Results 1 to 5 of 5

Thread: Converting winows PRIVATEKEYBLOB to Qt's QSslKey

  1. 14th December 2012, 22:06 #1
    insha
    insha is offline Beginner
    Join Date
    Sep 2011
    Posts
    3
    Qt products
    Qt4 Qt/Embedded
    Platforms
    Unix/X11 Windows

    Default Converting winows PRIVATEKEYBLOB to Qt's QSslKey

    I am working on an Qt application(windows service) which uses SSL encryption, i need to access the certificate and associated private key from the windows certificate store and pass it to my QSslSocket using setLocalCertificate and setPrivateKey which accepts QSslCertificate and QSslKey respectively.

    I am able to get the certificate from the store and set it to QsslSocket using windows API '(CertOpenStore, CertFindCertificateInStore). Now as i have the certificate i need to extract its private key and set to ssl socket, i am using CryptAcquireCertificatePrivateKey, CryptGetUserKey and CryptExportKey windows api in the same order, which gives me a microsoft PRIVATEKEYBLOB and now i need to convert it to a format that QSslKey understands.
    Reply With Quote Reply With Quote
  2. 15th December 2012, 09:39 #2
    wysota's Avatar
    wysota
    wysota is offline The "Q"
    Nokia Certified Qt Developer
    Join Date
    Jan 2006
    Location
    Warsaw, Poland
    Posts
    33,359
    Thanks
    3
    Thanked 5,015 Times in 4,792 Posts
    Qt products
    Qt3 Qt4 Qt5 Qt/Embedded
    Platforms
    Unix/X11 Windows Android Maemo/MeeGo
    Wiki edits
    10

    Default Re: Converting winows PRIVATEKEYBLOB to Qt's QSslKey

    Point your favourite web search engine to PRIVATEKEYBLOB+OpenSSL.
    Your biological and technological distinctiveness will be added to our own. Resistance is futile.

    Please ask Qt related questions on the forum and not using private messages or visitor messages.

    Reply With Quote Reply With Quote
  3. 21st December 2012, 02:25 #3
    insha
    insha is offline Beginner
    Join Date
    Sep 2011
    Posts
    3
    Qt products
    Qt4 Qt/Embedded
    Platforms
    Unix/X11 Windows

    Default Re: Converting winows PRIVATEKEYBLOB to Qt's QSslKey

    Solved it!! Thought of sharing teh solution here, it might be helpful to someone.

    // Open the certificate store to be searched.
    HCERTSTORE hSystemStore = CertOpenStore((LPCSTR)(CERT_STORE_PROV_SYSTEM), 0, NULL,
    CERT_SYSTEM_STORE_LOCAL_MACHINE, L"MY");

    CRYPT_DATA_BLOB dataBlob = {0};
    QString password("password"); // your password for the cretificate and private key goes here

    if(PFXExportCertStoreEx(hSystemStore, &dataBlob, password.toStdWString().c_str(), NULL,
    EXPORT_PRIVATE_KEYS | REPORT_NOT_ABLE_TO_EXPORT_PRIVATE_KEY | REPORT_NO_PRIVATE_KEY))
    {
    if (dataBlob.cbData > 0)
    {
    dataBlob.pbData = (BYTE*)malloc(dataBlob.cbData);
    if (PFXExportCertStoreEx(hSystemStore, &dataBlob, password.toStdWString().c_str(), NULL,
    EXPORT_PRIVATE_KEYS | REPORT_NOT_ABLE_TO_EXPORT_PRIVATE_KEY | REPORT_NO_PRIVATE_KEY))
    {
    EVP_PKEY *pkey;
    X509 *cert;
    STACK_OF(X509) *ca = NULL;
    PKCS12 *p12;
    int i;
    CRYPTO_malloc_init();
    OpenSSL_add_all_algorithms();
    SSLeay_add_all_algorithms();
    ERR_load_crypto_strings();

    BIO* input = BIO_new_mem_buf((void*)dataBlob.pbData, dataBlob.cbData);
    p12 = d2i_PKCS12_bio(input, NULL);

    PKCS12_parse(p12, password.toStdString().c_str(), &pkey, &cert, &ca);
    PKCS12_free(p12);

    if (cert)
    {
    BIO *boCert = BIO_new( BIO_s_mem() );

    PEM_write_bio_X509(boCert, cert);
    if (ca && sk_X509_num(ca))
    {
    for (i = 0; i < sk_X509_num(ca); i++)
    {
    PEM_write_bio_X509(boCert, sk_X509_value(ca, i));
    }
    }
    char *certStr;
    long len = BIO_get_mem_data(boCert, &certStr);

