Examples for CryptoSys PKI Toolkit

This page contains some examples showing how to use the functions in the CryptoSys PKI Toolkit. For hints on programming see the manual and Programming with the CryptoSys PKI Toolkit

This page has links to various source code listings. These may contain HTML formatting errors or be out of date. Please always use the original source code distributed with the package. Likewise, the zipped project files may contain out-of-date interface files.

Important Note:Many examples of RSA encryption and signing given here use a 512-bit key. This is for convenience and speed in demonstration and testing. Using a 512-bit key is not recommended for production work. Use at least a 1024-bit key in practice.

Techniques and help about RSA keys

See RSA Techniques for some examples of using the "raw" RSA functions to carry out simple encryption and signing operations. (Hint: you are strongly recommended to use the S/MIME CMS functions if you need to pass secure messages. The S/MIME protocols have been well designed and tested - be careful designing your own.) If you need more information about RSA keys and how they can be stored and the functions available in the Toolkit to handle them, see RSA Key Formats.

Creating S/MIME signedData and envelopedData objects

See Sign and Encrypt for an example showing how to sign and then encrypt some data to produce an S/MIME-conformant CMS object you could send as part of an email. The output in the debug immediate window should look like this. Download all files including the test certificate and private key files here. The password for both private keys is "password".

How to validate an X.509 certficate

The VB6 code in How to Validate a Certificate Chain shows how you can validate that an end user's certificate is still current and really was issued by the correct authority.

Doing RSA Encryption and Signing with C#

See Doing RSA Encryption and Signing with C#.

SAT Mexico Examples

See SAT Mexico and the CryptoSys PKI Toolkit.

Example Code in the Main Distibution

The following example code is also provided in the download and should have been installed in the sub-folders in directory

C:\Program Files\CryptoSysPKI

unless you installed it somewhere else.
Hint: The example programs create test files in the local directory. Unzip them somewhere other than Program Files to avoid permission issues.

A quick test in C/C++: PKICheck.c

C/C++ example tests: PKI_Examples.c

VB6/VBA examples using S/MIME: basSMIMEex.bas

Tests in C#: TestPKIcsharp.cs

The same tests in VB.NET: TestPKIvbnet.vb

Please use the distributed source code not these HTML pages. The test files used are in smimetestfiles.zip (5 kB).

Techniques shown in the example code

Carol is the CA who signs her own certificate. Ann and Ben are end users whose certificates are issued by Carol.

Old code

These pages contain older code now partly superseded by new functions added since version 2.6; however, they still work and the general approach and techniques are still valid.

Raw RSA Encryption for an example of how you could encrypt a short string using RSA public key encryption.
Raw RSA Signing and Verification for an example of how you could use the functions to create a simple digital signature and verify it.
The examples in RSAES-OAEP show how to use the raw RSA functions in the CryptoSys PKI Toolkit to carry out encryption and decryption using the more secure RSAES-OAEP algorithm from PKCS#1v2.1. [Version 2.6 update: the OAEP encoding can now be done in one line using the PKI_EME_OAEP option of the new RSA_EncodeMsg function.]
```
nRet = RSA_EncodeMsg(abBlock(0), nBlockLen, abMessage(0), nmLen, PKI_EME_OAEP)
```

This page last updated 28 April 2008