|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(Tcl) Duplicate openssl req -newkey rsa:2048 -nodes -keyout mydomain.pem -out mydomain.csrDemonstrates how to duplicate this OpenSSL command: openssl req -newkey rsa:2048 -nodes -keyout mydomain.pem -out mydomain.csr This command creates 2 files:
The second file is needed to pair with the certificate that will later be received from the CA.
load ./chilkat.dll # This example requires the Chilkat API to have been previously unlocked. # See Global Unlock Sample for sample code. set rsa [new_CkRsa] # Generate a 2048-bit key. Chilkat RSA supports # key sizes ranging from 512 bits to 8192 bits. set success [CkRsa_GenerateKey $rsa 2048] if {$success != 1} then { puts [CkRsa_lastErrorText $rsa] delete_CkRsa $rsa exit } # privKey is a CkPrivateKey set privKey [CkRsa_ExportPrivateKeyObj $rsa] # Save the private key to unencrypted PKCS8 PEM set success [CkPrivateKey_SavePkcs8PemFile $privKey "mydomain.pem"] # (alternatively) Save the private key to encrypted PKCS8 PEM set success [CkPrivateKey_SavePkcs8EncryptedPemFile $privKey "myPassword" "mydomain_enc.pem"] # We'll need the private key's modulus for the CSR. # The modulus is not something that needs to be protected. Most people don't realize # that a public key is actually just a subset of the private key. The public parts of # an RSA private key are the modulus and exponent. The exponent is always 65537. set privKeyXml [new_CkXml] set success [CkXml_LoadXml $privKeyXml [CkPrivateKey_getXml $privKey]] # Get the modulus in base64 format: set keyModulus [CkXml_getChildContent $privKeyXml "Modulus"] # -------------------------------------------------------------------------------- # Now build the CSR using Chilkat's ASN.1 API. # The keyModulus will be embedded within the ASN.1. # A new ASN.1 object is automatically a SEQUENCE. # Given that the CSR's root item is a SEQUENCE, we can use # this as the root of our CSR. set asnRoot [new_CkAsn] # Beneath the root, we have a SEQUENCE (the certificate request info), # another SEQUENCE (the algorithm identifier), and a BITSTRING (the signature data) set success [CkAsn_AppendSequence $asnRoot] set success [CkAsn_AppendSequence $asnRoot] # ---------------------------------- # Build the Certificate Request Info # ---------------------------------- # asnCertReqInfo is a CkAsn set asnCertReqInfo [CkAsn_GetSubItem $asnRoot 0] set success [CkAsn_AppendInt $asnCertReqInfo 0] # Build the Subject part of the Certificate Request Info # asnCertSubject is a CkAsn set asnCertSubject [CkAsn_AppendSequenceR $asnCertReqInfo] # Add each subject part.. # asnTemp is a CkAsn set asnTemp [CkAsn_AppendSetR $asnCertSubject] set success [CkAsn_AppendSequence2 $asnTemp] # AppendSequence2 updates the internal reference to the newly appended SEQUENCE. # The OID and printable string are added to the SEQUENCE. set success [CkAsn_AppendOid $asnTemp "2.5.4.6"] set success [CkAsn_AppendString $asnTemp "printable" "US"] delete_CkAsn $asnTemp set asnTemp [CkAsn_AppendSetR $asnCertSubject] set success [CkAsn_AppendSequence2 $asnTemp] set success [CkAsn_AppendOid $asnTemp "2.5.4.8"] set success [CkAsn_AppendString $asnTemp "utf8" "Utah"] delete_CkAsn $asnTemp set asnTemp [CkAsn_AppendSetR $asnCertSubject] set success [CkAsn_AppendSequence2 $asnTemp] set success [CkAsn_AppendOid $asnTemp "2.5.4.7"] set success [CkAsn_AppendString $asnTemp "utf8" "Lindon"] delete_CkAsn $asnTemp