DataFlex
DataFlex
Set .pfx/.p12 Safe Bag Attributes
See more PFX/P12 Examples
Demonstrates how to set safebag attributes in a .pfx/.p12. This example creates a .pfx from a .pem containing a private key and certificates, but also sets PFX safebag attributes before writing the .pfx.Chilkat DataFlex Downloads
Use ChilkatAx-win32.pkg
Procedure Test
Boolean iSuccess
Handle hoPfx
Handle hoSbPem
String sPassword
Boolean iForPrivateKey
Integer iKeyIdx
Integer iCertIdx
Handle hoPfx2
Variant vJson
Handle hoJson
String sTemp1
Move False To iSuccess
// We have a PEM containing one private key, and two certificates:
// The private key is an ECDSA private key.
// The private key is associated with the 1st certificate.
// The 2nd certificate is the issuer of the 1st certificate.
// -----BEGIN PRIVATE KEY-----
// ME0CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEMzAxAgEBBCDgAn4Dal+0iEhIsYBk
// 6SdSR344vyj0suhOIxsjmM19s6AKBggqhkjOPQMBBw==
// -----END PRIVATE KEY-----
// -----BEGIN CERTIFICATE-----
// MIIBXzCCAQSgAwIBAgIUGp2obfF61BG7QTsqpyT+VvxxJC0wCgYIKoZIzj0EAwIw
// DTELMAkGA1UEAwwCQ0EwHhcNMjAwMzI5MTU1MTEwWhcNMzAwMzI3MTU1MTEwWjAN
// MQswCQYDVQQDDAJFRTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEil+DhBUss8
// kMCjEWvZHA+jdy1mQ76a2HFd+5p+AcFGQxNeG8/HXZax7FFzcrczWrli25R8P8j1
// cqhwPY4HtwujQjBAMB0GA1UdDgQWBBTenwm6x4A4W5BzZ2OckKA2IFtPSTAfBgNV
// HSMEGDAWgBTx1U/gWiRhAASl6FV04DxP3XmcazAKBggqhkjOPQQDAgNJADBGAiEA
// rkqbz5t1M/CjqXSKE5ebBLQ3npF+q7GRC8C2ovDi/xoCIQDGve7OP/ppIDcCNonr
// +WSRf5M/6Wvw1lnEsAXf3nLTeQ==
// -----END CERTIFICATE-----
// -----BEGIN CERTIFICATE-----
// MIIBcDCCARWgAwIBAgIUAnQiKKy/PdLnH0A6vYKBq21w1JAwCgYIKoZIzj0EAwIw
// DTELMAkGA1UEAwwCQ0EwHhcNMjAwMzI5MTU1MTEwWhcNMzAwMzI3MTU1MTEwWjAN
// MQswCQYDVQQDDAJDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPB6yVvqt8cL
// EneRtnjoi87H0ATi+JP1w2qkz4GLOaPtFxAnV0LdQCuN91SGbAlKrSkhFyWWimjh
// Rqe9+b/1WCijUzBRMB0GA1UdDgQWBBTx1U/gWiRhAASl6FV04DxP3XmcazAfBgNV
// HSMEGDAWgBTx1U/gWiRhAASl6FV04DxP3XmcazAPBgNVHRMBAf8EBTADAQH/MAoG
// CCqGSM49BAMCA0kAMEYCIQCcIfssfrOruVYvqhxbLGeyc5ppEX53zUU35wIE2t7C
// fAIhAKhOTEvN+pdEn+cNwW3AEi7D08ZUQx3P80i4EnFPs0OQ
// -----END CERTIFICATE-----
Get Create (RefClass(cComChilkatPfx)) To hoPfx
If (Not(IsComObjectCreated(hoPfx))) Begin
Send CreateComObject of hoPfx
End
Get Create (RefClass(cComChilkatStringBuilder)) To hoSbPem
If (Not(IsComObjectCreated(hoSbPem))) Begin
Send CreateComObject of hoSbPem
End
Get ComLoadFile Of hoSbPem "qa_data/pfx/test_ecdsa.pem" "utf-8" To iSuccess
If (iSuccess = False) Begin
Showln "Failed to load the PEM file."
