Sample code for 30+ languages & platforms
PureBasic

Set .pfx/.p12 Safe Bag Attributes

See more PFX/P12 Examples

Demonstrates how to set safebag attributes in a .pfx/.p12. This example creates a .pfx from a .pem containing a private key and certificates, but also sets PFX safebag attributes before writing the .pfx.

Chilkat PureBasic Downloads

PureBasic
IncludeFile "CkStringBuilder.pb"
IncludeFile "CkJsonObject.pb"
IncludeFile "CkPfx.pb"

Procedure ChilkatExample()

    success.i = 0

    ; We have a PEM containing one private key, and two certificates:
    ; The private key is an ECDSA private key.
    ; The private key is associated with the 1st certificate.
    ; The 2nd certificate is the issuer of the 1st certificate.

    ; -----BEGIN PRIVATE KEY-----
    ; ME0CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEMzAxAgEBBCDgAn4Dal+0iEhIsYBk
    ; 6SdSR344vyj0suhOIxsjmM19s6AKBggqhkjOPQMBBw==
    ; -----END PRIVATE KEY-----
    ; -----BEGIN CERTIFICATE-----
    ; MIIBXzCCAQSgAwIBAgIUGp2obfF61BG7QTsqpyT+VvxxJC0wCgYIKoZIzj0EAwIw
    ; DTELMAkGA1UEAwwCQ0EwHhcNMjAwMzI5MTU1MTEwWhcNMzAwMzI3MTU1MTEwWjAN
    ; MQswCQYDVQQDDAJFRTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEil+DhBUss8
    ; kMCjEWvZHA+jdy1mQ76a2HFd+5p+AcFGQxNeG8/HXZax7FFzcrczWrli25R8P8j1
    ; cqhwPY4HtwujQjBAMB0GA1UdDgQWBBTenwm6x4A4W5BzZ2OckKA2IFtPSTAfBgNV
    ; HSMEGDAWgBTx1U/gWiRhAASl6FV04DxP3XmcazAKBggqhkjOPQQDAgNJADBGAiEA
    ; rkqbz5t1M/CjqXSKE5ebBLQ3npF+q7GRC8C2ovDi/xoCIQDGve7OP/ppIDcCNonr
    ; +WSRf5M/6Wvw1lnEsAXf3nLTeQ==
    ; -----END CERTIFICATE-----
    ; -----BEGIN CERTIFICATE-----
    ; MIIBcDCCARWgAwIBAgIUAnQiKKy/PdLnH0A6vYKBq21w1JAwCgYIKoZIzj0EAwIw
    ; DTELMAkGA1UEAwwCQ0EwHhcNMjAwMzI5MTU1MTEwWhcNMzAwMzI3MTU1MTEwWjAN
    ; MQswCQYDVQQDDAJDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPB6yVvqt8cL
    ; EneRtnjoi87H0ATi+JP1w2qkz4GLOaPtFxAnV0LdQCuN91SGbAlKrSkhFyWWimjh
    ; Rqe9+b/1WCijUzBRMB0GA1UdDgQWBBTx1U/gWiRhAASl6FV04DxP3XmcazAfBgNV
    ; HSMEGDAWgBTx1U/gWiRhAASl6FV04DxP3XmcazAPBgNVHRMBAf8EBTADAQH/MAoG
    ; CCqGSM49BAMCA0kAMEYCIQCcIfssfrOruVYvqhxbLGeyc5ppEX53zUU35wIE2t7C
    ; fAIhAKhOTEvN+pdEn+cNwW3AEi7D08ZUQx3P80i4EnFPs0OQ
    ; -----END CERTIFICATE-----

    pfx.i = CkPfx::ckCreate()
    If pfx.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    sbPem.i = CkStringBuilder::ckCreate()
    If sbPem.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success = CkStringBuilder::ckLoadFile(sbPem,"qa_data/pfx/test_ecdsa.pem","utf-8")
    If success = 0
        Debug "Failed to load the PEM file."
        CkPfx::ckDispose(pfx)
        CkStringBuilder::ckDispose(sbPem)
        ProcedureReturn
    EndIf

    ; The PEM in this example is unencrypted.  There is no password.
    password.s = ""
    success = CkPfx::ckLoadPem(pfx,CkStringBuilder::ckGetAsString(sbPem),password)
    If success = 0
        Debug CkPfx::ckLastErrorText(pfx)
        CkPfx::ckDispose(pfx)
        CkStringBuilder::ckDispose(sbPem)
        ProcedureReturn
    EndIf

