|
Chilkat • HOME • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi DLL • Go • Java • Node.js • Objective-C • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(VB.NET) Rewrite PFX using AES256-SHA256Demonstrates how to load a .pfx/.p12, examine the encryption algorithm used, and rewrite using aes256-sha256. Note: This example requires Chilkat v11.0.0 or greater.
Dim success As Boolean = False Dim pfx As New Chilkat.Pfx ' Let's load a .pfx and examine the encryption algorithms used to protect the private key: success = pfx.LoadPfxFile("qa_data/pfx/test_secret.pfx","secret") If (success = False) Then Debug.WriteLine(pfx.LastErrorText) Exit Sub End If ' Examine the algorithms: ' "pbeWithSHAAnd3_KeyTripleDES_CBC" or "pbes2"? Debug.WriteLine("Algorithm: " & pfx.AlgorithmId) ' If the algorithm is "pbes2" then examine the actual encryption and HMAC algorithms used within pbes2. ' (If the algorithm is NOT "pbes2", then the following properties are meaningless and will not be modified from their previous values prior to loading the PFX.) Debug.WriteLine("Pbes2CryptAlg: " & pfx.Pbes2CryptAlg) Debug.WriteLine("Pbes2HmacAlg: " & pfx.Pbes2HmacAlg) ' Our output so far: ' Algorithm: pbeWithSHAAnd3_KeyTripleDES_CBC ' Pbes2CryptAlg: aes256-cbc ' Pbes2HmacAlg: hmacWithSha256 ' This tells us that the PFX we loaded was protected using triple-DES with SHA1. ' (Most existing .pfx/.p12 files use 3DES w/ SHA1.) ' The Pbes2CryptAlg and Pbes2HmacAlg properties do not apply here because the AlgorithmId is not equal to "pbes2". We can ignore those values. ' Examine the last JSON data collected in the call to LoadPfxFile. This gives us information about what is contained in the PFX, including extended attributes. Dim json As New Chilkat.JsonObject pfx.GetLastJsonData(json) json.EmitCompact = False Debug.WriteLine(json.Emit()) ' Sample output ' Use this online tool to generate parsing code from sample JSON: ' Generate Parsing Code from JSON ' { ' "authenticatedSafe": { ' "contentInfo": [ ' { ' "type": "Data", ' "safeBag": [ ' { ' "type": "pkcs8ShroudedKeyBag", ' "attrs": { ' "localKeyId": "16444216", ' "keyContainerName": "{F09B755A-1E90-444D-9851-02B86CA14961}", ' "msStorageProvider": "Microsoft Enhanced Cryptographic Provider v1.0" ' } ' } ' ] ' }, ' { ' "type": "EncryptedData", ' "safeBag": [ ' { ' "type": "certBag", ' "attrs": { ' "localKeyId": "16444216" ' }, ' "subject": "....", ' "serialNumber": "9999999999999999999999999999" ' }, ' { ' "type": "certBag", ' "attrs": { ' "authRootSha256Hash": "0vkOXTXKxNQffUTOZq/4heGBX7M5GFhTqH5mwFyb7x4=", ' "friendlyName": "XYZ", ' "enhKeyUsage": [ ' { ' "oid": "1.3.6.1.5.5.7.3.2", ' "usage": "clientAuth" ' }, ' { ' "oid": "1.3.6.1.5.5.7.3.4", ' "usage": "emailProtection" ' }, ' { ' "oid": "1.3.6.1.5.5.7.3.3", ' "usage": "codeSigning" ' }, ' { ' "oid": "1.3.6.1.5.5.7.3.8", ' "usage": "timeStamping" ' }, ' { ' "oid": "1.3.6.1.4.1.311.10.3.4", ' "usage": "encryptedFileSystem" ' }, ' { ' "oid": "1.3.6.1.5.5.8.2.2", ' "usage": "iKEIntermediate" ' }, ' ' { ' "oid": "1.3.6.1.5.5.7.3.6", ' "usage": "ipsecTunnel" ' }, ' { ' "oid": "1.3.6.1.5.5.7.3.7", ' "usage": "ipsecUser" ' }, ' { ' "oid": "1.3.6.1.5.5.7.3.5", ' "usage": "ipsecEndSystem" ' } ' ] ' }, ' "subject": "...", ' "serialNumber": "8888888888888888888888888888" ' }, ' { ' "type": "certBag", ' "subject": "...", ' "serialNumber": "777777777777777777777777777" ' } ' ] ' } ' ] ' } ' } ' ------------------------------------------------------------------------------------------ ' OK... now let's change the AlgorithmId to "pbes2" pfx.AlgorithmId = "pbes2" ' We already know from above that the PBES2 crypt and HMAC algorithms are "aes256-cbc" and "hmacWithSha256". ' Let's set them anyway just for the example... pfx.Pbes2CryptAlg = "aes256-cbc" pfx.Pbes2HmacAlg = "hmacWithSha256" ' Rewrite the PFX using pbes2/aes256 + sha256 success = pfx.ToFile("secret","qa_output/test_secret_aes256.pfx") If (success = False) Then Debug.WriteLine(pfx.LastErrorText) Exit Sub End If Debug.WriteLine("Success.") |
||||
© 2000-2025 Chilkat Software, Inc. All Rights Reserved.