PureBasic
PureBasic
Rewrite PFX using AES256-SHA256
See more PFX/P12 Examples
Demonstrates how to load a .pfx/.p12, examine the encryption algorithm used, and rewrite using aes256-sha256.Chilkat PureBasic Downloads
IncludeFile "CkPfx.pb"
IncludeFile "CkJsonObject.pb"
Procedure ChilkatExample()
success.i = 0
pfx.i = CkPfx::ckCreate()
If pfx.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
; Let's load a .pfx and examine the encryption algorithms used to protect the private key:
success = CkPfx::ckLoadPfxFile(pfx,"qa_data/pfx/test_secret.pfx","secret")
If success = 0
Debug CkPfx::ckLastErrorText(pfx)
CkPfx::ckDispose(pfx)
ProcedureReturn
EndIf
; Examine the algorithms:
; "pbeWithSHAAnd3_KeyTripleDES_CBC" or "pbes2"?
Debug "Algorithm: " + CkPfx::ckAlgorithmId(pfx)
; If the algorithm is "pbes2" then examine the actual encryption and HMAC algorithms used within pbes2.
; (If the algorithm is NOT "pbes2", then the following properties are meaningless and will not be modified from their previous values prior to loading the PFX.)
Debug "Pbes2CryptAlg: " + CkPfx::ckPbes2CryptAlg(pfx)
Debug "Pbes2HmacAlg: " + CkPfx::ckPbes2HmacAlg(pfx)
; Our output so far:
; Algorithm: pbeWithSHAAnd3_KeyTripleDES_CBC
; Pbes2CryptAlg: aes256-cbc
; Pbes2HmacAlg: hmacWithSha256
; This tells us that the PFX we loaded was protected using triple-DES with SHA1.
; (Most existing .pfx/.p12 files use 3DES w/ SHA1.)
; The Pbes2CryptAlg and Pbes2HmacAlg properties do not apply here because the AlgorithmId is not equal to "pbes2". We can ignore those values.
; Examine the last JSON data collected in the call to LoadPfxFile. This gives us information about what is contained in the PFX, including extended attributes.
json.i = CkJsonObject::ckCreate()
If json.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
CkPfx::ckGetLastJsonData(pfx,json)
CkJsonObject::setCkEmitCompact(json, 0)
Debug CkJsonObject::ckEmit(json)
; Sample output
; Use this online tool to generate parsing code from sample JSON:
; Generate Parsing Code from JSON
; {
; "authenticatedSafe": {
; "contentInfo": [
; {
; "type": "Data",
; "safeBag": [
; {
; "type": "pkcs8ShroudedKeyBag",
; "attrs": {
; "localKeyId": "16444216",
; "keyContainerName": "{F09B755A-1E90-444D-9851-02B86CA14961}",
; "msStorageProvider": "Microsoft Enhanced Cryptographic Provider v1.0"
; }
; }
; ]
; },
; {
; "type": "EncryptedData",
; "safeBag": [
; {
; "type": "certBag",
; "attrs": {
; "localKeyId": "16444216"
; },
; "subject": "....",
; "serialNumber": "9999999999999999999999999999"
; },
; {
; "type": "certBag",
; "attrs": {
; "authRootSha256Hash": "0vkOXTXKxNQffUTOZq/4heGBX7M5GFhTqH5mwFyb7x4=",
; "friendlyName": "XYZ",
; "enhKeyUsage": [
; {
; "oid": "1.3.6.1.5.5.7.3.2",
; "usage": "clientAuth"
; },
; {
; "oid": "1.3.6.1.5.5.7.3.4",
; "usage": "emailProtection"
; },
; {
; "oid": "1.3.6.1.5.5.7.3.3",
; "usage": "codeSigning"
; },
; {
; "oid": "1.3.6.1.5.5.7.3.8",
; "usage": "timeStamping"
; },
; {
; "oid": "1.3.6.1.4.1.311.10.3.4",
; "usage": "encryptedFileSystem"
; },
; {
; "oid": "1.3.6.1.5.5.8.2.2",
; "usage": "iKEIntermediate"
; },
;
; {
; "oid": "1.3.6.1.5.5.7.3.6",
; "usage": "ipsecTunnel"
; },
; {
; "oid": "1.3.6.1.5.5.7.3.7",
; "usage": "ipsecUser"
; },
; {
; "oid": "1.3.6.1.5.5.7.3.5",
; "usage": "ipsecEndSystem"
; }
; ]
; },
; "subject": "...",
; "serialNumber": "8888888888888888888888888888"
; },
; {
; "type": "certBag",
; "subject": "...",
; "serialNumber": "777777777777777777777777777"
; }
; ]
; }
; ]
; }
; }
; ------------------------------------------------------------------------------------------
; OK... now let's change the AlgorithmId to "pbes2"
CkPfx::setCkAlgorithmId(pfx, "pbes2")
; We already know from above that the PBES2 crypt and HMAC algorithms are "aes256-cbc" and "hmacWithSha256".
; Let's set them anyway just for the example...
CkPfx::setCkPbes2CryptAlg(pfx, "aes256-cbc")
CkPfx::setCkPbes2HmacAlg(pfx, "hmacWithSha256")
; Rewrite the PFX using pbes2/aes256 + sha256
success = CkPfx::ckToFile(pfx,"secret","qa_output/test_secret_aes256.pfx")
If success = 0
Debug CkPfx::ckLastErrorText(pfx)
CkPfx::ckDispose(pfx)
CkJsonObject::ckDispose(json)
ProcedureReturn
EndIf
Debug "Success."
CkPfx::ckDispose(pfx)
CkJsonObject::ckDispose(json)
ProcedureReturn
EndProcedure