Welcome
Guest
, you are in:
<root>
•
Login
NCryptoki Wiki
Navigation
¶
Main Page
Random Page
Create a new Page
All Pages
Categories
Navigation Paths
Administration
File Management
Create Account
Search the wiki
»
Back
How to import a .pfx or a .p12 file
Modified on 2017/05/15 10:57
by
Administrator
Categorized as
Uncategorized
Both files .pfx and .p12 contains a key pair (public key + private key) and the related certificate. Importing a pfx or a p12 means importing the public key, the private key and the certificate as well. Usually a pfx or a p12 file is protected by a password, so you need to know the password to import it in the token This snippet opens a .pfx or a .p12 file and create an X509Certificate2 object: @@X509Certificate2 cert = new X509Certificate2(filepath, password, X509KeyStorageFlags.Exportable); string id = "mykeyid"; string label = "mylabel"; boolean private = true; boolean modifiable = false; importKeyPair(cert, id, label, private, modifiable); importCertificate(cert, id, label, modifiable);@@ this is the implementation of the importKey function: @@private bool importKeyPair(X509Certificate2 cert, string id, string label, bool priv, bool modifiable) { if (!cert.HasPrivateKey) { showError("Certificate doesn't have private key. Import failed!"); return false; } AsymmetricAlgorithm keyPair = cert.PrivateKey; if (keyPair is RSA) { RSAParameters keyParams = ((RSA)keyPair).ExportParameters(true); CryptokiCollection template = new CryptokiCollection(); template.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PRIVATE_KEY)); template.Add(new ObjectAttribute(ObjectAttribute.CKA_KEY_TYPE, Key.CKK_RSA)); template.Add(new ObjectAttribute(ObjectAttribute.CKA_SUBJECT, cert.SubjectName.RawData)); template.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, id)); template.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, label)); template.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, true)); template.Add(new ObjectAttribute(ObjectAttribute.CKA_MODULUS, keyParams.Modulus)); template.Add(new ObjectAttribute(ObjectAttribute.CKA_PUBLIC_EXPONENT, keyParams.Exponent)); template.Add(new ObjectAttribute(ObjectAttribute.CKA_PRIVATE_EXPONENT, keyParams.D)); template.Add(new ObjectAttribute(ObjectAttribute.CKA_PRIVATE, priv)); template.Add(new ObjectAttribute(ObjectAttribute.CKA_MODIFIABLE, modifiable)); template.Add(new ObjectAttribute(ObjectAttribute.CKA_EXTRACTABLE, false)); template.Add(new ObjectAttribute(ObjectAttribute.CKA_DECRYPT, true)); template.Add(new ObjectAttribute(ObjectAttribute.CKA_SIGN, true)); template.Add(new ObjectAttribute(ObjectAttribute.CKA_UNWRAP, true)); CryptokiObject priKey = CurrentSession.Objects.Create(template); } return true; } @@ this is the implementation of the importCertificate function @@private bool importCertificate(X509Certificate2 cert, string id, string label, bool modifiable) { CryptokiCollection template = new CryptokiCollection(); template.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_CERTIFICATE)); template.Add(new ObjectAttribute(ObjectAttribute.CKA_CERTIFICATE_TYPE, Certificate.CKC_X_509)); template.Add(new ObjectAttribute(ObjectAttribute.CKA_SUBJECT, cert.SubjectName.RawData)); template.Add(new ObjectAttribute(ObjectAttribute.CKA_ISSUER, cert.Issuer)); template.Add(new ObjectAttribute(ObjectAttribute.CKA_SERIAL_NUMBER, cert.SerialNumber)); template.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, id)); template.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, label)); template.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, true)); template.Add(new ObjectAttribute(ObjectAttribute.CKA_VALUE, cert.RawData)); template.Add(new ObjectAttribute(ObjectAttribute.CKA_MODIFIABLE, modifiable)); CryptokiObject certificate = CurrentSession.Objects.Create(template); return true; } @@
Meta Keywords:
Meta Description:
Change Comment:
ScrewTurn Wiki
version 3.0.4.560. Some of the icons created by
FamFamFam
.