Sample code for 30+ languages & platforms
Unicode C++

Set .pfx/.p12 Safe Bag Attributes

See more PFX/P12 Examples

Demonstrates how to set safebag attributes in a .pfx/.p12. This example creates a .pfx from a .pem containing a private key and certificates, but also sets PFX safebag attributes before writing the .pfx.

Chilkat Unicode C++ Downloads

Unicode C++
#include <CkPfxW.h>
#include <CkStringBuilderW.h>
#include <CkJsonObjectW.h>

void ChilkatSample(void)
    {
    bool success = false;

    // We have a PEM containing one private key, and two certificates:
    // The private key is an ECDSA private key.
    // The private key is associated with the 1st certificate.
    // The 2nd certificate is the issuer of the 1st certificate.

    // -----BEGIN PRIVATE KEY-----
    // ME0CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEMzAxAgEBBCDgAn4Dal+0iEhIsYBk
    // 6SdSR344vyj0suhOIxsjmM19s6AKBggqhkjOPQMBBw==
    // -----END PRIVATE KEY-----
    // -----BEGIN CERTIFICATE-----
    // MIIBXzCCAQSgAwIBAgIUGp2obfF61BG7QTsqpyT+VvxxJC0wCgYIKoZIzj0EAwIw
    // DTELMAkGA1UEAwwCQ0EwHhcNMjAwMzI5MTU1MTEwWhcNMzAwMzI3MTU1MTEwWjAN
    // MQswCQYDVQQDDAJFRTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEil+DhBUss8
    // kMCjEWvZHA+jdy1mQ76a2HFd+5p+AcFGQxNeG8/HXZax7FFzcrczWrli25R8P8j1
    // cqhwPY4HtwujQjBAMB0GA1UdDgQWBBTenwm6x4A4W5BzZ2OckKA2IFtPSTAfBgNV
    // HSMEGDAWgBTx1U/gWiRhAASl6FV04DxP3XmcazAKBggqhkjOPQQDAgNJADBGAiEA
    // rkqbz5t1M/CjqXSKE5ebBLQ3npF+q7GRC8C2ovDi/xoCIQDGve7OP/ppIDcCNonr
    // +WSRf5M/6Wvw1lnEsAXf3nLTeQ==
    // -----END CERTIFICATE-----
    // -----BEGIN CERTIFICATE-----
    // MIIBcDCCARWgAwIBAgIUAnQiKKy/PdLnH0A6vYKBq21w1JAwCgYIKoZIzj0EAwIw
    // DTELMAkGA1UEAwwCQ0EwHhcNMjAwMzI5MTU1MTEwWhcNMzAwMzI3MTU1MTEwWjAN
    // MQswCQYDVQQDDAJDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPB6yVvqt8cL
    // EneRtnjoi87H0ATi+JP1w2qkz4GLOaPtFxAnV0LdQCuN91SGbAlKrSkhFyWWimjh
    // Rqe9+b/1WCijUzBRMB0GA1UdDgQWBBTx1U/gWiRhAASl6FV04DxP3XmcazAfBgNV
    // HSMEGDAWgBTx1U/gWiRhAASl6FV04DxP3XmcazAPBgNVHRMBAf8EBTADAQH/MAoG
    // CCqGSM49BAMCA0kAMEYCIQCcIfssfrOruVYvqhxbLGeyc5ppEX53zUU35wIE2t7C
    // fAIhAKhOTEvN+pdEn+cNwW3AEi7D08ZUQx3P80i4EnFPs0OQ
    // -----END CERTIFICATE-----

    CkPfxW pfx;
    CkStringBuilderW sbPem;
    success = sbPem.LoadFile(L"qa_data/pfx/test_ecdsa.pem",L"utf-8");
    if (success == false) {
        wprintf(L"Failed to load the PEM file.\n");
        return;
    }

    // The PEM in this example is unencrypted.  There is no password.
    const wchar_t *password = L"";
    success = pfx.LoadPem(sbPem.getAsString(),password);
    if (success == false) {
        wprintf(L"%s\n",pfx.lastErrorText());
        return;
    }

    // Let's add some safebag attributes for the private key...
    bool forPrivateKey = true;
    int keyIdx = 0;
    success = pfx.SetSafeBagAttr(forPrivateKey,keyIdx,L"localKeyId",L"16777216",L"decimal");
    if (success == false) {
        wprintf(L"%s\n",pfx.lastErrorText());
        return;
    }

    success = pfx.SetSafeBagAttr(forPrivateKey,keyIdx,L"keyContainerName",L"{B99EB9E7-6AF7-42AF-A43A-D4B2225B7605}",L"ascii");
    if (success == false) {
        wprintf(L"%s\n",pfx.lastErrorText());
        return;
    }

    success = pfx.SetSafeBagAttr(forPrivateKey,keyIdx,L"storageProvider",L"Microsoft Software Key Storage Provider",L"ascii");
    if (success == false) {
        wprintf(L"%s\n",pfx.lastErrorText());
        return;
    }

    // Add the localKeyId safebag attribute to the 1st certificate.
    forPrivateKey = false;
    int certIdx = 0;
    success = pfx.SetSafeBagAttr(forPrivateKey,certIdx,L"localKeyId",L"16777216",L"decimal");
    if (success == false) {
        wprintf(L"%s\n",pfx.lastErrorText());
        return;
    }

    // Write the pfx.
    success = pfx.ToFile(L"secret",L"qa_output/ee.pfx");
    if (success == false) {
        wprintf(L"%s\n",pfx.lastErrorText());
        return;
    }

    // Let's load the .pfx we just wrote to see if the safebag attributes exist.
    CkPfxW pfx2;
    success = pfx2.LoadPfxFile(L"qa_output/ee.pfx",L"secret");
    if (success == false) {
        wprintf(L"%s\n",pfx2.lastErrorText());
        return;
    }

    // Information about the contents of the PFX was collected in the call to LoadPfxFile.
    CkJsonObjectW json;
    pfx2.GetLastJsonData(json);

    json.put_EmitCompact(false);
    wprintf(L"%s\n",json.emit());

    // Shows what's in the PFX just loaded:

    // {
    //   "authenticatedSafe": {
    //     "contentInfo": [
    //       {
    //         "type": "Data",
    //         "safeBag": [
    //           {
    //             "type": "pkcs8ShroudedKeyBag",
    //             "attrs": {
    //               "keyContainerName": "{B99EB9E7-6AF7-42AF-A43A-D4B2225B7605}",
    //               "msStorageProvider": "Microsoft Software Key Storage Provider",
    //               "localKeyId": "16777216"
    //             }
    //           }
    //         ]
    //       },
    //       {
    //         "type": "EncryptedData",
    //         "safeBag": [
    //           {
    //             "type": "certBag",
    //             "attrs": {
    //               "localKeyId": "16777216"
    //             },
    //             "subject": "EE",
    //             "serialNumber": "1a9da86df17ad411bb413b2aa724fe56fc71242d"
    //           },
    //           {
    //             "type": "certBag",
    //             "subject": "CA",
    //             "serialNumber": "02742228acbf3dd2e71f403abd8281ab6d70d490"
    //           }
    //         ]
    //       }
    //     ]
    //   }
    // }
    }