|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(Tcl) Export a Private Key from an MS Storage ProviderDemonstrates how to export a private key from a Microsoft Storage Provider. Note: This example requires Chilkat v9.5.0.83 or greater.
load ./chilkat.dll # This example requires Chilkat v9.5.0.83 or greater. # We'll export a certificate's private key from the MS storage provider. # It is assumed the certificate + private key is already installed on the Windows system. # The export does not remove the key from the Windows storage provider. # First, let's get a certificate in one of the many ways we can do it. # (I ran certmgr.msc, opened a certificate, and noted it's thumbprint.) set cert [new_CkCert] set success [CkCert_LoadByThumbprint $cert "ea5a129c1919a52d238ee28d9f3a8f345b768388" "hex"] if {$success == 0} then { puts [CkCert_lastErrorText $cert] delete_CkCert $cert exit } puts "Found: [CkCert_subjectDN $cert]" # First export the private key the easy way. # privKey is a CkPrivateKey set privKey [CkCert_ExportPrivateKey $cert] if {[CkCert_get_LastMethodSuccess $cert] == 0} then { puts [CkCert_lastErrorText $cert] delete_CkCert $cert exit } # OK.. we have the private key. Do whatever we want with it.. delete_CkPrivateKey $privKey # ------------------------------------------------------------- # Now let's export in a more roundabout way by getting information about the # storage provider and key name and then we'll export completely independent # of the certificate. # # Remember: The private key is not contained within the certificate. An X.509 certificate # embeds the public key, but the counterpart private key is stored elsewhere, such # as in a .pfx/.p12, or as in this case, in the Windows "protected store", or perhaps on # a smartcard or hardware token. (But a private key stored on a smartcard or token cannot # be exported. It must remain on the hardware.) # set storageProvider [CkCert_cspName $cert] set keyName [CkCert_keyContainerName $cert] puts "Information about the certificate's private key:" puts "Storage Provider: $storageProvider" puts "Key Name: $keyName" # Export using just the name of the storage provider and key. set keyCon [new_CkKeyContainer] set privKey2 [new_CkPrivateKey] set silentFlag 0 set success [CkKeyContainer_ExportKey $keyCon $keyName $storageProvider $silentFlag $privKey2] if {$success == 0} then { puts [CkKeyContainer_lastErrorText $keyCon] delete_CkCert $cert delete_CkKeyContainer $keyCon delete_CkPrivateKey $privKey2 exit } # OK.. we have the private key in privKey2. Do whatever we want with it.. # Perhaps we save as encrypted PKCS8 PEM. set success [CkPrivateKey_SavePkcs8EncryptedPemFile $privKey2 "myPassword" "qa_output/privKey2.pem"] if {$success == 0} then { puts [CkPrivateKey_lastErrorText $privKey2] delete_CkCert $cert delete_CkKeyContainer $keyCon delete_CkPrivateKey $privKey2 exit } puts "Success." delete_CkCert $cert delete_CkKeyContainer $keyCon delete_CkPrivateKey $privKey2 |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.