Sample code for 30+ languages & platforms
Objective-C

Set .pfx/.p12 Safe Bag Attributes

See more PFX/P12 Examples

Demonstrates how to set safebag attributes in a .pfx/.p12. This example creates a .pfx from a .pem containing a private key and certificates, but also sets PFX safebag attributes before writing the .pfx.

Chilkat Objective-C Downloads

Objective-C
#import <CkoPfx.h>
#import <CkoStringBuilder.h>
#import <NSString.h>
#import <CkoJsonObject.h>

BOOL success = NO;

// We have a PEM containing one private key, and two certificates:
// The private key is an ECDSA private key.
// The private key is associated with the 1st certificate.
// The 2nd certificate is the issuer of the 1st certificate.

// -----BEGIN PRIVATE KEY-----
// ME0CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEMzAxAgEBBCDgAn4Dal+0iEhIsYBk
// 6SdSR344vyj0suhOIxsjmM19s6AKBggqhkjOPQMBBw==
// -----END PRIVATE KEY-----
// -----BEGIN CERTIFICATE-----
// MIIBXzCCAQSgAwIBAgIUGp2obfF61BG7QTsqpyT+VvxxJC0wCgYIKoZIzj0EAwIw
// DTELMAkGA1UEAwwCQ0EwHhcNMjAwMzI5MTU1MTEwWhcNMzAwMzI3MTU1MTEwWjAN
// MQswCQYDVQQDDAJFRTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEil+DhBUss8
// kMCjEWvZHA+jdy1mQ76a2HFd+5p+AcFGQxNeG8/HXZax7FFzcrczWrli25R8P8j1
// cqhwPY4HtwujQjBAMB0GA1UdDgQWBBTenwm6x4A4W5BzZ2OckKA2IFtPSTAfBgNV
// HSMEGDAWgBTx1U/gWiRhAASl6FV04DxP3XmcazAKBggqhkjOPQQDAgNJADBGAiEA
// rkqbz5t1M/CjqXSKE5ebBLQ3npF+q7GRC8C2ovDi/xoCIQDGve7OP/ppIDcCNonr
// +WSRf5M/6Wvw1lnEsAXf3nLTeQ==
// -----END CERTIFICATE-----
// -----BEGIN CERTIFICATE-----
// MIIBcDCCARWgAwIBAgIUAnQiKKy/PdLnH0A6vYKBq21w1JAwCgYIKoZIzj0EAwIw
// DTELMAkGA1UEAwwCQ0EwHhcNMjAwMzI5MTU1MTEwWhcNMzAwMzI3MTU1MTEwWjAN
// MQswCQYDVQQDDAJDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPB6yVvqt8cL
// EneRtnjoi87H0ATi+JP1w2qkz4GLOaPtFxAnV0LdQCuN91SGbAlKrSkhFyWWimjh
// Rqe9+b/1WCijUzBRMB0GA1UdDgQWBBTx1U/gWiRhAASl6FV04DxP3XmcazAfBgNV
// HSMEGDAWgBTx1U/gWiRhAASl6FV04DxP3XmcazAPBgNVHRMBAf8EBTADAQH/MAoG
// CCqGSM49BAMCA0kAMEYCIQCcIfssfrOruVYvqhxbLGeyc5ppEX53zUU35wIE2t7C
// fAIhAKhOTEvN+pdEn+cNwW3AEi7D08ZUQx3P80i4EnFPs0OQ
// -----END CERTIFICATE-----

CkoPfx *pfx = [[CkoPfx alloc] init];
CkoStringBuilder *sbPem = [[CkoStringBuilder alloc] init];
success = [sbPem LoadFile: @"qa_data/pfx/test_ecdsa.pem" charset: @"utf-8"];
if (success == NO) {
    NSLog(@"%@",@"Failed to load the PEM file.");
    return;
}

// The PEM in this example is unencrypted.  There is no password.
NSString *password = @"";
success = [pfx LoadPem: [sbPem GetAsString] password: password];
if (success == NO) {
    NSLog(@"%@",pfx.LastErrorText);
    return;
}

// Let's add some safebag attributes for the private key...
BOOL forPrivateKey = YES;
int keyIdx = 0;
success = [pfx SetSafeBagAttr: forPrivateKey index: [NSNumber numberWithInt: keyIdx] name: @"localKeyId" value: @"16777216" encoding: @"decimal"];
if (success == NO) {
    NSLog(@"%@",pfx.LastErrorText);
    return;
}

success = [pfx SetSafeBagAttr: forPrivateKey index: [NSNumber numberWithInt: keyIdx] name: @"keyContainerName" value: @"{B99EB9E7-6AF7-42AF-A43A-D4B2225B7605}" encoding: @"ascii"];
if (success == NO) {
    NSLog(@"%@",pfx.LastErrorText);
    return;
}

success = [pfx SetSafeBagAttr: forPrivateKey index: [NSNumber numberWithInt: keyIdx] name: @"storageProvider" value: @"Microsoft Software Key Storage Provider" encoding: @"ascii"];
if (success == NO) {
    NSLog(@"%@",pfx.LastErrorText);
    return;
}

// Add the localKeyId safebag attribute to the 1st certificate.
forPrivateKey = NO;
int certIdx = 0;
success = [pfx SetSafeBagAttr: forPrivateKey index: [NSNumber numberWithInt: certIdx] name: @"localKeyId" value: @"16777216" encoding: @"decimal"];
if (success == NO) {
    NSLog(@"%@",pfx.LastErrorText);
    return;
}

// Write the pfx.
success = [pfx ToFile: @"secret" path: @"qa_output/ee.pfx"];
if (success == NO) {
    NSLog(@"%@",pfx.LastErrorText);
    return;
}

// Let's load the .pfx we just wrote to see if the safebag attributes exist.
CkoPfx *pfx2 = [[CkoPfx alloc] init];
success = [pfx2 LoadPfxFile: @"qa_output/ee.pfx" password: @"secret"];
if (success == NO) {
    NSLog(@"%@",pfx2.LastErrorText);
    return;
}

// Information about the contents of the PFX was collected in the call to LoadPfxFile.
CkoJsonObject *json = [[CkoJsonObject alloc] init];
[pfx2 GetLastJsonData: json];

json.EmitCompact = NO;
NSLog(@"%@",[json Emit]);

// Shows what's in the PFX just loaded:

// {
//   "authenticatedSafe": {
//     "contentInfo": [
//       {
//         "type": "Data",
//         "safeBag": [
//           {
//             "type": "pkcs8ShroudedKeyBag",
//             "attrs": {
//               "keyContainerName": "{B99EB9E7-6AF7-42AF-A43A-D4B2225B7605}",
//               "msStorageProvider": "Microsoft Software Key Storage Provider",
//               "localKeyId": "16777216"
//             }
//           }
//         ]
//       },
//       {
//         "type": "EncryptedData",
//         "safeBag": [
//           {
//             "type": "certBag",
//             "attrs": {
//               "localKeyId": "16777216"
//             },
//             "subject": "EE",
//             "serialNumber": "1a9da86df17ad411bb413b2aa724fe56fc71242d"
//           },
//           {
//             "type": "certBag",
//             "subject": "CA",
//             "serialNumber": "02742228acbf3dd2e71f403abd8281ab6d70d490"
//           }
//         ]
//       }
//     ]
//   }
// }