(Delphi DLL) Get a .pfx/.p12 Safe Bag Attribute

Demonstrates how to get the value of a private key or certificate safe bag attribute. Safe bag attributes are associated with a key or certificate. They are attributes stored in the .p12/.pfx alongside a key or certificate.

Note: This example requires Chilkat v9.5.0.83 or greater.

Chilkat for Delphi Downloads Chilkat non-ActiveX DLL for Delphi Chilkat ActiveX DLL for Delphi * The examples here use the non-ActiveX DLL.

uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Pfx, JsonObject;

...

procedure TForm1.Button1Click(Sender: TObject);
var
pfx: HCkPfx;
success: Boolean;
json: HCkJsonObject;
getPrivateKeyAttr: Boolean;
privateKeyIdx: Integer;

begin
pfx := CkPfx_Create();

success := CkPfx_LoadPfxFile(pfx,'qa_data/pfx/test_ecdsa_secret.pfx','secret');
if (success = False) then
  begin
    Memo1.Lines.Add(CkPfx__lastErrorText(pfx));
    Exit;
  end;

json := CkPfx_LastJsonData(pfx);
CkJsonObject_putEmitCompact(json,False);
Memo1.Lines.Add(CkJsonObject__emit(json));
CkJsonObject_Dispose(json);

// The LastJsonData provides information about the what is contained in the PFX after loading.
// For example:

// {
//   "authenticatedSafe": {
//     "contentInfo": [
//       {
//         "type": "Data",
//         "safeBag": [
//           {
//             "type": "pkcs8ShroudedKeyBag",
//             "attrs": {
//               "localKeyId": "16777216",
//               "keyContainerName": "{B99EB9E7-6AF7-42AF-A43A-D4B2225B7605}",
//               "msStorageProvider": "Microsoft Software Key Storage Provider"
//             }
//           }
//         ]
//       },
//       {
//         "type": "EncryptedData",
//         "safeBag": [
//           {
//             "type": "certBag",
//             "attrs": {
//               "localKeyId": "16777216"
//             },
//             "subject": "EE",
//             "serialNumber": "1a9da86df17ad411bb413b2aa724fe56fc71242d"
//           },
//           {
//             "type": "certBag",
//             "subject": "CA",
//             "serialNumber": "02742228acbf3dd2e71f403abd8281ab6d70d490"
//           }
//         ]
//       }
//     ]
//   }
// }

// Use this online tool to generate parsing code from sample JSON: 
// Generate Parsing Code from JSON

// In the above JSON, we can see the .pfx contains one private key (a pkcs8ShroudedKeyBag) and two certificates (each in a certBag).
// The certificates in a .pfx/.p12 are typicaly a single certificate with associated private key, along with the other certificates
// in the chain of authentication.

// We can see that the private key has 3 safebag attributes: localKeyId, keyContainerName, and msStorageProvider.
// The certificate associated with the private key contains one safebag attribute: localKeyId.
// Notice the localKeyId is the same.  The localKeyId helps associate the private key that corresponds to the given certificate.

// Let's demonstrate the GetSafeBagAttr method:

// Get each of the private key safebag attributes:
getPrivateKeyAttr := True;
privateKeyIdx := 0;
Memo1.Lines.Add('---- private key safebag attributes ----');
Memo1.Lines.Add(CkPfx__getSafeBagAttr(pfx,getPrivateKeyAttr,privateKeyIdx,'localKeyId'));
Memo1.Lines.Add(CkPfx__getSafeBagAttr(pfx,getPrivateKeyAttr,privateKeyIdx,'keyContainerName'));
Memo1.Lines.Add(CkPfx__getSafeBagAttr(pfx,getPrivateKeyAttr,privateKeyIdx,'storageProvider'));

// Get the localKeyId attribute for the 1st certificate.
getPrivateKeyAttr := False;
Memo1.Lines.Add('---- cert safebag attributes ----');
Memo1.Lines.Add(CkPfx__getSafeBagAttr(pfx,getPrivateKeyAttr,0,'localKeyId'));

CkPfx_Dispose(pfx);

end;