    ; Let's add some safebag attributes for the private key...
    forPrivateKey.i = 1
    keyIdx.i = 0
    success = CkPfx::ckSetSafeBagAttr(pfx,forPrivateKey,keyIdx,"localKeyId","16777216","decimal")
    If success = 0
        Debug CkPfx::ckLastErrorText(pfx)
        CkPfx::ckDispose(pfx)
        CkStringBuilder::ckDispose(sbPem)
        ProcedureReturn
    EndIf

    success = CkPfx::ckSetSafeBagAttr(pfx,forPrivateKey,keyIdx,"keyContainerName","{B99EB9E7-6AF7-42AF-A43A-D4B2225B7605}","ascii")
    If success = 0
        Debug CkPfx::ckLastErrorText(pfx)
        CkPfx::ckDispose(pfx)
        CkStringBuilder::ckDispose(sbPem)
        ProcedureReturn
    EndIf

    success = CkPfx::ckSetSafeBagAttr(pfx,forPrivateKey,keyIdx,"storageProvider","Microsoft Software Key Storage Provider","ascii")
    If success = 0
        Debug CkPfx::ckLastErrorText(pfx)
        CkPfx::ckDispose(pfx)
        CkStringBuilder::ckDispose(sbPem)
        ProcedureReturn
    EndIf

    ; Add the localKeyId safebag attribute to the 1st certificate.
    forPrivateKey = 0
    certIdx.i = 0
    success = CkPfx::ckSetSafeBagAttr(pfx,forPrivateKey,certIdx,"localKeyId","16777216","decimal")
    If success = 0
        Debug CkPfx::ckLastErrorText(pfx)
        CkPfx::ckDispose(pfx)
        CkStringBuilder::ckDispose(sbPem)
        ProcedureReturn
    EndIf

    ; Write the pfx.
    success = CkPfx::ckToFile(pfx,"secret","qa_output/ee.pfx")
    If success = 0
        Debug CkPfx::ckLastErrorText(pfx)
        CkPfx::ckDispose(pfx)
        CkStringBuilder::ckDispose(sbPem)
        ProcedureReturn
    EndIf

    ; Let's load the .pfx we just wrote to see if the safebag attributes exist.
    pfx2.i = CkPfx::ckCreate()
    If pfx2.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success = CkPfx::ckLoadPfxFile(pfx2,"qa_output/ee.pfx","secret")
    If success = 0
        Debug CkPfx::ckLastErrorText(pfx2)
        CkPfx::ckDispose(pfx)
        CkStringBuilder::ckDispose(sbPem)
        CkPfx::ckDispose(pfx2)
        ProcedureReturn
    EndIf

    ; Information about the contents of the PFX was collected in the call to LoadPfxFile.
    json.i = CkJsonObject::ckCreate()
    If json.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    CkPfx::ckGetLastJsonData(pfx2,json)

    CkJsonObject::setCkEmitCompact(json, 0)
    Debug CkJsonObject::ckEmit(json)

    ; Shows what's in the PFX just loaded:

    ; {
    ;   "authenticatedSafe": {
    ;     "contentInfo": [
    ;       {
    ;         "type": "Data",
    ;         "safeBag": [
    ;           {
    ;             "type": "pkcs8ShroudedKeyBag",
    ;             "attrs": {
    ;               "keyContainerName": "{B99EB9E7-6AF7-42AF-A43A-D4B2225B7605}",
    ;               "msStorageProvider": "Microsoft Software Key Storage Provider",
    ;               "localKeyId": "16777216"
    ;             }
    ;           }
    ;         ]
    ;       },
    ;       {
    ;         "type": "EncryptedData",
    ;         "safeBag": [
    ;           {
    ;             "type": "certBag",
    ;             "attrs": {
    ;               "localKeyId": "16777216"
    ;             },
    ;             "subject": "EE",
    ;             "serialNumber": "1a9da86df17ad411bb413b2aa724fe56fc71242d"
    ;           },
    ;           {
    ;             "type": "certBag",
    ;             "subject": "CA",
    ;             "serialNumber": "02742228acbf3dd2e71f403abd8281ab6d70d490"
    ;           }
    ;         ]
    ;       }
    ;     ]
    ;   }
    ; }


    CkPfx::ckDispose(pfx)
    CkStringBuilder::ckDispose(sbPem)
    CkPfx::ckDispose(pfx2)
    CkJsonObject::ckDispose(json)


    ProcedureReturn
EndProcedure