Examples for CryptoSys PKI Toolkit

This page contains some examples showing how to use the functions in the CryptoSys PKI Toolkit. For hints on programming see the manual and Programming with the CryptoSys PKI Toolkit

Contents

"Hello World" programs | Examples VB6 to VB.NET | Techniques and help about RSA keys | Using in Excel | Creating S/MIME signedData and envelopedData objects | Sending secure CMS messages using VB.NET | How to validate an X.509 certficate | Doing RSA Encryption and Signing with C# | SAT Mexico Examples | Example Code in the Main Distibution | Techniques shown in the example code | Old code

Simple "Hello World" programs

The equivalent of the "Hello world" program for CryptoSys PKI is to call the PKI_Version function. A correct response demonstrates that the Toolkit is properly installed. See Hello World programs for some sample code.

CryptoSys PKI Examples VB6 to VB.NET

2010-06-30: CryptoSys PKI Examples VB6 to VB.NET is a conversion of most of the VB6 examples in the CryptoSys PKI manual to VB.NET. It shows how to convert VB6 code to the equivalent VB.NET code. Updated versions of these VB.NET examples are now included in the main manual as of v3.6.

Techniques and help about RSA keys

See RSA Techniques for some examples of using the "raw" RSA functions to carry out simple encryption and signing operations. (Hint: you are strongly recommended to use the S/MIME CMS functions if you need to pass secure messages. The S/MIME protocols have been well designed and tested - be careful designing your own.) If you need more information about RSA keys and how they can be stored and the functions available in the Toolkit to handle them, see RSA Key Formats.

Making an RSA signature in an Excel spreadsheet

2010-08-24: This Excel 2003 spreadsheet (65 kB) contains VBA macros that show how to use CryptoSys PKI to make and verify RSA signatures in a spreadsheet. A sample certificate and encrypted private key is included (the password for the sample key is, of course, password). The key and certificate files must be in the same directory as the spreadsheet itself, and macros must be enabled. The spreadsheet will show you how to make a signature and verify one.

Creating S/MIME signedData and envelopedData objects

See Sign and Encrypt for a VB6/VBA example showing how to sign and then encrypt some data to produce an S/MIME-conformant CMS object you could send as part of an email. The output in the debug immediate window should look like this. Download all files including the test certificate and private key files here. The password for both private keys is "password".

Sending secure CMS messages using VB.NET

How to create and read secure CMS messages between parties, starting from scratch by generating your own keys and your own private set of X.509 certificates: VB.NET source code (zipped, 5kB). You need to create your own certificates because the CMS format requires public key in X.509 form, but there's no need to pay for them - just be your own CA. You can check that your end users have the correct certificates by comparing the certificate file thumbprints (aka SHA-1 message digest values) over the phone.

How to validate an X.509 certficate

The VB6 code in How to Validate a Certificate Chain shows how you can validate that an end user's certificate is still current and really was issued by the correct authority.
2010-05-02: Check out the new X509_ValidatePath function.

Doing RSA Encryption and Signing with C#

See Doing RSA Encryption and Signing with C#.

SAT Mexico Examples

See SAT Mexico and the CryptoSys PKI Toolkit.

Example Code in the Main Distibution

The following example code is also provided in the download and should have been installed in the sub-folders in directory

C:\Program Files\CryptoSysPKI	

unless you installed it somewhere else.
Hint: The example programs create test files in the local directory. Unzip them somewhere other than Program Files to avoid permission issues.

A quick test in C/C++: pki_check.c

The same quick test in Windows SDK C: PKICheck.c

C/C++ example tests: PKI_Examples.c

VB6/VBA examples using S/MIME: basSMIMEex.bas

Tests in C#: TestPKIcsharp.cs

The same tests in VB.NET: TestPKIvbnet.vb

Please use the distributed source code not these HTML pages. The test files used are in smimetestfiles.zip (5 kB) and pkiDotNetTestFiles.zip (10 kB).

Techniques shown in the example C/C++ code

Carol is the CA who signs her own certificate. Ann, Ben and Damien are end users whose certificates are issued by Carol. Damien's certificate is then revoked by Carol.

• Carol generates a 1024-bit RSA key pair
• Carol creates her own self-signed X.509 certificate
• Ann and Ben generate their RSA keys
• Carol issues certificates for Ann and Ben
• Ben tests his keys 'in the raw'
• Ann sends an encrypted message to Ben
• Ben decrypts the message from Ann
• Ann sends an encrypted message and Ben reads it
• Ann sends an encrypted message in base64 format
• Ann signs a message
• Ben verifies the signed message received from Ann
• Ben reads the signed-data from Ann, saving as a file
• Ann creates a signed-data object in base64 format; Ben verifies it
• Ben signs a detached message
• Ann verifies the detached signature received from Ben
• Ben prepares a certificate signing request in both PEM and binary formats
• Ann verifies her certificate
• Ben reads and saves his RSA public key in different formats
• Ben reads, checks and saves his RSA private keys in different formats (CAUTION)
• Carol extracts her public key from her X.509 certificate
• Ann makes a PKCS7 certificate chain
• Ben makes a PKCS12 PFX file
• Ben uses 'raw' RSA to encrypt a secret for Ann
• Ann decrypts the 'raw' data from Ben
• Ann uses 'raw' RSA to sign a message
• Ben verifies the 'raw' RSA signature received from Ann
• Ben creates a self-signed certificate with his name in Chinese
• Damien creates a certificate signing request (CSR) after making himself a pair of RSA keys
• Carol makes an X.509 certificate for Damien using his Certificate Signing Request
• Damien validates the P7 cert chain file from Carol and extracts all the certificates
• Carol revokes Damien's certificate
• We check whether or not Damien's cert has been revoked

Old code

These pages contain older code now partly superseded by new functions added since version 2.6; however, they still work and the general approach and techniques are still valid.

• Raw RSA Encryption for an example of how you could encrypt a short string using RSA public key encryption.
• Raw RSA Signing and Verification for an example of how you could use the functions to create a simple digital signature and verify it.
• The examples in RSAES-OAEP show how to use the raw RSA functions in the CryptoSys PKI Toolkit to carry out encryption and decryption using the more secure RSAES-OAEP algorithm from PKCS#1v2.1. [Version 2.6 update: the OAEP encoding can now be done in one line using the PKI_EME_OAEP option of the new RSA_EncodeMsg function.]

  nRet = RSA_EncodeMsg(abBlock(0), nBlockLen, abMessage(0), nmLen, PKI_EME_OAEP)
  

Contact

For more information, please Email Us. To comment on this page, see below.

This page last updated 24 August 2010

Copyright © 2004-10 D.I. Management Services Pty Limited ABN 78 083 210 584 Sydney, Australia. All rights reserved.
<www.di-mgt.com.au>   <www.cryptosys.net>

CryptoSys Home | PKI Home | Purchase | Search | Cryptography Software Code | Contact us