Sample code for 30+ languages & platforms
CkPython

Get a .pfx/.p12 Safe Bag Attribute

See more PFX/P12 Examples

Demonstrates how to get the value of a private key or certificate safe bag attribute. Safe bag attributes are associated with a key or certificate. They are attributes stored in the .p12/.pfx alongside a key or certificate.

Chilkat CkPython Downloads

CkPython
import sys
import chilkat

success = False

pfx = chilkat.CkPfx()

success = pfx.LoadPfxFile("qa_data/pfx/test_ecdsa_secret.pfx","secret")
if (success == False):
    print(pfx.lastErrorText())
    sys.exit()

json = chilkat.CkJsonObject()
pfx.GetLastJsonData(json)

json.put_EmitCompact(False)
print(json.emit())

# The last JSON data provides information about the what is contained in the PFX.  It was collected in the call to LoadPfxFile.
# For example:

# {
#   "authenticatedSafe": {
#     "contentInfo": [
#       {
#         "type": "Data",
#         "safeBag": [
#           {
#             "type": "pkcs8ShroudedKeyBag",
#             "attrs": {
#               "localKeyId": "16777216",
#               "keyContainerName": "{B99EB9E7-6AF7-42AF-A43A-D4B2225B7605}",
#               "msStorageProvider": "Microsoft Software Key Storage Provider"
#             }
#           }
#         ]
#       },
#       {
#         "type": "EncryptedData",
#         "safeBag": [
#           {
#             "type": "certBag",
#             "attrs": {
#               "localKeyId": "16777216"
#             },
#             "subject": "EE",
#             "serialNumber": "1a9da86df17ad411bb413b2aa724fe56fc71242d"
#           },
#           {
#             "type": "certBag",
#             "subject": "CA",
#             "serialNumber": "02742228acbf3dd2e71f403abd8281ab6d70d490"
#           }
#         ]
#       }
#     ]
#   }
# }

# Use this online tool to generate parsing code from sample JSON: 
# Generate Parsing Code from JSON

# In the above JSON, we can see the .pfx contains one private key (a pkcs8ShroudedKeyBag) and two certificates (each in a certBag).
# The certificates in a .pfx/.p12 are typicaly a single certificate with associated private key, along with the other certificates
# in the chain of authentication.

# We can see that the private key has 3 safebag attributes: localKeyId, keyContainerName, and msStorageProvider.
# The certificate associated with the private key contains one safebag attribute: localKeyId.
# Notice the localKeyId is the same.  The localKeyId helps associate the private key that corresponds to the given certificate.

# Let's demonstrate the GetSafeBagAttr method:

# Get each of the private key safebag attributes:
getPrivateKeyAttr = True
privateKeyIdx = 0
print("---- private key safebag attributes ----")
print(pfx.getSafeBagAttr(getPrivateKeyAttr,privateKeyIdx,"localKeyId"))
print(pfx.getSafeBagAttr(getPrivateKeyAttr,privateKeyIdx,"keyContainerName"))
print(pfx.getSafeBagAttr(getPrivateKeyAttr,privateKeyIdx,"storageProvider"))

# Get the localKeyId attribute for the 1st certificate.
getPrivateKeyAttr = False
print("---- cert safebag attributes ----")
print(pfx.getSafeBagAttr(getPrivateKeyAttr,0,"localKeyId"))