Unicode C
Unicode C
Set .pfx/.p12 Safe Bag Attributes
See more PFX/P12 Examples
Demonstrates how to set safebag attributes in a .pfx/.p12. This example creates a .pfx from a .pem containing a private key and certificates, but also sets PFX safebag attributes before writing the .pfx.Chilkat Unicode C Downloads
#include <C_CkPfxW.h>
#include <C_CkStringBuilderW.h>
#include <C_CkJsonObjectW.h>
void ChilkatSample(void)
{
BOOL success;
HCkPfxW pfx;
HCkStringBuilderW sbPem;
const wchar_t *password;
BOOL forPrivateKey;
int keyIdx;
int certIdx;
HCkPfxW pfx2;
HCkJsonObjectW json;
success = FALSE;
// We have a PEM containing one private key, and two certificates:
// The private key is an ECDSA private key.
// The private key is associated with the 1st certificate.
// The 2nd certificate is the issuer of the 1st certificate.
// -----BEGIN PRIVATE KEY-----
// ME0CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEMzAxAgEBBCDgAn4Dal+0iEhIsYBk
// 6SdSR344vyj0suhOIxsjmM19s6AKBggqhkjOPQMBBw==
// -----END PRIVATE KEY-----
// -----BEGIN CERTIFICATE-----
// MIIBXzCCAQSgAwIBAgIUGp2obfF61BG7QTsqpyT+VvxxJC0wCgYIKoZIzj0EAwIw
// DTELMAkGA1UEAwwCQ0EwHhcNMjAwMzI5MTU1MTEwWhcNMzAwMzI3MTU1MTEwWjAN
// MQswCQYDVQQDDAJFRTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEil+DhBUss8
// kMCjEWvZHA+jdy1mQ76a2HFd+5p+AcFGQxNeG8/HXZax7FFzcrczWrli25R8P8j1
// cqhwPY4HtwujQjBAMB0GA1UdDgQWBBTenwm6x4A4W5BzZ2OckKA2IFtPSTAfBgNV
// HSMEGDAWgBTx1U/gWiRhAASl6FV04DxP3XmcazAKBggqhkjOPQQDAgNJADBGAiEA
// rkqbz5t1M/CjqXSKE5ebBLQ3npF+q7GRC8C2ovDi/xoCIQDGve7OP/ppIDcCNonr
// +WSRf5M/6Wvw1lnEsAXf3nLTeQ==
// -----END CERTIFICATE-----
// -----BEGIN CERTIFICATE-----
// MIIBcDCCARWgAwIBAgIUAnQiKKy/PdLnH0A6vYKBq21w1JAwCgYIKoZIzj0EAwIw
// DTELMAkGA1UEAwwCQ0EwHhcNMjAwMzI5MTU1MTEwWhcNMzAwMzI3MTU1MTEwWjAN
// MQswCQYDVQQDDAJDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPB6yVvqt8cL
// EneRtnjoi87H0ATi+JP1w2qkz4GLOaPtFxAnV0LdQCuN91SGbAlKrSkhFyWWimjh
// Rqe9+b/1WCijUzBRMB0GA1UdDgQWBBTx1U/gWiRhAASl6FV04DxP3XmcazAfBgNV
// HSMEGDAWgBTx1U/gWiRhAASl6FV04DxP3XmcazAPBgNVHRMBAf8EBTADAQH/MAoG
// CCqGSM49BAMCA0kAMEYCIQCcIfssfrOruVYvqhxbLGeyc5ppEX53zUU35wIE2t7C
// fAIhAKhOTEvN+pdEn+cNwW3AEi7D08ZUQx3P80i4EnFPs0OQ
// -----END CERTIFICATE-----
pfx = CkPfxW_Create();
sbPem = CkStringBuilderW_Create();
success = CkStringBuilderW_LoadFile(sbPem,L"qa_data/pfx/test_ecdsa.pem",L"utf-8");
if (success == FALSE) {
wprintf(L"Failed to load the PEM file.\n");
CkPfxW_Dispose(pfx);
CkStringBuilderW_Dispose(sbPem);
return;
}
// The PEM in this example is unencrypted. There is no password.
