Unicode C
Unicode C
Generate a CSR with keyUsage, extKeyUsage, and other Extensions
See more CSR Examples
Demonstrates how to generate a CSR containing a 1.2.840.113549.1.9.14 extensionRequest with the following extensions:- 1.3.6.1.4.1.311.20.2 enrollCerttypeExtension
- 2.5.29.15 keyUsage
- 2.5.29.37 extKeyUsage
- 2.5.29.14 subjectKeyIdentifier
Chilkat Unicode C Downloads
#include <C_CkEccW.h>
#include <C_CkPrngW.h>
#include <C_CkPrivateKeyW.h>
#include <C_CkCsrW.h>
#include <C_CkBinDataW.h>
#include <C_CkXmlW.h>
#include <C_CkPublicKeyW.h>
void ChilkatSample(void)
{
BOOL success;
HCkEccW ecc;
HCkPrngW prng;
HCkPrivateKeyW privKey;
HCkCsrW csr;
const wchar_t *s;
HCkBinDataW bdTemp;
const wchar_t *s_base64_utf16be;
HCkXmlW xml;
HCkPublicKeyW pubKey;
HCkBinDataW bdPubKeyDer;
const wchar_t *ski;
const wchar_t *csrPem;
success = FALSE;
// This requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// This example will generate a secp256r1 ECDSA key for the CSR.
ecc = CkEccW_Create();
prng = CkPrngW_Create();
privKey = CkPrivateKeyW_Create();
success = CkEccW_GenKey(ecc,L"secp256r1",prng,privKey);
if (success == FALSE) {
wprintf(L"Failed to generate a new ECDSA private key.\n");
CkEccW_Dispose(ecc);
CkPrngW_Dispose(prng);
CkPrivateKeyW_Dispose(privKey);
return;
}
csr = CkCsrW_Create();
// Add common CSR fields:
CkCsrW_putCommonName(csr,L"mysubdomain.mydomain.com");
CkCsrW_putCountry(csr,L"GB");
CkCsrW_putState(csr,L"Yorks");
CkCsrW_putLocality(csr,L"York");
CkCsrW_putCompany(csr,L"Internet Widgits Pty Ltd");
CkCsrW_putEmailAddress(csr,L"support@mydomain.com");
// Add the following 1.2.840.113549.1.9.14 extensionRequest
// Note: The easiest way to know the content and format of the XML to be added is to examine
// a pre-existing CSR with the same desired extensionRequest. You can use Chilkat to
// get the extensionRequest from an existing CSR.
//
// Here is a sample extension request:
// <?xml version="1.0" encoding="utf-8"?>
// <set>
// <sequence>
// <sequence>
// <oid>1.3.6.1.4.1.311.20.2</oid>
// <asnOctets>
// <universal tag="30" constructed="0">AEUAbgBkAEUAbgB0AGkAdAB5AEMAbABpAGUAbgB0AEEAdQB0AGgAQwBlAHIAdABpAGYAaQBjAGEAdABl
// AF8AQwBTAFIAUABhAHMAcwB0AGgAcgBvAHUAZwBoAC8AVgAx</universal>
// </asnOctets>
// </sequence>
// <sequence>
// <oid>2.5.29.15</oid>
// <bool>1</bool>
// <asnOctets>
// <bits n="3">A0</bits>
// </asnOctets>
// </sequence>
// <sequence>
// <oid>2.5.29.37</oid>
// <asnOctets>
// <sequence>
// <oid>1.3.6.1.5.5.7.3.3</oid>
// </sequence>
// </asnOctets>
// </sequence>
// <sequence>
// <oid>2.5.29.14</oid>
// <asnOctets>
// <octets>MCzBMQAViXBz8IDt8LsgmJxJ4Xg=</octets>
// </asnOctets>
// </sequence>
// </sequence>
// </set>
// Use this online tool to generate code from sample XML:
// Generate Code to Create XML
// A few notes:
// The string "AEUAbgBkAEUAbgB0AGkAdAB5AEMAbABpAGUAbgB0AEEAdQB0AGgAQwBlAHIAdABpAGYAaQBjAGEAdABlAF8AQwBTAFIAUABhAHMAcwB0AGgAcgBvAHUAZwBoAC8AVgAx"
// is the base64 encoding of the utf-16be byte representation of the string "EndEntityClientAuthCertificate_CSRPassthrough/V1"
s = L"EndEntityClientAuthCertificate_CSRPassthrough/V1";
bdTemp = CkBinDataW_Create();
CkBinDataW_AppendString(bdTemp,s,L"utf-16be");
s_base64_utf16be = CkBinDataW_getEncoded(bdTemp,L"base64");
// The string should be "AEUA....."
