|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(Delphi DLL) Export a Private Key from an MS Storage ProviderDemonstrates how to export a private key from a Microsoft Storage Provider. Note: This example requires Chilkat v9.5.0.83 or greater.
uses Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics, Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, PrivateKey, KeyContainer, Cert; ... procedure TForm1.Button1Click(Sender: TObject); var cert: HCkCert; success: Boolean; privKey: HCkPrivateKey; storageProvider: PWideChar; keyName: PWideChar; keyCon: HCkKeyContainer; privKey2: HCkPrivateKey; silentFlag: Boolean; begin // This example requires Chilkat v9.5.0.83 or greater. // We'll export a certificate's private key from the MS storage provider. // It is assumed the certificate + private key is already installed on the Windows system. // The export does not remove the key from the Windows storage provider. // First, let's get a certificate in one of the many ways we can do it. // (I ran certmgr.msc, opened a certificate, and noted it's thumbprint.) cert := CkCert_Create(); success := CkCert_LoadByThumbprint(cert,'ea5a129c1919a52d238ee28d9f3a8f345b768388','hex'); if (success = False) then begin Memo1.Lines.Add(CkCert__lastErrorText(cert)); Exit; end; Memo1.Lines.Add('Found: ' + CkCert__subjectDN(cert)); // First export the private key the easy way. privKey := CkCert_ExportPrivateKey(cert); if (CkCert_getLastMethodSuccess(cert) = False) then begin Memo1.Lines.Add(CkCert__lastErrorText(cert)); Exit; end; // OK.. we have the private key. Do whatever we want with it.. CkPrivateKey_Dispose(privKey); // ------------------------------------------------------------- // Now let's export in a more roundabout way by getting information about the // storage provider and key name and then we'll export completely independent // of the certificate. // // Remember: The private key is not contained within the certificate. An X.509 certificate // embeds the public key, but the counterpart private key is stored elsewhere, such // as in a .pfx/.p12, or as in this case, in the Windows "protected store", or perhaps on // a smartcard or hardware token. (But a private key stored on a smartcard or token cannot // be exported. It must remain on the hardware.) // storageProvider := CkCert__cspName(cert); keyName := CkCert__keyContainerName(cert); Memo1.Lines.Add('Information about the certificate''s private key:'); Memo1.Lines.Add('Storage Provider: ' + storageProvider); Memo1.Lines.Add('Key Name: ' + keyName); // Export using just the name of the storage provider and key. keyCon := CkKeyContainer_Create(); privKey2 := CkPrivateKey_Create(); silentFlag := False; success := CkKeyContainer_ExportKey(keyCon,keyName,storageProvider,silentFlag,privKey2); if (success = False) then begin Memo1.Lines.Add(CkKeyContainer__lastErrorText(keyCon)); Exit; end; // OK.. we have the private key in privKey2. Do whatever we want with it.. // Perhaps we save as encrypted PKCS8 PEM. success := CkPrivateKey_SavePkcs8EncryptedPemFile(privKey2,'myPassword','qa_output/privKey2.pem'); if (success = False) then begin Memo1.Lines.Add(CkPrivateKey__lastErrorText(privKey2)); Exit; end; Memo1.Lines.Add('Success.'); CkCert_Dispose(cert); CkKeyContainer_Dispose(keyCon); CkPrivateKey_Dispose(privKey2); end; |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.