![]() |
Chilkat HOME Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi DLL Go Java Node.js Objective-C PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(Delphi DLL) Duplicate openssl req -newkey rsa:2048 -nodes -keyout mydomain.pem -out mydomain.csrDemonstrates how to duplicate this OpenSSL command: openssl req -newkey rsa:2048 -nodes -keyout mydomain.pem -out mydomain.csr This command creates 2 files:
The second file is needed to pair with the certificate that will later be received from the CA. Note: This example requires Chilkat v11.0.0 or greater.
uses Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics, Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, BinData, Asn, PrivateKey, Rsa, Xml; ... procedure TForm1.Button1Click(Sender: TObject); var success: Boolean; rsa: HCkRsa; privKey: HCkPrivateKey; privKeyXml: HCkXml; keyModulus: PWideChar; asnRoot: HCkAsn; asnCertReqInfo: HCkAsn; asnCertSubject: HCkAsn; asnTemp: HCkAsn; asnPubKeyInfo: HCkAsn; asnPubKeyAlgId: HCkAsn; asnRsaKey: HCkAsn; rsaKeyDerBase64: PWideChar; bdDer: HCkBinData; bdSig: HCkBinData; asnAlgId: HCkAsn; csrBase64: PWideChar; begin success := False; // This example requires the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. rsa := CkRsa_Create(); // Generate a 2048-bit key. Chilkat RSA supports // key sizes ranging from 512 bits to 8192 bits. privKey := CkPrivateKey_Create(); success := CkRsa_GenKey(rsa,2048,privKey); if (success = False) then begin Memo1.Lines.Add(CkRsa__lastErrorText(rsa)); Exit; end; CkRsa_UsePrivateKey(rsa,privKey); // Save the private key to unencrypted PKCS8 PEM success := CkPrivateKey_SavePkcs8PemFile(privKey,'mydomain.pem'); // (alternatively) Save the private key to encrypted PKCS8 PEM success := CkPrivateKey_SavePkcs8EncryptedPemFile(privKey,'myPassword','mydomain_enc.pem'); // We'll need the private key's modulus for the CSR. // The modulus is not something that needs to be protected. Most people don't realize // that a public key is actually just a subset of the private key. The public parts of // an RSA private key are the modulus and exponent. The exponent is always 65537. privKeyXml := CkXml_Create(); success := CkXml_LoadXml(privKeyXml,CkPrivateKey__getXml(privKey)); // Get the modulus in base64 format: keyModulus := CkXml__getChildContent(privKeyXml,'Modulus'); // -------------------------------------------------------------------------------- // Now build the CSR using Chilkat's ASN.1 API. // The keyModulus will be embedded within the ASN.1. // A new ASN.1 object is automatically a SEQUENCE. // Given that the CSR's root item is a SEQUENCE, we can use // this as the root of our CSR. asnRoot := CkAsn_Create(); // Beneath the root, we have a SEQUENCE (the certificate request info), // another SEQUENCE (the algorithm identifier), and a BITSTRING (the signature data) success := CkAsn_AppendSequence(asnRoot); success := CkAsn_AppendSequence(asnRoot); // ---------------------------------- // Build the Certificate Request Info // ---------------------------------- asnCertReqInfo := CkAsn_GetSubItem(asnRoot,0); success := CkAsn_AppendInt(asnCertReqInfo,0); // Build the Subject part of the Certificate Request Info asnCertSubject := CkAsn_AppendSequenceR(asnCertReqInfo); // Add each subject part.. asnTemp := CkAsn_AppendSetR(asnCertSubject); success := CkAsn_AppendSequence2(asnTemp); // AppendSequence2 updates the internal reference to the newly appended SEQUENCE. // The OID and printable string are added to the SEQUENCE. success := CkAsn_AppendOid(asnTemp,'2.5.4.6'); success := CkAsn_AppendString(asnTemp,'printable','US'); CkAsn_Dispose(asnTemp); asnTemp := CkAsn_AppendSetR(asnCertSubject); success := CkAsn_AppendSequence2(asnTemp); success := CkAsn_AppendOid(asnTemp,'2.5.4.8'); success := CkAsn_AppendString(asnTemp,'utf8','Utah'); CkAsn_Dispose(asnTemp); asnTemp := CkAsn_AppendSetR(asnCertSubject); success := CkAsn_AppendSequence2(asnTemp); success := CkAsn_AppendOid(asnTemp,'2.5.4.7'); success := CkAsn_AppendString(asnTemp,'utf8','Lindon'); CkAsn_Dispose(asnTemp); asnTemp := CkAsn_AppendSetR(asnCertSubject); success := CkAsn_AppendSequence2(asnTemp); success := CkAsn_AppendOid(asnTemp,'2.5.4.10'); success := CkAsn_AppendString(asnTemp,'utf8','DigiCert Inc.'); CkAsn_Dispose(asnTemp); asnTemp := CkAsn_AppendSetR(asnCertSubject); success := CkAsn_AppendSequence2(asnTemp); success := CkAsn_AppendOid(asnTemp,'2.5.4.11'); success := CkAsn_AppendString(asnTemp,'utf8','DigiCert'); CkAsn_Dispose(asnTemp); asnTemp := CkAsn_AppendSetR(asnCertSubject); success := CkAsn_AppendSequence2(asnTemp); success := CkAsn_AppendOid(asnTemp,'2.5.4.3'); success := CkAsn_AppendString(asnTemp,'utf8','example.digicert.com'); CkAsn_Dispose(asnTemp); CkAsn_Dispose(asnCertSubject); // Build the Public Key Info part of the Certificate Request Info asnPubKeyInfo := CkAsn_AppendSequenceR(asnCertReqInfo); asnPubKeyAlgId := CkAsn_AppendSequenceR(asnPubKeyInfo); success := CkAsn_AppendOid(asnPubKeyAlgId,'1.2.840.113549.1.1.1'); success := CkAsn_AppendNull(asnPubKeyAlgId); CkAsn_Dispose(asnPubKeyAlgId); // The public key itself is a BIT STRING, but the bit string is composed of ASN.1 // for the RSA public key. We'll first build the RSA ASN.1 for the public key // (containing the 2048 bit modulus and exponent), and encoded it to DER, and then add // the DER bytes as a BIT STRING (as a sub-item of asnPubKeyInfo) // This is already a SEQUENCE.. asnRsaKey := CkAsn_Create(); // The RSA modulus is a big integer. success := CkAsn_AppendBigInt(asnRsaKey,keyModulus,'base64'); success := CkAsn_AppendInt(asnRsaKey,65537); rsaKeyDerBase64 := CkAsn__getEncodedDer(asnRsaKey,'base64'); // Now add the RSA key DER as a BIT STRING. success := CkAsn_AppendBits(asnPubKeyInfo,rsaKeyDerBase64,'base64'); CkAsn_Dispose(asnPubKeyInfo); // The last part of the certificate request info is an empty context-specific constructed item // with a tag equal to 0. success := CkAsn_AppendContextConstructed(asnCertReqInfo,0); // Get the DER of the asnCertReqInfo. // This will be signed using the RSA private key. bdDer := CkBinData_Create(); success := CkAsn_WriteBd(asnCertReqInfo,bdDer); // Add the signature to the ASN.1 bdSig := CkBinData_Create(); success := CkRsa_SignBd(rsa,bdDer,'SHA1',bdSig); success := CkAsn_AppendBits(asnRoot,CkBinData__getEncoded(bdSig,'base64'),'base64'); CkAsn_Dispose(asnCertReqInfo); // ---------------------------------- // Finally, add the algorithm identifier, which is the 2nd sub-item under the root. // ---------------------------------- asnAlgId := CkAsn_GetSubItem(asnRoot,1); success := CkAsn_AppendOid(asnAlgId,'1.2.840.113549.1.1.5'); success := CkAsn_AppendNull(asnAlgId); CkAsn_Dispose(asnAlgId); // Write the CSR to a DER encoded binary file: success := CkAsn_WriteBinaryDer(asnRoot,'qa_output/mydomain.csr'); if (success = False) then begin Memo1.Lines.Add(CkAsn__lastErrorText(asnRoot)); Exit; end; // It is also possible to get the CSR in base64 format: csrBase64 := CkAsn__getEncodedDer(asnRoot,'base64'); Memo1.Lines.Add('Base64 CSR:'); Memo1.Lines.Add(csrBase64); CkRsa_Dispose(rsa); CkPrivateKey_Dispose(privKey); CkXml_Dispose(privKeyXml); CkAsn_Dispose(asnRoot); CkAsn_Dispose(asnRsaKey); CkBinData_Dispose(bdDer); CkBinData_Dispose(bdSig); end; |
© 2000-2025 Chilkat Software, Inc. All Rights Reserved.