wprintf(L"%s\n",s_base64_utf16be);
// Here's the code to generate the above extension request.
xml = CkXmlW_Create();
CkXmlW_putTag(xml,L"set");
CkXmlW_UpdateChildContent(xml,L"sequence|sequence|oid",L"1.3.6.1.4.1.311.20.2");
CkXmlW_UpdateAttrAt(xml,L"sequence|sequence|asnOctets|universal",TRUE,L"tag",L"30");
CkXmlW_UpdateAttrAt(xml,L"sequence|sequence|asnOctets|universal",TRUE,L"constructed",L"0");
CkXmlW_UpdateChildContent(xml,L"sequence|sequence|asnOctets|universal",s_base64_utf16be);
CkXmlW_UpdateChildContent(xml,L"sequence|sequence[1]|oid",L"2.5.29.15");
CkXmlW_UpdateChildContent(xml,L"sequence|sequence[1]|bool",L"1");
CkXmlW_UpdateAttrAt(xml,L"sequence|sequence[1]|asnOctets|bits",TRUE,L"n",L"3");
// A0 is hex for decimal 160.
CkXmlW_UpdateChildContent(xml,L"sequence|sequence[1]|asnOctets|bits",L"A0");
CkXmlW_UpdateChildContent(xml,L"sequence|sequence[2]|oid",L"2.5.29.37");
CkXmlW_UpdateChildContent(xml,L"sequence|sequence[2]|asnOctets|sequence|oid",L"1.3.6.1.5.5.7.3.3");
// This is the subjectKeyIdentifier extension.
// The string "MCzBMQAViXBz8IDt8LsgmJxJ4Xg=" is base64 that decodes to 20 bytes, which is a SHA1 hash.
// This is simply a hash of the DER of the public key.
pubKey = CkPublicKeyW_Create();
CkPrivateKeyW_ToPublicKey(privKey,pubKey);
bdPubKeyDer = CkBinDataW_Create();
CkBinDataW_AppendEncoded(bdPubKeyDer,CkPublicKeyW_getEncoded(pubKey,TRUE,L"base64"),L"base64");
ski = CkBinDataW_getHash(bdPubKeyDer,L"sha1",L"base64");
CkXmlW_UpdateChildContent(xml,L"sequence|sequence[3]|oid",L"2.5.29.14");
CkXmlW_UpdateChildContent(xml,L"sequence|sequence[3]|asnOctets|octets",ski);
// Add the extension request to the CSR
CkCsrW_SetExtensionRequest(csr,xml);
// Generate the CSR with the extension request
csrPem = CkCsrW_genCsrPem(csr,privKey);
if (CkCsrW_getLastMethodSuccess(csr) == FALSE) {
wprintf(L"%s\n",CkCsrW_lastErrorText(csr));
CkEccW_Dispose(ecc);
CkPrngW_Dispose(prng);
CkPrivateKeyW_Dispose(privKey);
CkCsrW_Dispose(csr);
CkBinDataW_Dispose(bdTemp);
CkXmlW_Dispose(xml);
CkPublicKeyW_Dispose(pubKey);
CkBinDataW_Dispose(bdPubKeyDer);
return;
}
wprintf(L"%s\n",csrPem);
CkEccW_Dispose(ecc);
CkPrngW_Dispose(prng);
CkPrivateKeyW_Dispose(privKey);
CkCsrW_Dispose(csr);
CkBinDataW_Dispose(bdTemp);
CkXmlW_Dispose(xml);
CkPublicKeyW_Dispose(pubKey);
CkBinDataW_Dispose(bdPubKeyDer);
}