Examples for CryptoSys PKI Toolkit

This page contains some examples showing how to use the functions in the CryptoSys PKI Toolkit. For hints on programming see the manual and Programming with the CryptoSys PKI Toolkit

Contents

Techniques and help about RSA keys | Creating S/MIME signedData and envelopedData objects | Sending secure CMS messages using VB.NET | How to validate an X.509 certficate | Doing RSA Encryption and Signing with C# | SAT Mexico Examples | Example Code in the Main Distibution | Techniques shown in the example code | Old code

Techniques and help about RSA keys

See RSA Techniques for some examples of using the "raw" RSA functions to carry out simple encryption and signing operations. (Hint: you are strongly recommended to use the S/MIME CMS functions if you need to pass secure messages. The S/MIME protocols have been well designed and tested - be careful designing your own.) If you need more information about RSA keys and how they can be stored and the functions available in the Toolkit to handle them, see RSA Key Formats.

Creating S/MIME signedData and envelopedData objects

See Sign and Encrypt for a VB6/VBA example showing how to sign and then encrypt some data to produce an S/MIME-conformant CMS object you could send as part of an email. The output in the debug immediate window should look like this. Download all files including the test certificate and private key files here. The password for both private keys is "password".

Sending secure CMS messages using VB.NET

How to create and read secure CMS messages between parties, starting from scratch by generating your own keys and your own private set of X.509 certificates: VB.NET source code (zipped, 5kB). You need to create your own certificates because the CMS format requires public key in X.509 form, but there's no need to pay for them - just be your own CA. You can check that your end users have the correct certificates by comparing the certificate file thumbprints (aka SHA-1 message digest values) over the phone.

How to validate an X.509 certficate

The VB6 code in How to Validate a Certificate Chain shows how you can validate that an end user's certificate is still current and really was issued by the correct authority.

Doing RSA Encryption and Signing with C#

See Doing RSA Encryption and Signing with C#.

SAT Mexico Examples

See SAT Mexico and the CryptoSys PKI Toolkit.

Example Code in the Main Distibution

The following example code is also provided in the download and should have been installed in the sub-folders in directory

C:\Program Files\CryptoSysPKI	

unless you installed it somewhere else.
Hint: The example programs create test files in the local directory. Unzip them somewhere other than Program Files to avoid permission issues.

A quick test in C/C++: PKICheck.c

C/C++ example tests: PKI_Examples.c

VB6/VBA examples using S/MIME: basSMIMEex.bas

Tests in C#: TestPKIcsharp.cs

The same tests in VB.NET: TestPKIvbnet.vb

Please use the distributed source code not these HTML pages. The test files used are in smimetestfiles.zip (5 kB).

Techniques shown in the example code

Carol is the CA who signs her own certificate. Ann and Ben are end users whose certificates are issued by Carol.

• Carol generates a 1024-bit RSA key pair
• Carol creates her own self-signed X.509 certificate
• Ann and Ben generate their RSA keys
• Carol issues certificates for Ann and Ben
• Ben tests his keys 'in the raw'
• Ann sends an encrypted message to Ben
• Ben decrypts the message from Ann
• Ann sends an encrypted message and Ben reads it
• Ann sends an encrypted message in base64 format
• Ann signs a message
• Ben verifies the signed message received from Ann
• Ben reads the signed-data from Ann, saving as a file
• Ann creates a signed-data object in base64 format; Ben verifies it
• Ben signs a detached message
• Ann verifies the detached signature received from Ben
• Ben prepares a certificate signing request in both PEM and binary formats
• Ann verifies her certificate
• Ben reads and saves his RSA keys in different formats (CAUTION)
• Carol extracts her public key from her X.509 certificate
• Ann makes a PKCS7 certificate chain
• Ben makes a PKCS12 PFX file
• Ben uses 'raw' RSA to encrypt a secret for Ann
• Ann decrypts the 'raw' data from Ben
• Ann uses 'raw' RSA to sign a message
• Ben verifies the 'raw' RSA signature received from Ann

Old code

These pages contain older code now partly superseded by new functions added since version 2.6; however, they still work and the general approach and techniques are still valid.

• Raw RSA Encryption for an example of how you could encrypt a short string using RSA public key encryption.
• Raw RSA Signing and Verification for an example of how you could use the functions to create a simple digital signature and verify it.
• The examples in RSAES-OAEP show how to use the raw RSA functions in the CryptoSys PKI Toolkit to carry out encryption and decryption using the more secure RSAES-OAEP algorithm from PKCS#1v2.1. [Version 2.6 update: the OAEP encoding can now be done in one line using the PKI_EME_OAEP option of the new RSA_EncodeMsg function.]

  nRet = RSA_EncodeMsg(abBlock(0), nBlockLen, abMessage(0), nmLen, PKI_EME_OAEP)
  

Contact

For more information, please Email Us. To comment on this page, see below.

This page last updated 1 January 2010

Copyright © 2004-10 D.I. Management Services Pty Limited ABN 78 083 210 584 Sydney, Australia. All rights reserved.
<www.di-mgt.com.au>   <www.cryptosys.net>

CryptoSys Home | PKI Home | Purchase | Search | Cryptography Software Code | Contact us