Sample code for 30+ languages & platforms
Visual FoxPro

Set .pfx/.p12 Safe Bag Attributes

See more PFX/P12 Examples

Demonstrates how to set safebag attributes in a .pfx/.p12. This example creates a .pfx from a .pem containing a private key and certificates, but also sets PFX safebag attributes before writing the .pfx.

Chilkat Visual FoxPro Downloads

Visual FoxPro
LOCAL lnSuccess
LOCAL loPfx
LOCAL loSbPem
LOCAL lcPassword
LOCAL lnForPrivateKey
LOCAL lnKeyIdx
LOCAL lnCertIdx
LOCAL loPfx2
LOCAL loJson

lnSuccess = 0

* We have a PEM containing one private key, and two certificates:
* The private key is an ECDSA private key.
* The private key is associated with the 1st certificate.
* The 2nd certificate is the issuer of the 1st certificate.

* -----BEGIN PRIVATE KEY-----
* ME0CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEMzAxAgEBBCDgAn4Dal+0iEhIsYBk
* 6SdSR344vyj0suhOIxsjmM19s6AKBggqhkjOPQMBBw==
* -----END PRIVATE KEY-----
* -----BEGIN CERTIFICATE-----
* MIIBXzCCAQSgAwIBAgIUGp2obfF61BG7QTsqpyT+VvxxJC0wCgYIKoZIzj0EAwIw
* DTELMAkGA1UEAwwCQ0EwHhcNMjAwMzI5MTU1MTEwWhcNMzAwMzI3MTU1MTEwWjAN
* MQswCQYDVQQDDAJFRTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEil+DhBUss8
* kMCjEWvZHA+jdy1mQ76a2HFd+5p+AcFGQxNeG8/HXZax7FFzcrczWrli25R8P8j1
* cqhwPY4HtwujQjBAMB0GA1UdDgQWBBTenwm6x4A4W5BzZ2OckKA2IFtPSTAfBgNV
* HSMEGDAWgBTx1U/gWiRhAASl6FV04DxP3XmcazAKBggqhkjOPQQDAgNJADBGAiEA
* rkqbz5t1M/CjqXSKE5ebBLQ3npF+q7GRC8C2ovDi/xoCIQDGve7OP/ppIDcCNonr
* +WSRf5M/6Wvw1lnEsAXf3nLTeQ==
* -----END CERTIFICATE-----
* -----BEGIN CERTIFICATE-----
* MIIBcDCCARWgAwIBAgIUAnQiKKy/PdLnH0A6vYKBq21w1JAwCgYIKoZIzj0EAwIw
* DTELMAkGA1UEAwwCQ0EwHhcNMjAwMzI5MTU1MTEwWhcNMzAwMzI3MTU1MTEwWjAN
* MQswCQYDVQQDDAJDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPB6yVvqt8cL
* EneRtnjoi87H0ATi+JP1w2qkz4GLOaPtFxAnV0LdQCuN91SGbAlKrSkhFyWWimjh
* Rqe9+b/1WCijUzBRMB0GA1UdDgQWBBTx1U/gWiRhAASl6FV04DxP3XmcazAfBgNV
* HSMEGDAWgBTx1U/gWiRhAASl6FV04DxP3XmcazAPBgNVHRMBAf8EBTADAQH/MAoG
* CCqGSM49BAMCA0kAMEYCIQCcIfssfrOruVYvqhxbLGeyc5ppEX53zUU35wIE2t7C
* fAIhAKhOTEvN+pdEn+cNwW3AEi7D08ZUQx3P80i4EnFPs0OQ
* -----END CERTIFICATE-----

loPfx = CreateObject('Chilkat.Pfx')
loSbPem = CreateObject('Chilkat.StringBuilder')
lnSuccess = loSbPem.LoadFile("qa_data/pfx/test_ecdsa.pem","utf-8")
IF (lnSuccess = 0) THEN
    ? "Failed to load the PEM file."
    RELEASE loPfx
    RELEASE loSbPem
    CANCEL
ENDIF

