Pascal (Lazarus/Delphi)
Pascal (Lazarus/Delphi)
Generate a CSR with keyUsage, extKeyUsage, and other Extensions
See more CSR Examples
Demonstrates how to generate a CSR containing a 1.2.840.113549.1.9.14 extensionRequest with the following extensions:- 1.3.6.1.4.1.311.20.2 enrollCerttypeExtension
- 2.5.29.15 keyUsage
- 2.5.29.37 extKeyUsage
- 2.5.29.14 subjectKeyIdentifier
Chilkat Pascal (Lazarus/Delphi) Downloads
program ChilkatDemo;
// Demonstrates using the Chilkat Pascal wrapper via the C bridge DLL.
// Builds as a console application under Lazarus (FPC) or Delphi.
{$IFDEF FPC}
{$MODE DELPHI}
{$ENDIF}
{$APPTYPE CONSOLE}
uses
{$IFDEF UNIX}
cthreads,
{$ENDIF}
SysUtils,
CkDllLoader,
Chilkat.Xml,
Chilkat.Csr,
Chilkat.BinData,
Chilkat.PrivateKey,
Chilkat.PublicKey,
Chilkat.Prng,
Chilkat.Ecc;
// ---------------------------------------------------------------------------
procedure RunDemo;
var
success: Boolean;
ecc: TEcc;
prng: TPrng;
privKey: TPrivateKey;
csr: TCsr;
s: string;
bdTemp: TBinData;
s_base64_utf16be: string;
xml: TXml;
pubKey: TPublicKey;
bdPubKeyDer: TBinData;
ski: string;
csrPem: string;
begin
success := False;
// This requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// This example will generate a secp256r1 ECDSA key for the CSR.
ecc := TEcc.Create;
prng := TPrng.Create;
privKey := TPrivateKey.Create;
success := ecc.GenKey('secp256r1',prng,privKey);
if (success = False) then
begin
WriteLn('Failed to generate a new ECDSA private key.');
Exit;
end;
csr := TCsr.Create;
// Add common CSR fields:
csr.CommonName := 'mysubdomain.mydomain.com';
csr.Country := 'GB';
csr.State := 'Yorks';
csr.Locality := 'York';
csr.Company := 'Internet Widgits Pty Ltd';
csr.EmailAddress := 'support@mydomain.com';
// Add the following 1.2.840.113549.1.9.14 extensionRequest
// Note: The easiest way to know the content and format of the XML to be added is to examine
// a pre-existing CSR with the same desired extensionRequest. You can use Chilkat to
// get the extensionRequest from an existing CSR.
// Here is a sample extension request:
// <?xml version="1.0" encoding="utf-8"?>
// <set>
// <sequence>
// <sequence>
// <oid>1.3.6.1.4.1.311.20.2</oid>
// <asnOctets>
// <universal tag="30" constructed="0">AEUAbgBkAEUAbgB0AGkAdAB5AEMAbABpAGUAbgB0AEEAdQB0AGgAQwBlAHIAdABpAGYAaQBjAGEAdABl
// AF8AQwBTAFIAUABhAHMAcwB0AGgAcgBvAHUAZwBoAC8AVgAx</universal>
// </asnOctets>
// </sequence>
// <sequence>
// <oid>2.5.29.15</oid>
// <bool>1</bool>
// <asnOctets>
// <bits n="3">A0</bits>
// </asnOctets>
// </sequence>
// <sequence>
// <oid>2.5.29.37</oid>
// <asnOctets>
// <sequence>
// <oid>1.3.6.1.5.5.7.3.3</oid>
// </sequence>
// </asnOctets>
// </sequence>
// <sequence>
// <oid>2.5.29.14</oid>
// <asnOctets>
// <octets>MCzBMQAViXBz8IDt8LsgmJxJ4Xg=</octets>
// </asnOctets>
// </sequence>
// </sequence>
// </set>
// Use this online tool to generate code from sample XML:
// Generate Code to Create XML
// A few notes:
// The string "AEUAbgBkAEUAbgB0AGkAdAB5AEMAbABpAGUAbgB0AEEAdQB0AGgAQwBlAHIAdABpAGYAaQBjAGEAdABlAF8AQwBTAFIAUABhAHMAcwB0AGgAcgBvAHUAZwBoAC8AVgAx"
// is the base64 encoding of the utf-16be byte representation of the string "EndEntityClientAuthCertificate_CSRPassthrough/V1"
s := 'EndEntityClientAuthCertificate_CSRPassthrough/V1';
bdTemp := TBinData.Create;
bdTemp.AppendString(s,'utf-16be');
s_base64_utf16be := bdTemp.GetEncoded('base64');
// The string should be "AEUA....."
WriteLn(s_base64_utf16be);
// Here's the code to generate the above extension request.
xml := TXml.Create;
xml.Tag := 'set';
xml.UpdateChildContent('sequence|sequence|oid','1.3.6.1.4.1.311.20.2');
xml.UpdateAttrAt('sequence|sequence|asnOctets|universal',True,'tag','30');
xml.UpdateAttrAt('sequence|sequence|asnOctets|universal',True,'constructed','0');
xml.UpdateChildContent('sequence|sequence|asnOctets|universal',s_base64_utf16be);
xml.UpdateChildContent('sequence|sequence[1]|oid','2.5.29.15');
xml.UpdateChildContent('sequence|sequence[1]|bool','1');
xml.UpdateAttrAt('sequence|sequence[1]|asnOctets|bits',True,'n','3');
// A0 is hex for decimal 160.
xml.UpdateChildContent('sequence|sequence[1]|asnOctets|bits','A0');
xml.UpdateChildContent('sequence|sequence[2]|oid','2.5.29.37');
xml.UpdateChildContent('sequence|sequence[2]|asnOctets|sequence|oid','1.3.6.1.5.5.7.3.3');
// This is the subjectKeyIdentifier extension.
// The string "MCzBMQAViXBz8IDt8LsgmJxJ4Xg=" is base64 that decodes to 20 bytes, which is a SHA1 hash.
// This is simply a hash of the DER of the public key.
pubKey := TPublicKey.Create;
privKey.ToPublicKey(pubKey);
bdPubKeyDer := TBinData.Create;
bdPubKeyDer.AppendEncoded(pubKey.GetEncoded(True,'base64'),'base64');
ski := bdPubKeyDer.GetHash('sha1','base64');
xml.UpdateChildContent('sequence|sequence[3]|oid','2.5.29.14');
xml.UpdateChildContent('sequence|sequence[3]|asnOctets|octets',ski);
// Add the extension request to the CSR
csr.SetExtensionRequest(xml);
// Generate the CSR with the extension request
csrPem := csr.GenCsrPem(privKey);
if (csr.LastMethodSuccess = False) then
begin
WriteLn(csr.LastErrorText);
Exit;
end;
WriteLn(csrPem);
ecc.Free;
prng.Free;
privKey.Free;
csr.Free;
bdTemp.Free;
xml.Free;
pubKey.Free;
bdPubKeyDer.Free;
end;
// ---------------------------------------------------------------------------
begin
try
RunDemo;
except
on E: Exception do
WriteLn('Unhandled exception: ', E.ClassName, ': ', E.Message);
end;
WriteLn;
{$IFDEF MSWINDOWS}
WriteLn('Press Enter to exit...');
ReadLn;
{$ENDIF}
end.