我发现这个问题Converting .PFX to .PEM programmatically?,我有同样的问题,从Windows密钥存储区以编程方式导出pfx格式的证书和私钥,并将它们转换为PEM格式文件/内存 .
上面的链接似乎是这样做但没有真正的信息它是如何完成的,并且github的内部链接似乎被打破了
我们不能使用pfx格式,因为它包含证书链和用于加载此类证书链的openSSL库API仅适用于PEM文件 .
将pfx文件导入Windows密钥存储区时,私钥被检查为可导出 .
我成功通过将证书复制到新的内存存储器导出证书,将其导出到内存bolb并以不同的格式(base64和二进制)保存到文件中 - 请参阅下面的代码 - 但我不确定这是正确的方法,如果所有链都被导出,我也不知道如何将其转换为PEM格式
在此先感谢您的帮助
#pragma comment(lib, "crypt32.lib")
#include <stdio.h>
#include <windows.h>
#include <Wincrypt.h>
#define MY_ENCODING_TYPE (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING)
void MyHandleError(char *s);
char *base64_encode(const unsigned char *data,
size_t input_length,
size_t *output_length);
void main(void)
{
//-------------------------------------------------------------------
// Declare and initialize variables.
HCERTSTORE hSystemStore;
HCERTSTORE hTempStore;
PCCERT_CONTEXT pCertContext = NULL;
char pszStoreName[256] = "root";
char pszNameString[256] = "xyzabcfkjvfkvnrg";
//-------------------------------------------------------------------
// Open a system certificate store.
if(hSystemStore = CertOpenSystemStore(
0,
pszStoreName))
{
printf("The %s system store is open. Continue.\n", pszStoreName );
}
else
{
MyHandleError("The first system store did not open.");
}
//-------------------------------------------------------------------
// Open a temporary certificate store.
if(hTempStore = CertOpenStore(
CERT_STORE_PROV_MEMORY, 0, 0, CERT_STORE_CREATE_NEW_FLAG, 0 ))
{
printf("Temp certificate store was created. Continue.\n");
}
else
{
MyHandleError("The temp store wasn't not created.");
}
//-------------------------------------------------------------------
// Get a certificate that has the desired friendly name.
if(pCertContext=CertFindCertificateInStore(
hSystemStore,
MY_ENCODING_TYPE, // Use X509_ASN_ENCODING
0, // No dwFlags needed
CERT_NAME_FRIENDLY_DISPLAY_TYPE, // Find a certificate
pszNameString, // The Unicode string to be found
// in a certificate's subject
NULL)) // NULL for the first call
{
printf("The %s certificate was found. \n", pszNameString);
}
else
{
MyHandleError("Could not find the %s certificate.");
}
//------------------------------------------------------------------
// add selected certificate into temporary store in memory
if(CertAddCertificateContextToStore(hTempStore, pCertContext, CERT_STORE_ADD_NEW, 0))
{
printf("The %s certificate was added. \n", pszNameString);
}
else
{
MyHandleError("Could not add %s ce
#pragma comment(lib, "crypt32.lib")
#include <stdio.h>
#include <windows.h>
#include <Wincrypt.h>
#define MY_ENCODING_TYPE (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING)
void MyHandleError(char *s);
char *base64_encode(const unsigned char *data,
size_t input_length,
size_t *output_length);
void main(void)
{
//-------------------------------------------------------------------
// Declare and initialize variables.
HCERTSTORE hSystemStore;
HCERTSTORE hTempStore;
PCCERT_CONTEXT pCertContext = NULL;
char pszStoreName[256] = "root";
char pszNameString[256] = "xyzabcfkjvfkvnrg";
//-------------------------------------------------------------------
// Open a system certificate store.
if(hSystemStore = CertOpenSystemStore(
0,
pszStoreName))
{
printf("The %s system store is open. Continue.\n", pszStoreName );
}
else
{
MyHandleError("The first system store did not open.");
}
//-------------------------------------------------------------------
// Open a temporary certificate store.
if(hTempStore = CertOpenStore(
CERT_STORE_PROV_MEMORY, 0, 0, CERT_STORE_CREATE_NEW_FLAG, 0 ))
{
printf("Temp certificate store was created. Continue.\n");
}
else
{
MyHandleError("The temp store wasn't not created.");
}
//-------------------------------------------------------------------
// Get a certificate that has the desired friendly name.
if(pCertContext=CertFindCertificateInStore(
hSystemStore,
MY_ENCODING_TYPE, // Use X509_ASN_ENCODING
0, // No dwFlags needed
CERT_NAME_FRIENDLY_DISPLAY_TYPE, // Find a certificate
pszNameString, // The Unicode string to be found
// in a certificate's subject
NULL)) // NULL for the first call
{
printf("The %s certificate was found. \n", pszNameString);
}
else
{
MyHandleError("Could not find the %s certificate.");
}
//------------------------------------------------------------------
// add selected certificate into temporary store in memory
if(CertAddCertificateContextToStore(hTempStore, pCertContext, CERT_STORE_ADD_NEW, 0))
{
printf("The %s certificate was added. \n", pszNameString);
}
else
{
MyHandleError("Could not add %s certificate.");
}
//------------------------------------------------------------------------------
CRYPT_DATA_BLOB* db= new (CRYPT_DATA_BLOB);
LPCWSTR szPassword = NULL;
db->cbData = 0;
if((!PFXExportCertStoreEx(
hTempStore,
db,
szPassword,
0,
EXPORT_PRIVATE_KEYS|REPORT_NOT_ABLE_TO_EXPORT_PRIVATE_KEY))&&(GetLastError()==0))
{
printf("The %s certificate blob size is %d. \n", pszNameString, db->cbData);
}
else
{
MyHandleError("Could not calculate size of certificate.");
}
//-------------------------------------------------------
// Allocate memory
if(db->pbData = (BYTE*)malloc(db->cbData+1))
{
printf("Memory has been allocated. Continue.\n");
}
else
{
MyHandleError("The allocation of memory failed.");
}
// Export certificate from temporary store to blob
if(PFXExportCertStoreEx(
hTempStore,
db,
szPassword,
0,
EXPORT_PRIVATE_KEYS|REPORT_NOT_ABLE_TO_EXPORT_PRIVATE_KEY))
{
printf("The %s certificate blob was exported %d. \n", pszNameString);
}
else
{
MyHandleError("Could not export certificate.");
}
//-------------------------------------------------------------------
//Write blob to files
FILE *fp;
errno_t err;
if ((err = fopen_s(&fp, "cert_bin.p12", "wb")) != 0)
printf("File was not opened\n");
else
for (int i=0; i<db->cbData; i++)
fprintf(fp,"%c", db->pbData + i);
fclose(fp);
size_t t;
char* c = base64_encode(db->pbData, db->cbData, &t);
if ((err = fopen_s(&fp, "cert_base64.p12", "w")) != 0)
printf("File was not opened\n");
else
fprintf(fp, "%s", c);
fclose(fp);
//-------------------------------------------------------------------
// Free memory.
//free(pbElement);
CertCloseStore(hSystemStore,0);
printf("The program ran without error to the end.\n");
} // End of main
//-------------------------------------------------------------------
void MyHandleError(char *s)
{
fprintf(stderr,"An error occurred in running the program. \n");
fprintf(stderr,"%s\n",s);
fprintf(stderr, "Error number %x.\n", GetLastError());
fprintf(stderr, "Program terminating. \n");
exit(1);
} // End of MyHandleError
1 回答
此代码段导出从WCS到pfx文件的证书链