QTsqpyT+VvxxJC0wCgYIKoZIzj0EAwIw
    // DTELMAkGA1UEAwwCQ0EwHhcNMjAwMzI5MTU1MTEwWhcNMzAwMzI3MTU1MTEwWjAN
    // MQswCQYDVQQDDAJFRTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEil+DhBUss8
    // kMCjEWvZHA+jdy1mQ76a2HFd+5p+AcFGQxNeG8/HXZax7FFzcrczWrli25R8P8j1
    // cqhwPY4HtwujQjBAMB0GA1UdDgQWBBTenwm6x4A4W5BzZ2OckKA2IFtPSTAfBgNV
    // HSMEGDAWgBTx1U/gWiRhAASl6FV04DxP3XmcazAKBggqhkjOPQQDAgNJADBGAiEA
    // rkqbz5t1M/CjqXSKE5ebBLQ3npF+q7GRC8C2ovDi/xoCIQDGve7OP/ppIDcCNonr
    // +WSRf5M/6Wvw1lnEsAXf3nLTeQ==
    // -----END CERTIFICATE-----
    // -----BEGIN CERTIFICATE-----
    // MIIBcDCCARWgAwIBAgIUAnQiKKy/PdLnH0A6vYKBq21w1JAwCgYIKoZIzj0EAwIw
    // DTELMAkGA1UEAwwCQ0EwHhcNMjAwMzI5MTU1MTEwWhcNMzAwMzI3MTU1MTEwWjAN
    // MQswCQYDVQQDDAJDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPB6yVvqt8cL
    // EneRtnjoi87H0ATi+JP1w2qkz4GLOaPtFxAnV0LdQCuN91SGbAlKrSkhFyWWimjh
    // Rqe9+b/1WCijUzBRMB0GA1UdDgQWBBTx1U/gWiRhAASl6FV04DxP3XmcazAfBgNV
    // HSMEGDAWgBTx1U/gWiRhAASl6FV04DxP3XmcazAPBgNVHRMBAf8EBTADAQH/MAoG
    // CCqGSM49BAMCA0kAMEYCIQCcIfssfrOruVYvqhxbLGeyc5ppEX53zUU35wIE2t7C
    // fAIhAKhOTEvN+pdEn+cNwW3AEi7D08ZUQx3P80i4EnFPs0OQ
    // -----END CERTIFICATE-----

    Get Create (RefClass(cComChilkatPfx)) To hoPfx
    If (Not(IsComObjectCreated(hoPfx))) Begin
        Send CreateComObject of hoPfx
    End
    Get Create (RefClass(cComChilkatStringBuilder)) To hoSbPem
    If (Not(IsComObjectCreated(hoSbPem))) Begin
        Send CreateComObject of hoSbPem
    End
    Get ComLoadFile Of hoSbPem "qa_data/pfx/test_ecdsa.pem" "utf-8" To iSuccess
    If (iSuccess = False) Begin
        Showln "Failed to load the PEM file."
        Procedure_Return
    End

    // The PEM in this example is unencrypted.  There is no password.
    Move "" To sPassword
    Get ComGetAsString Of hoSbPem To sTemp1
    Get ComLoadPem Of hoPfx sTemp1 sPassword To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoPfx To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // Let's add some safebag attributes for the private key...
    Move True To iForPrivateKey
    Move 0 To iKeyIdx
    Get ComSetSafeBagAttr Of hoPfx iForPrivateKey iKeyIdx "localKeyId" "16777216" "decimal" To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoPfx To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    Get ComSetSafeBagAttr Of hoPfx iForPrivateKey iKeyIdx "keyContainerName" "{B99EB9E7-6AF7-42AF-A43A-D4B2225B7605}" "ascii" To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoPfx To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    Get ComSetSafeBagAttr Of hoPfx iForPrivateKey iKeyIdx "storageProvider" "Microsoft Software Key Storage Provider" "ascii" To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoPfx To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // Add the localKeyId safebag attribute to the 1st certificate.
    Move False To iForPrivateKey
    Move 0 To iCertIdx
    Get ComSetSafeBagAttr Of hoPfx iForPrivateKey iCertIdx "localKeyId" "16777216" "decimal" To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoPfx To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // Write the pfx.
    Get ComToFile Of hoPfx "secret" "qa_output/ee.pfx" To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoPfx To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // Let's load the .pfx we just wrote to see if the safebag attributes exist.
    Get Create (RefClass(cComChilkatPfx)) To hoPfx2
    If (Not(IsComObjectCreated(hoPfx2))) Begin
        Send CreateComObject of hoPfx2
    End
    Get ComLoadPfxFile Of hoPfx2 "qa_output/ee.pfx" "secret" To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoPfx2 To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // Information about the contents of the PFX was collected in the call to LoadPfxFile.
    Get Create (RefClass(cComChilkatJsonObject)) To hoJson
    If (Not(IsComObjectCreated(hoJson))) Begin
        Send CreateComObject of hoJson
    End
    Get pvComObject of hoJson to vJson
    Send ComGetLastJsonData To hoPfx2 vJson

    Set ComEmitCompact Of hoJson To False
    Get ComEmit Of hoJson To sTemp1
    Showln sTemp1

    // Shows what's in the PFX just loaded:

    // {
    //   "authenticatedSafe": {
    //     "contentInfo": [
    //       {
    //         "type": "Data",
    //         "safeBag": [
    //           {
    //             "type": "pkcs8ShroudedKeyBag",
    //             "attrs": {
    //               "keyContainerName": "{B99EB9E7-6AF7-42AF-A43A-D4B2225B7605}",
    //               "msStorageProvider": "Microsoft Software Key Storage Provider",
    //               "localKeyId": "16777216"
    //             }
    //           }
    //         ]
    //       },
    //       {
    //         "type": "EncryptedData",
    //         "safeBag": [
    //           {
    //             "type": "certBag",
    //             "attrs": {
    //               "localKeyId": "16777216"
    //             },
    //             "subject": "EE",
    //             "serialNumber": "1a9da86df17ad411bb413b2aa724fe56fc71242d"
    //           },
    //           {
    //             "type": "certBag",
    //             "subject": "CA",
    //             "serialNumber": "02742228acbf3dd2e71f403abd8281ab6d70d490"
    //           }
    //         ]
    //       }
    //     ]
    //   }
    // }


End_Procedure