|
Chilkat • HOME • ASP • Visual Basic • VB.NET • C# • Visual C++ • C • MFC • Delphi • FoxPro • Java • Perl • PHP • Python • Ruby • SQL Server • VBScript
|
Secure FTP with .crt and .pvk (private key file)Chilkat FTP2 provides the ability to use a client certificate with secure FTP (implicit or explicit SSL/TLS). This example demonstrates how to load a certificate from separate .crt (or .cer) and .pvk files and use it as the client-side SSL cert. The .pvk contains the private key. The .crt/.cer file contains the PEM or DER encoded digital certificate. Note: Client-side certificates are only needed in situations where the server demands one.
#include <CkFtp2.h> #include <CkCert.h> #include <CkPrivateKey.h> #include <CkKeyContainer.h> void ChilkatSample(void) { CkFtp2 ftp; bool success; // Any string unlocks the component for the 1st 30-days. success = ftp.UnlockComponent("Anything for 30-day trial"); if (success != true) { printf("%s\n",ftp.lastErrorText()); return; } // You may use this account for testing. // This account allows for directory listings and files // to be downloaded. However, file uploads are not allowed. ftp.put_Hostname("ftp.secureftp-test.com"); ftp.put_Username("test"); ftp.put_Password("test"); // Establish an explicit secure channel after connection // on the standard FTP port 21. ftp.put_AuthTls(true); // The Ssl property is for establishing an implicit SSL connection // on port 990. Do not set it. ftp.put_Ssl(false); CkCert cert; // LoadFromFile will load either PEM and DER formatted files. // It automatically recognizes the file format based on the // file contents. success = cert.LoadFromFile("Test.crt"); if (success != true) { printf("%s\n",cert.lastErrorText()); return; } const char * password; password = "test"; CkPrivateKey pvk; success = pvk.LoadPvkFile("Test.pvk",password); if (success != true) { printf("%s\n",pvk.lastErrorText()); return; } // Import the private key to a Windows key container and link // it to the certificate. (It's OK if the key is already // imported and present in the key container...) bool bForSigning; bool bForKeyExchange; bool bMachineKeyset; bool bNeedPrivateKeyAccess; const char * keyContainerName; // Choose anything for the key container name. keyContainerName = "MyCertForFtp"; // We'll import the key to our logged-on user keyset rather // than the machine keyset: bMachineKeyset = false; bNeedPrivateKeyAccess = true; // Create a key container and import the private key. CkKeyContainer keyContainer; success = keyContainer.OpenContainer(keyContainerName,bNeedPrivateKeyAccess,bMachineKeyset); if (success != true) { success = keyContainer.CreateContainer(keyContainerName,bMachineKeyset); } if (success != true) { printf("%s\n",keyContainer.lastErrorText()); return; } // Import the private key into the key container. // We're using the key for key exchange, not signing: bForKeyExchange = false; success = keyContainer.ImportPrivateKey(pvk,bForKeyExchange); if (success != true) { printf("%s\n",keyContainer.lastErrorText()); return; } // Link the cert with the private key in the key container. bForSigning = true; success = cert.LinkPrivateKey(keyContainerName,bMachineKeyset,bForSigning); if (success != true) { printf("%s\n",cert.lastErrorText()); return; } // The cert now has access to a private key and is ready to be // used... // Use this certificate for our secure (SSL/TLS) connection: ftp.SetSslClientCert(cert); // Connect and login to the FTP server. The connection is // made secure because of the AuthTls setting. success = ftp.Connect(); if (success != true) { printf("%s\n",ftp.lastErrorText()); return; } else { // LastErrorText contains information even when // successful. This allows you to visually verify // that the secure connection actually occurred. printf("%s\n",ftp.lastErrorText()); } printf("Secure FTP Channel Established!\n"); // Do whatever you're doing to do ... // upload files, download files, etc... ftp.Disconnect(); // The LastErrorText provides a detailed log of the // SSL connection for both success and failed connections. // Here is an example of a successful connection. // The client certificate is logged as "ClientCertDN": // ChilkatLog: // Connect: // DllDate: Aug 15 2007 // Hostname: ftp.secureftp-test.com // Port: 21 // IdleTimeoutMs: 60000 // ConnectTimeout: 60 // HeartbeatMs: 0 // initialStatus: 220 // initialResponse: 220 FileZilla Server version 0.9.23 beta // converting to secure connection... // ClientCertDN: C=US, S=Illinois, L=Wheaton, O="Chilkat Software, Inc.", OU=Secure Application Development, CN="Chilkat Software, Inc." // SSL Server Certificate not verified. // ConnectionInfo: // protocol: TLS1 // cipher: RC4 // cipherStrength: 128 // hash: MD5 // hashStrength: 128 // keyExchange: RSA // keyExchangeStrength: 1024 // Secure Channel Established. // successfully converted to secure connection... // Features: 211-Features: // MDTM // REST STREAM // SIZE // MLST type*;size*;modify*; // MLSD // AUTH SSL // AUTH TLS // UTF8 // CLNT // MFMT // 211 End // Directory listings are utf-8 // Logging in... // Username: test // Login successful. // Connect successful } |
Need a specific example? Send a request to support@chilkatsoft.com
© 2000-2008 Chilkat Software, Inc. All Rights Reserved.