set asnTemp [CkAsn_AppendSetR $asnCertSubject] set success [CkAsn_AppendSequence2 $asnTemp] set success [CkAsn_AppendOid $asnTemp "2.5.4.10"] set success [CkAsn_AppendString $asnTemp "utf8" "DigiCert Inc."] delete_CkAsn $asnTemp set asnTemp [CkAsn_AppendSetR $asnCertSubject] set success [CkAsn_AppendSequence2 $asnTemp] set success [CkAsn_AppendOid $asnTemp "2.5.4.11"] set success [CkAsn_AppendString $asnTemp "utf8" "DigiCert"] delete_CkAsn $asnTemp set asnTemp [CkAsn_AppendSetR $asnCertSubject] set success [CkAsn_AppendSequence2 $asnTemp] set success [CkAsn_AppendOid $asnTemp "2.5.4.3"] set success [CkAsn_AppendString $asnTemp "utf8" "example.digicert.com"] delete_CkAsn $asnTemp delete_CkAsn $asnCertSubject # Build the Public Key Info part of the Certificate Request Info # asnPubKeyInfo is a CkAsn set asnPubKeyInfo [CkAsn_AppendSequenceR $asnCertReqInfo] # asnPubKeyAlgId is a CkAsn set asnPubKeyAlgId [CkAsn_AppendSequenceR $asnPubKeyInfo] set success [CkAsn_AppendOid $asnPubKeyAlgId "1.2.840.113549.1.1.1"] set success [CkAsn_AppendNull $asnPubKeyAlgId] delete_CkAsn $asnPubKeyAlgId # The public key itself is a BIT STRING, but the bit string is composed of ASN.1 # for the RSA public key. We'll first build the RSA ASN.1 for the public key # (containing the 2048 bit modulus and exponent), and encoded it to DER, and then add # the DER bytes as a BIT STRING (as a sub-item of asnPubKeyInfo) # This is already a SEQUENCE.. set asnRsaKey [new_CkAsn] # The RSA modulus is a big integer. set success [CkAsn_AppendBigInt $asnRsaKey $keyModulus "base64"] set success [CkAsn_AppendInt $asnRsaKey 65537] set rsaKeyDerBase64 [CkAsn_getEncodedDer $asnRsaKey "base64"] # Now add the RSA key DER as a BIT STRING. set success [CkAsn_AppendBits $asnPubKeyInfo $rsaKeyDerBase64 "base64"] delete_CkAsn $asnPubKeyInfo # The last part of the certificate request info is an empty context-specific constructed item # with a tag equal to 0. set success [CkAsn_AppendContextConstructed $asnCertReqInfo 0] # Get the DER of the asnCertReqInfo. # This will be signed using the RSA private key. set bdDer [new_CkBinData] set success [CkAsn_WriteBd $asnCertReqInfo $bdDer] # Add the signature to the ASN.1 set bdSig [new_CkBinData] set success [CkRsa_SignBd $rsa $bdDer "SHA1" $bdSig] set success [CkAsn_AppendBits $asnRoot [CkBinData_getEncoded $bdSig "base64"] "base64"] delete_CkAsn $asnCertReqInfo # ---------------------------------- # Finally, add the algorithm identifier, which is the 2nd sub-item under the root. # ---------------------------------- # asnAlgId is a CkAsn set asnAlgId [CkAsn_GetSubItem $asnRoot 1] set success [CkAsn_AppendOid $asnAlgId "1.2.840.113549.1.1.5"] set success [CkAsn_AppendNull $asnAlgId] delete_CkAsn $asnAlgId # Write the CSR to a DER encoded binary file: set success [CkAsn_WriteBinaryDer $asnRoot "qa_output/mydomain.csr"] if {$success != 1} then { puts [CkAsn_lastErrorText $asnRoot] delete_CkRsa $rsa delete_CkXml $privKeyXml delete_CkAsn $asnRoot delete_CkAsn $asnRsaKey delete_CkBinData $bdDer delete_CkBinData $bdSig exit } # It is also possible to get the CSR in base64 format: set csrBase64 [CkAsn_getEncodedDer $asnRoot "base64"] puts "Base64 CSR:" puts "$csrBase64" delete_CkPrivateKey $privKey delete_CkRsa $rsa delete_CkXml $privKeyXml delete_CkAsn $asnRoot delete_CkAsn $asnRsaKey delete_CkBinData $bdDer delete_CkBinData $bdSig |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.