This page contains some examples showing how to use the functions in CryptoSys PKI Pro. For hints on programming see the manual and Programming with CryptoSys PKI
"Hello World" programs | Example code and test modules in the distribution | Recent examples | Examples of new features in v12 | Techniques and help about RSA keys | Using in Excel | Creating S/MIME signedData and envelopedData objects | Sending secure CMS messages using VB.NET | How to validate an X.509 certficate | Doing RSA Encryption and Signing with C# | Encrypting and decrypting using RSA-OAEP in XML | Handling PFX/P12 data in memory | SAT Mexico Examples | Examples using Python | Contact us
The equivalent of the "Hello world" program for CryptoSys PKI is to call the
PKI_Version function.
A correct response demonstrates that the Toolkit is properly installed. See
Hello World programs for some sample code.
There are a comprehensive set of tests provided in the distribution download, which give examples of how to use almost all the functions in the library.
You will find the latest versions of these files in the installation directory, usually C:\Program Files (x86)\CryptoSysPKI.
ShowTextFile() function in VtestUtils.bas.
See RSA Techniques for some examples of using the "raw" RSA functions to carry out simple encryption and signing operations. (Hint: you are strongly recommended to use the S/MIME CMS functions if you need to pass secure messages. The S/MIME protocols have been well designed and tested - be careful designing your own.) If you need more information about RSA keys and how they can be stored and the functions available in the Toolkit to handle them, see RSA Key Formats.
2018-06-10:
You can pass a string directly instead of a filename for the 'keyFile' and 'certFile' arguments. See some C# code to do this in
KeyCertsAsStrings.cs.
2019-01-19:
The page How to process a PFX file shows how to extract your X.509 certificate and private key from a PFX (PKCS12/p12) file.
It includes C# and Python code.
This Excel spreadsheet (65 kB) contains VBA macros that show how to use CryptoSys PKI to make and verify RSA signatures in a spreadsheet (it's Excel 2003 but should still work in the latest version). Here is the VBA code in Module1.bas. A sample certificate and encrypted private key is included (the password for the sample key is, of course, password). The key and certificate files must be in the same directory as the spreadsheet itself, and macros must be enabled. The spreadsheet will show you how to make a signature and verify one.
See Sign and Encrypt for a VB6/VBA example showing how to sign and then encrypt some data to produce an S/MIME-conformant CMS object you could send as part of an email. The output in the debug immediate window should look like this. Download all files including the test certificate and private key files here. The password for both private keys is "password".
How to create and read secure CMS messages between parties, starting from scratch by generating your own keys and your own private set of X.509 certificates: VB.NET source code (zipped, 5kB). You need to create your own certificates because the CMS format requires public key in X.509 form, but there's no need to pay for them - just be your own CA. You can check that your end users have the correct certificates by comparing the certificate file thumbprints (aka SHA-1 message digest values) over the phone.
The VB6 code in How to Validate a Certificate Chain shows
how you can validate that an end user's certificate is still current and really was issued by
the correct authority.
2010-05-02: Check out the X509_ValidatePath function.
See Doing RSA Encryption and Signing with C#.
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep"> <xenc11:MGF Algorithm="http://www.w3.org/2009/xmlenc11#mgf1sha256"/> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> </xenc:EncryptionMethod>Also, I already have the P12 (PFX) data in memory. Is there a way to access this without writing to a file? And can I create an X.509 certificate (.cer) file from the PFX data?
Answer: yes, yes and yes. See the solution in XmlEnc.c. The PFX file used is bob.pfx with password "password". (Remember if you were encrypting a message to Bob, you wouldn't have his PFX or private key data. This is just a demonstration of techniques.) The EncryptedKey subset of your XML might look like this: XmlEncKey.xml.
char *pfxstr="-----BEGIN PKCS12-----" "MIIGhAIBAzCCBkoGCSqGSIb3DQEHAaCCBjsEggY3MI..." "-----END PKCS12-----";For more details about handling file data as a string, see PEM string alternative.
See SAT Mexico and CryptoSys PKI (now mostly superseded by FirmaSAT). But also
Carol is the CA who signs her own certificate. Ann, Ben and Damien are end users whose certificates are issued by Carol. Damien's certificate is then revoked by Carol.
See the page A Python interface to CryptoSys PKI Pro.
To comment on this page or get more information, please send us a message.
This page last updated 18 january 2023
