Sample code for 30+ languages & platforms
Swift

AWS KMS Import PFX Key

See more AWS KMS Examples

Imports a certificate's private key from a .pfx file to new key created in AWS KMS.

Chilkat Swift Downloads

Swift

func chilkatTest() {
    var success: Bool = false

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // Note: This example is using a relative file path.  You can also specify a full file path, such as "C:/someDir/myCertAndKey.pfx"
    // or a file path the makes sense on non-Windows operating systems..
    let cert = CkoCert()!
    success = cert.loadPfxFile(path: "qa_data/pfx/myCertAndKey.pfx", password: "pfx_password")
    if success == false {
        print("\(cert.lastErrorText!)")
        return
    }

    // Get the cert's private key.  This is what will be uploaded to AWS KMS.
    let privKey = CkoPrivateKey()!
    success = cert.getPrivateKey(privKey: privKey)
    if success == false {
        print("\(cert.lastErrorText!)")
        return
    }

    let json = CkoJsonObject()!
    json.updateString(jsonPath: "service", value: "aws-kms")
    json.updateString(jsonPath: "auth.access_key", value: "AWS_ACCESS_KEY")
    json.updateString(jsonPath: "auth.secret_key", value: "AWS_SECRET_KEY")
    json.updateString(jsonPath: "auth.region", value: "us-west-2")
    json.updateString(jsonPath: "description", value: "Test of uploading existing private key to AWS KMS")

    // Let's add some information about the certificate this key belongs to.
    // This is for informational purposes only, so that we can examine the tags
    // in the AWS KMS console and know the corresponding certificate.
    json.updateString(jsonPath: "tags[0].key", value: "CertSerial")
    json.updateString(jsonPath: "tags[0].value", value: cert.serialNumber)
    json.updateString(jsonPath: "tags[1].key", value: "CertIssuer")
    json.updateString(jsonPath: "tags[1].value", value: cert.issuerCN)
    json.updateString(jsonPath: "tags[2].key", value: "CertSubject")
    json.updateString(jsonPath: "tags[2].value", value: cert.subjectCN)

    json.updateString(jsonPath: "keyUsage", value: "SIGN_VERIFY")

    // The UploadToCloud method was added in Chilkat v9.5.0.96
    let jsonOut = CkoJsonObject()!
    success = privKey.upload(toCloud: json, jsonOut: jsonOut)
    if success == false {
        print("\(privKey.lastErrorText!)")
        return
    }

    // When successful, the jsonOut contains information about the private key in AWS KMS.
    // Most importantly, the KeyId.
    jsonOut.emitCompact = false
    print("\(jsonOut.emit()!)")

    // Sample JSON result:

    // {
    //   "AWSAccountId": "954491834127",
    //   "Arn": "arn:aws:kms:us-west-2:954491834127:key/187012e8-008f-4fc7-b100-5efe6146dff2",
    //   "KeySpec": "RSA_4096",
    //   "Description": "Test of uploading existing private key to AWS KMS",
    //   "KeyId": "187012e8-008f-4fc7-b100-5efe6146dff2",
    //   "KeyUsage": "SIGN_VERIFY"
    // }

}