password = L"";
success = CkPfxW_LoadPem(pfx,CkStringBuilderW_getAsString(sbPem),password);
if (success == FALSE) {
wprintf(L"%s\n",CkPfxW_lastErrorText(pfx));
CkPfxW_Dispose(pfx);
CkStringBuilderW_Dispose(sbPem);
return;
}
// Let's add some safebag attributes for the private key...
forPrivateKey = TRUE;
keyIdx = 0;
success = CkPfxW_SetSafeBagAttr(pfx,forPrivateKey,keyIdx,L"localKeyId",L"16777216",L"decimal");
if (success == FALSE) {
wprintf(L"%s\n",CkPfxW_lastErrorText(pfx));
CkPfxW_Dispose(pfx);
CkStringBuilderW_Dispose(sbPem);
return;
}
success = CkPfxW_SetSafeBagAttr(pfx,forPrivateKey,keyIdx,L"keyContainerName",L"{B99EB9E7-6AF7-42AF-A43A-D4B2225B7605}",L"ascii");
if (success == FALSE) {
wprintf(L"%s\n",CkPfxW_lastErrorText(pfx));
CkPfxW_Dispose(pfx);
CkStringBuilderW_Dispose(sbPem);
return;
}
success = CkPfxW_SetSafeBagAttr(pfx,forPrivateKey,keyIdx,L"storageProvider",L"Microsoft Software Key Storage Provider",L"ascii");
if (success == FALSE) {
wprintf(L"%s\n",CkPfxW_lastErrorText(pfx));
CkPfxW_Dispose(pfx);
CkStringBuilderW_Dispose(sbPem);
return;
}
// Add the localKeyId safebag attribute to the 1st certificate.
forPrivateKey = FALSE;
certIdx = 0;
success = CkPfxW_SetSafeBagAttr(pfx,forPrivateKey,certIdx,L"localKeyId",L"16777216",L"decimal");
if (success == FALSE) {
wprintf(L"%s\n",CkPfxW_lastErrorText(pfx));
CkPfxW_Dispose(pfx);
CkStringBuilderW_Dispose(sbPem);
return;
}
// Write the pfx.
success = CkPfxW_ToFile(pfx,L"secret",L"qa_output/ee.pfx");
if (success == FALSE) {
wprintf(L"%s\n",CkPfxW_lastErrorText(pfx));
CkPfxW_Dispose(pfx);
CkStringBuilderW_Dispose(sbPem);
return;
}
// Let's load the .pfx we just wrote to see if the safebag attributes exist.
pfx2 = CkPfxW_Create();
success = CkPfxW_LoadPfxFile(pfx2,L"qa_output/ee.pfx",L"secret");
if (success == FALSE) {
wprintf(L"%s\n",CkPfxW_lastErrorText(pfx2));
CkPfxW_Dispose(pfx);
CkStringBuilderW_Dispose(sbPem);
CkPfxW_Dispose(pfx2);
return;
}
// Information about the contents of the PFX was collected in the call to LoadPfxFile.
json = CkJsonObjectW_Create();
CkPfxW_GetLastJsonData(pfx2,json);
CkJsonObjectW_putEmitCompact(json,FALSE);
wprintf(L"%s\n",CkJsonObjectW_emit(json));
// Shows what's in the PFX just loaded:
// {
// "authenticatedSafe": {
// "contentInfo": [
// {
// "type": "Data",
// "safeBag": [
// {
// "type": "pkcs8ShroudedKeyBag",
// "attrs": {
// "keyContainerName": "{B99EB9E7-6AF7-42AF-A43A-D4B2225B7605}",
// "msStorageProvider": "Microsoft Software Key Storage Provider",
// "localKeyId": "16777216"
// }
// }
// ]
// },
// {
// "type": "EncryptedData",
// "safeBag": [
// {
// "type": "certBag",
// "attrs": {
// "localKeyId": "16777216"
// },
// "subject": "EE",
// "serialNumber": "1a9da86df17ad411bb413b2aa724fe56fc71242d"
// },
// {
// "type": "certBag",
// "subject": "CA",
// "serialNumber": "02742228acbf3dd2e71f403abd8281ab6d70d490"
// }
// ]
// }
// ]
// }
// }
CkPfxW_Dispose(pfx);
CkStringBuilderW_Dispose(sbPem);
CkPfxW_Dispose(pfx2);
CkJsonObjectW_Dispose(json);
}