* The PEM in this example is unencrypted.  There is no password.
lcPassword = ""
lnSuccess = loPfx.LoadPem(loSbPem.GetAsString(),lcPassword)
IF (lnSuccess = 0) THEN
    ? loPfx.LastErrorText
    RELEASE loPfx
    RELEASE loSbPem
    CANCEL
ENDIF

* Let's add some safebag attributes for the private key...
lnForPrivateKey = 1
lnKeyIdx = 0
lnSuccess = loPfx.SetSafeBagAttr(lnForPrivateKey,lnKeyIdx,"localKeyId","16777216","decimal")
IF (lnSuccess = 0) THEN
    ? loPfx.LastErrorText
    RELEASE loPfx
    RELEASE loSbPem
    CANCEL
ENDIF

lnSuccess = loPfx.SetSafeBagAttr(lnForPrivateKey,lnKeyIdx,"keyContainerName","{B99EB9E7-6AF7-42AF-A43A-D4B2225B7605}","ascii")
IF (lnSuccess = 0) THEN
    ? loPfx.LastErrorText
    RELEASE loPfx
    RELEASE loSbPem
    CANCEL
ENDIF

lnSuccess = loPfx.SetSafeBagAttr(lnForPrivateKey,lnKeyIdx,"storageProvider","Microsoft Software Key Storage Provider","ascii")
IF (lnSuccess = 0) THEN
    ? loPfx.LastErrorText
    RELEASE loPfx
    RELEASE loSbPem
    CANCEL
ENDIF

* Add the localKeyId safebag attribute to the 1st certificate.
lnForPrivateKey = 0
lnCertIdx = 0
lnSuccess = loPfx.SetSafeBagAttr(lnForPrivateKey,lnCertIdx,"localKeyId","16777216","decimal")
IF (lnSuccess = 0) THEN
    ? loPfx.LastErrorText
    RELEASE loPfx
    RELEASE loSbPem
    CANCEL
ENDIF

* Write the pfx.
lnSuccess = loPfx.ToFile("secret","qa_output/ee.pfx")
IF (lnSuccess = 0) THEN
    ? loPfx.LastErrorText
    RELEASE loPfx
    RELEASE loSbPem
    CANCEL
ENDIF

* Let's load the .pfx we just wrote to see if the safebag attributes exist.
loPfx2 = CreateObject('Chilkat.Pfx')
lnSuccess = loPfx2.LoadPfxFile("qa_output/ee.pfx","secret")
IF (lnSuccess = 0) THEN
    ? loPfx2.LastErrorText
    RELEASE loPfx
    RELEASE loSbPem
    RELEASE loPfx2
    CANCEL
ENDIF

* Information about the contents of the PFX was collected in the call to LoadPfxFile.
loJson = CreateObject('Chilkat.JsonObject')
loPfx2.GetLastJsonData(loJson)

loJson.EmitCompact = 0
? loJson.Emit()

* Shows what's in the PFX just loaded:

* {
*   "authenticatedSafe": {
*     "contentInfo": [
*       {
*         "type": "Data",
*         "safeBag": [
*           {
*             "type": "pkcs8ShroudedKeyBag",
*             "attrs": {
*               "keyContainerName": "{B99EB9E7-6AF7-42AF-A43A-D4B2225B7605}",
*               "msStorageProvider": "Microsoft Software Key Storage Provider",
*               "localKeyId": "16777216"
*             }
*           }
*         ]
*       },
*       {
*         "type": "EncryptedData",
*         "safeBag": [
*           {
*             "type": "certBag",
*             "attrs": {
*               "localKeyId": "16777216"
*             },
*             "subject": "EE",
*             "serialNumber": "1a9da86df17ad411bb413b2aa724fe56fc71242d"
*           },
*           {
*             "type": "certBag",
*             "subject": "CA",
*             "serialNumber": "02742228acbf3dd2e71f403abd8281ab6d70d490"
*           }
*         ]
*       }
*     ]
*   }
* }

RELEASE loPfx
RELEASE loSbPem
RELEASE loPfx2
RELEASE loJson