Sample code for 30+ languages & platforms
Java

Set .pfx/.p12 Safe Bag Attributes

See more PFX/P12 Examples

Demonstrates how to set safebag attributes in a .pfx/.p12. This example creates a .pfx from a .pem containing a private key and certificates, but also sets PFX safebag attributes before writing the .pfx.

Chilkat Java Downloads

Java
import com.chilkatsoft.*;

public class ChilkatExample {

  static {
    try {
        System.loadLibrary("chilkat");
    } catch (UnsatisfiedLinkError e) {
      System.err.println("Native code library failed to load.\n" + e);
      System.exit(1);
    }
  }

  public static void main(String argv[])
  {
    boolean success = false;

    //  We have a PEM containing one private key, and two certificates:
    //  The private key is an ECDSA private key.
    //  The private key is associated with the 1st certificate.
    //  The 2nd certificate is the issuer of the 1st certificate.

    //  -----BEGIN PRIVATE KEY-----
    //  ME0CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEMzAxAgEBBCDgAn4Dal+0iEhIsYBk
    //  6SdSR344vyj0suhOIxsjmM19s6AKBggqhkjOPQMBBw==
    //  -----END PRIVATE KEY-----
    //  -----BEGIN CERTIFICATE-----
    //  MIIBXzCCAQSgAwIBAgIUGp2obfF61BG7QTsqpyT+VvxxJC0wCgYIKoZIzj0EAwIw
    //  DTELMAkGA1UEAwwCQ0EwHhcNMjAwMzI5MTU1MTEwWhcNMzAwMzI3MTU1MTEwWjAN
    //  MQswCQYDVQQDDAJFRTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEil+DhBUss8
    //  kMCjEWvZHA+jdy1mQ76a2HFd+5p+AcFGQxNeG8/HXZax7FFzcrczWrli25R8P8j1
    //  cqhwPY4HtwujQjBAMB0GA1UdDgQWBBTenwm6x4A4W5BzZ2OckKA2IFtPSTAfBgNV
    //  HSMEGDAWgBTx1U/gWiRhAASl6FV04DxP3XmcazAKBggqhkjOPQQDAgNJADBGAiEA
    //  rkqbz5t1M/CjqXSKE5ebBLQ3npF+q7GRC8C2ovDi/xoCIQDGve7OP/ppIDcCNonr
    //  +WSRf5M/6Wvw1lnEsAXf3nLTeQ==
    //  -----END CERTIFICATE-----
    //  -----BEGIN CERTIFICATE-----
    //  MIIBcDCCARWgAwIBAgIUAnQiKKy/PdLnH0A6vYKBq21w1JAwCgYIKoZIzj0EAwIw
    //  DTELMAkGA1UEAwwCQ0EwHhcNMjAwMzI5MTU1MTEwWhcNMzAwMzI3MTU1MTEwWjAN
    //  MQswCQYDVQQDDAJDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPB6yVvqt8cL
    //  EneRtnjoi87H0ATi+JP1w2qkz4GLOaPtFxAnV0LdQCuN91SGbAlKrSkhFyWWimjh
    //  Rqe9+b/1WCijUzBRMB0GA1UdDgQWBBTx1U/gWiRhAASl6FV04DxP3XmcazAfBgNV
    //  HSMEGDAWgBTx1U/gWiRhAASl6FV04DxP3XmcazAPBgNVHRMBAf8EBTADAQH/MAoG
    //  CCqGSM49BAMCA0kAMEYCIQCcIfssfrOruVYvqhxbLGeyc5ppEX53zUU35wIE2t7C
    //  fAIhAKhOTEvN+pdEn+cNwW3AEi7D08ZUQx3P80i4EnFPs0OQ
    //  -----END CERTIFICATE-----

    CkPfx pfx = new CkPfx();
    CkStringBuilder sbPem = new CkStringBuilder();
    success = sbPem.LoadFile("qa_data/pfx/test_ecdsa.pem","utf-8");
    if (success == false) {
        System.out.println("Failed to load the PEM file.");
        return;
        }

    //  The PEM in this example is unencrypted.  There is no password.
    String password = "";
    success = pfx.LoadPem(sbPem.getAsString(),password);
    if (success == false) {
        System.out.println(pfx.lastErrorText());
        return;
        }

    //  Let's add some safebag attributes for the private key...
    boolean forPrivateKey = true;
    int keyIdx = 0;
    success = pfx.SetSafeBagAttr(forPrivateKey,keyIdx,"localKeyId","16777216","decimal");
    if (success == false) {
        System.out.println(pfx.lastErrorText());
        return;
        }

    success = pfx.SetSafeBagAttr(forPrivateKey,keyIdx,"keyContainerName","{B99EB9E7-6AF7-42AF-A43A-D4B2225B7605}","ascii");
    if (success == false) {
        System.out.println(pfx.lastErrorText());
        return;
        }

    success = pfx.SetSafeBagAttr(forPrivateKey,keyIdx,"storageProvider","Microsoft Software Key Storage Provider","ascii");
    if (success == false) {
        System.out.println(pfx.lastErrorText());
        return;
        }

    //  Add the localKeyId safebag attribute to the 1st certificate.
    forPrivateKey = false;
    int certIdx = 0;
    success = pfx.SetSafeBagAttr(forPrivateKey,certIdx,"localKeyId","16777216","decimal");
    if (success == false) {
        System.out.println(pfx.lastErrorText());
        return;
        }

    //  Write the pfx.
    success = pfx.ToFile("secret","qa_output/ee.pfx");
    if (success == false) {
        System.out.println(pfx.lastErrorText());
        return;
        }

    //  Let's load the .pfx we just wrote to see if the safebag attributes exist.
    CkPfx pfx2 = new CkPfx();
    success = pfx2.LoadPfxFile("qa_output/ee.pfx","secret");
    if (success == false) {
        System.out.println(pfx2.lastErrorText());
        return;
        }

    //  Information about the contents of the PFX was collected in the call to LoadPfxFile.
    CkJsonObject json = new CkJsonObject();
    pfx2.GetLastJsonData(json);

    json.put_EmitCompact(false);
    System.out.println(json.emit());

    //  Shows what's in the PFX just loaded:

    //  {
    //    "authenticatedSafe": {
    //      "contentInfo": [
    //        {
    //          "type": "Data",
    //          "safeBag": [
    //            {
    //              "type": "pkcs8ShroudedKeyBag",
    //              "attrs": {
    //                "keyContainerName": "{B99EB9E7-6AF7-42AF-A43A-D4B2225B7605}",
    //                "msStorageProvider": "Microsoft Software Key Storage Provider",
    //                "localKeyId": "16777216"
    //              }
    //            }
    //          ]
    //        },
    //        {
    //          "type": "EncryptedData",
    //          "safeBag": [
    //            {
    //              "type": "certBag",
    //              "attrs": {
    //                "localKeyId": "16777216"
    //              },
    //              "subject": "EE",
    //              "serialNumber": "1a9da86df17ad411bb413b2aa724fe56fc71242d"
    //            },
    //            {
    //              "type": "certBag",
    //              "subject": "CA",
    //              "serialNumber": "02742228acbf3dd2e71f403abd8281ab6d70d490"
    //            }
    //          ]
    //        }
    //      ]
    //    }
    //  }
  }
}