|
Chilkat • HOME • ASP • Visual Basic • VB.NET • C# • Visual C++ • C • MFC • Delphi • FoxPro • Java • Perl • PHP • Python • Ruby • SQL Server • VBScript
Secure FTP with .crt and .pvk (private key file)Chilkat FTP2 provides the ability to use a client certificate with secure FTP (implicit or explicit SSL/TLS). This example demonstrates how to load a certificate from separate .crt (or .cer) and .pvk files and use it as the client-side SSL cert. The .pvk contains the private key. The .crt/.cer file contains the PEM or DER encoded digital certificate. Note: Client-side certificates are only needed in situations where the server demands one.
#include <C_CkFtp2.h> #include <C_CkCert.h> #include <C_CkPrivateKey.h> #include <C_CkKeyContainer.h> void ChilkatSample(void) { HCkFtp2 ftp; BOOL success; HCkCert cert; const char * password; HCkPrivateKey pvk; BOOL bForSigning; BOOL bForKeyExchange; BOOL bMachineKeyset; BOOL bNeedPrivateKeyAccess; const char * keyContainerName; HCkKeyContainer keyContainer; ftp = CkFtp2_Create(); // Any string unlocks the component for the 1st 30-days. success = CkFtp2_UnlockComponent(ftp,"Anything for 30-day trial"); if (success != TRUE) { printf("%s\n",CkFtp2_lastErrorText(ftp)); return; } // You may use this account for testing. // This account allows for directory listings and files // to be downloaded. However, file uploads are not allowed. CkFtp2_putHostname(ftp,"ftp.secureftp-test.com"); CkFtp2_putUsername(ftp,"test"); CkFtp2_putPassword(ftp,"test"); // Establish an explicit secure channel after connection // on the standard FTP port 21. CkFtp2_putAuthTls(ftp,TRUE); // The Ssl property is for establishing an implicit SSL connection // on port 990. Do not set it. CkFtp2_putSsl(ftp,FALSE); cert = CkCert_Create(); // LoadFromFile will load either PEM and DER formatted files. // It automatically recognizes the file format based on the // file contents. success = CkCert_LoadFromFile(cert,"Test.crt"); if (success != TRUE) { printf("%s\n",CkCert_lastErrorText(cert)); return; } password = "test"; pvk = CkPrivateKey_Create(); success = CkPrivateKey_LoadPvkFile(pvk,"Test.pvk",password); if (success != TRUE) { printf("%s\n",CkPrivateKey_lastErrorText(pvk)); return; } // Import the private key to a Windows key container and link // it to the certificate. (It's OK if the key is already // imported and present in the key container...) // Choose anything for the key container name. keyContainerName = "MyCertForFtp"; // We'll import the key to our logged-on user keyset rather // than the machine keyset: bMachineKeyset = FALSE; bNeedPrivateKeyAccess = TRUE; // Create a key container and import the private key. keyContainer = CkKeyContainer_Create(); success = CkKeyContainer_OpenContainer(keyContainer,keyContainerName,bNeedPrivateKeyAccess,bMachineKeyset); if (success != TRUE) { success = CkKeyContainer_CreateContainer(keyContainer,keyContainerName,bMachineKeyset); } if (success != TRUE) { printf("%s\n",CkKeyContainer_lastErrorText(keyContainer)); return; } // Import the private key into the key container. // We're using the key for key exchange, not signing: bForKeyExchange = FALSE; success = CkKeyContainer_ImportPrivateKey(keyContainer,pvk,bForKeyExchange); if (success != TRUE) { printf("%s\n",CkKeyContainer_lastErrorText(keyContainer)); return; } // Link the cert with the private key in the key container. bForSigning = TRUE; success = CkCert_LinkPrivateKey(cert,keyContainerName,bMachineKeyset,bForSigning); if (success != TRUE) { printf("%s\n",CkCert_lastErrorText(cert)); return; } // The cert now has access to a private key and is ready to be // used... // Use this certificate for our secure (SSL/TLS) connection: CkFtp2_SetSslClientCert(ftp,cert); // Connect and login to the FTP server. The connection is // made secure because of the AuthTls setting. success = CkFtp2_Connect(ftp); if (success != TRUE) { printf("%s\n",CkFtp2_lastErrorText(ftp)); return; } else { // LastErrorText contains information even when // successful. This allows you to visually verify // that the secure connection actually occurred. printf("%s\n",CkFtp2_lastErrorText(ftp)); } printf("Secure FTP Channel Established!\n"); // Do whatever you're doing to do ... // upload files, download files, etc... CkFtp2_Disconnect(ftp); // The LastErrorText provides a detailed log of the // SSL connection for both success and failed connections. // Here is an example of a successful connection. // The client certificate is logged as "ClientCertDN": // ChilkatLog: // Connect: // DllDate: Aug 15 2007 // Hostname: ftp.secureftp-test.com // Port: 21 // IdleTimeoutMs: 60000 // ConnectTimeout: 60 // HeartbeatMs: 0 // initialStatus: 220 // initialResponse: 220 FileZilla Server version 0.9.23 beta // converting to secure connection... // ClientCertDN: C=US, S=Illinois, L=Wheaton, O="Chilkat Software, Inc.", OU=Secure Application Development, CN="Chilkat Software, Inc." // SSL Server Certificate not verified. // ConnectionInfo: // protocol: TLS1 // cipher: RC4 // cipherStrength: 128 // hash: MD5 // hashStrength: 128 // keyExchange: RSA // keyExchangeStrength: 1024 // Secure Channel Established. // successfully converted to secure connection... // Features: 211-Features: // MDTM // REST STREAM // SIZE // MLST type*;size*;modify*; // MLSD // AUTH SSL // AUTH TLS // UTF8 // CLNT // MFMT // 211 End // Directory listings are utf-8 // Logging in... // Username: test // Login successful. // Connect successful CkFtp2_Dispose(ftp); CkCert_Dispose(cert); CkPrivateKey_Dispose(pvk); CkKeyContainer_Dispose(keyContainer); } |
Need a specific example? Send a request to support@chilkatsoft.com
© 2000-2008 Chilkat Software, Inc. All Rights Reserved.