Procedure_Return
End
// The PEM in this example is unencrypted. There is no password.
Move "" To sPassword
Get ComGetAsString Of hoSbPem To sTemp1
Get ComLoadPem Of hoPfx sTemp1 sPassword To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoPfx To sTemp1
Showln sTemp1
Procedure_Return
End
// Let's add some safebag attributes for the private key...
Move True To iForPrivateKey
Move 0 To iKeyIdx
Get ComSetSafeBagAttr Of hoPfx iForPrivateKey iKeyIdx "localKeyId" "16777216" "decimal" To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoPfx To sTemp1
Showln sTemp1
Procedure_Return
End
Get ComSetSafeBagAttr Of hoPfx iForPrivateKey iKeyIdx "keyContainerName" "{B99EB9E7-6AF7-42AF-A43A-D4B2225B7605}" "ascii" To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoPfx To sTemp1
Showln sTemp1
Procedure_Return
End
Get ComSetSafeBagAttr Of hoPfx iForPrivateKey iKeyIdx "storageProvider" "Microsoft Software Key Storage Provider" "ascii" To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoPfx To sTemp1
Showln sTemp1
Procedure_Return
End
// Add the localKeyId safebag attribute to the 1st certificate.
Move False To iForPrivateKey
Move 0 To iCertIdx
Get ComSetSafeBagAttr Of hoPfx iForPrivateKey iCertIdx "localKeyId" "16777216" "decimal" To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoPfx To sTemp1
Showln sTemp1
Procedure_Return
End
// Write the pfx.
Get ComToFile Of hoPfx "secret" "qa_output/ee.pfx" To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoPfx To sTemp1
Showln sTemp1
Procedure_Return
End
// Let's load the .pfx we just wrote to see if the safebag attributes exist.
Get Create (RefClass(cComChilkatPfx)) To hoPfx2
If (Not(IsComObjectCreated(hoPfx2))) Begin
Send CreateComObject of hoPfx2
End
Get ComLoadPfxFile Of hoPfx2 "qa_output/ee.pfx" "secret" To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoPfx2 To sTemp1
Showln sTemp1
Procedure_Return
End
// Information about the contents of the PFX was collected in the call to LoadPfxFile.
Get Create (RefClass(cComChilkatJsonObject)) To hoJson
If (Not(IsComObjectCreated(hoJson))) Begin
Send CreateComObject of hoJson
End
Get pvComObject of hoJson to vJson
Send ComGetLastJsonData To hoPfx2 vJson
Set ComEmitCompact Of hoJson To False
Get ComEmit Of hoJson To sTemp1
Showln sTemp1
// Shows what's in the PFX just loaded:
// {
// "authenticatedSafe": {
// "contentInfo": [
// {
// "type": "Data",
// "safeBag": [
// {
// "type": "pkcs8ShroudedKeyBag",
// "attrs": {
// "keyContainerName": "{B99EB9E7-6AF7-42AF-A43A-D4B2225B7605}",
// "msStorageProvider": "Microsoft Software Key Storage Provider",
// "localKeyId": "16777216"
// }
// }
// ]
// },
// {
// "type": "EncryptedData",
// "safeBag": [
// {
// "type": "certBag",
// "attrs": {
// "localKeyId": "16777216"
// },
// "subject": "EE",
// "serialNumber": "1a9da86df17ad411bb413b2aa724fe56fc71242d"
// },
// {
// "type": "certBag",
// "subject": "CA",
// "serialNumber": "02742228acbf3dd2e71f403abd8281ab6d70d490"
// }
// ]
// }
// ]
// }
// }
End_Procedure