(Unicode C) Export a Private Key from an MS Storage Provider

Demonstrates how to export a private key from a Microsoft Storage Provider.

Note: This example requires Chilkat v9.5.0.83 or greater.

Chilkat C/C++ Library Downloads
MS Visual C/C++ Linux/CentOS C/C++ Alpine Linux C/C++ MAC OS X C/C++	armhf/aarch64 C/C++ C++ Builder iOS C/C++ Android C/C++	Solaris C/C++ MinGW C/C++

#include <C_CkCertW.h>
#include <C_CkPrivateKeyW.h>
#include <C_CkKeyContainerW.h>

void ChilkatSample(void)
    {
    HCkCertW cert;
    BOOL success;
    HCkPrivateKeyW privKey;
    const wchar_t *storageProvider;
    const wchar_t *keyName;
    HCkKeyContainerW keyCon;
    HCkPrivateKeyW privKey2;
    BOOL silentFlag;

    // This example requires Chilkat v9.5.0.83 or greater.

    // We'll export a certificate's private key from the MS storage provider.
    // It is assumed the certificate + private key is already installed on the Windows system.
    // The export does not remove the key from the Windows storage provider.

    // First, let's get a certificate in one of the many ways we can do it.
    // (I ran certmgr.msc, opened a certificate, and noted it's thumbprint.)
    cert = CkCertW_Create();
    success = CkCertW_LoadByThumbprint(cert,L"ea5a129c1919a52d238ee28d9f3a8f345b768388",L"hex");
    if (success == FALSE) {
        wprintf(L"%s\n",CkCertW_lastErrorText(cert));
        CkCertW_Dispose(cert);
        return;
    }

    wprintf(L"Found: %s\n",CkCertW_subjectDN(cert));

    // First export the private key the easy way.
    privKey = CkCertW_ExportPrivateKey(cert);
    if (CkCertW_getLastMethodSuccess(cert) == FALSE) {
        wprintf(L"%s\n",CkCertW_lastErrorText(cert));
        CkCertW_Dispose(cert);
        return;
    }

    // OK.. we have the private key.  Do whatever we want with it..

    CkPrivateKeyW_Dispose(privKey);

    // -------------------------------------------------------------
    // Now let's export in a more roundabout way by getting information about the 
    // storage provider and key name and then we'll export completely independent
    // of the certificate.
    // 
    // Remember: The private key is not contained within the certificate.  An X.509 certificate
    // embeds the public key, but the counterpart private key is stored elsewhere, such
    // as in a .pfx/.p12, or as in this case, in the Windows "protected store", or perhaps on
    // a smartcard or hardware token.  (But a private key stored on a smartcard or token cannot
    // be exported.  It must remain on the hardware.)
    // 

    storageProvider = CkCertW_cspName(cert);
    keyName = CkCertW_keyContainerName(cert);

    wprintf(L"Information about the certificate's private key:\n");
    wprintf(L"Storage Provider: %s\n",storageProvider);
    wprintf(L"Key Name: %s\n",keyName);

    // Export using just the name of the storage provider and key.
    keyCon = CkKeyContainerW_Create();
    privKey2 = CkPrivateKeyW_Create();
    silentFlag = FALSE;
    success = CkKeyContainerW_ExportKey(keyCon,keyName,storageProvider,silentFlag,privKey2);
    if (success == FALSE) {
        wprintf(L"%s\n",CkKeyContainerW_lastErrorText(keyCon));
        CkCertW_Dispose(cert);
        CkKeyContainerW_Dispose(keyCon);
        CkPrivateKeyW_Dispose(privKey2);
        return;
    }

    // OK.. we have the private key in privKey2.  Do whatever we want with it..
    // Perhaps we save as encrypted PKCS8 PEM.
    success = CkPrivateKeyW_SavePkcs8EncryptedPemFile(privKey2,L"myPassword",L"qa_output/privKey2.pem");
    if (success == FALSE) {
        wprintf(L"%s\n",CkPrivateKeyW_lastErrorText(privKey2));
        CkCertW_Dispose(cert);
        CkKeyContainerW_Dispose(keyCon);
        CkPrivateKeyW_Dispose(privKey2);
        return;
    }

    wprintf(L"Success.\n");


    CkCertW_Dispose(cert);
    CkKeyContainerW_Dispose(keyCon);
    CkPrivateKeyW_Dispose(privKey2);

    }