    QSslCertificate localCertificate(QByteArray::fromRawData(certStr, len));
    mySslSocket->setLocalCertificate(localCertificate);

    BIO_free_all(boCert);
    }

    if (pkey)
    {
    BIO *bo = BIO_new( BIO_s_mem() );
    PEM_write_bio_PrivateKey(bo, pkey, NULL, (unsigned char*)(password.toStdString().c_str()), password.length(), NULL, (char*)(password.toStdString().c_str()));

    char *p;
    long len = BIO_get_mem_data(bo, &p);

    QSslKey key(QByteArray::fromRawData(p, len), QSsl::Rsa);
    mySslSocket->setPrivateKey(key);
    BIO_free_all(bo);
    }
    free(dataBlob.pbData);
    }
    }
    }

    if(hSystemStore)
    CertCloseStore(hSystemStore, 0);
    Reply With Quote Reply With Quote
  4. 21st December 2012, 04:11 #4
    ChrisW67
    ChrisW67 is offline Guru
    Join Date
    Mar 2009
    Location
    Brisbane, Australia
    Posts
    7,729
    Thanks
    13
    Thanked 1,610 Times in 1,537 Posts
    Qt products
    Qt4 Qt5
    Platforms
    Unix/X11 Windows
    Wiki edits
    17

    Default Re: Converting winows PRIVATEKEYBLOB to Qt's QSslKey

    Now please edit your post and put [code] [/code] tags around the code.
    Reply With Quote Reply With Quote
  5. 22nd December 2012, 21:25 #5
    insha
    insha is offline Beginner
    Join Date
    Sep 2011
    Posts
    3
    Qt products
    Qt4 Qt/Embedded
    Platforms
    Unix/X11 Windows

    Default Re: Converting winows PRIVATEKEYBLOB to Qt's QSslKey

    Solved it!! Thought of sharing the solution here, it might be helpful to someone.

    Qt Code: 
    1. // Open the certificate store to be searched.
    2.     HCERTSTORE hSystemStore = CertOpenStore((LPCSTR)(CERT_STORE_PROV_SYSTEM),  0, NULL,
    3.                                  CERT_SYSTEM_STORE_LOCAL_MACHINE, L"MY");
    4.  
    5.     CRYPT_DATA_BLOB dataBlob = {0};
    6.     QString password("password"); // your password for the cretificate and private key goes here
    7.  
    8.     if(PFXExportCertStoreEx(hSystemStore, &dataBlob, password.toStdWString().c_str(), NULL,
    9.                                 EXPORT_PRIVATE_KEYS | REPORT_NOT_ABLE_TO_EXPORT_PRIVATE_KEY | REPORT_NO_PRIVATE_KEY))
    10.     {
    11.         if (dataBlob.cbData > 0)
    12.         {
    13.             dataBlob.pbData = (BYTE*)malloc(dataBlob.cbData);
    14.             if (PFXExportCertStoreEx(hSystemStore, &dataBlob, password.toStdWString().c_str(), NULL,
    15.                                         EXPORT_PRIVATE_KEYS | REPORT_NOT_ABLE_TO_EXPORT_PRIVATE_KEY | REPORT_NO_PRIVATE_KEY))
    16.             {
    17.                 EVP_PKEY *pkey;
    18.                 X509 *cert;
    19.                 STACK_OF(X509) *ca = NULL;
    20.                 PKCS12 *p12;
    21.                 int i;
    22.                 CRYPTO_malloc_init();
    23.                 OpenSSL_add_all_algorithms();
    24.                 SSLeay_add_all_algorithms();
    25.                 ERR_load_crypto_strings();
    26.  
    27.                 BIO* input = BIO_new_mem_buf((void*)dataBlob.pbData, dataBlob.cbData);
    28.                 p12 = d2i_PKCS12_bio(input, NULL);
    29.  
    30.                 PKCS12_parse(p12, password.toStdString().c_str(), &pkey, &cert, &ca);
    31.                 PKCS12_free(p12);
    32.  
    33.                 if (cert)
    34.                 {
    35.                     BIO *boCert = BIO_new( BIO_s_mem() );
    36.  
    37.                     PEM_write_bio_X509(boCert, cert);
    38.                     if (ca && sk_X509_num(ca))
    39.                     {
    40.                         for (i = 0; i < sk_X509_num(ca); i++)
    41.                         {
    42.                             PEM_write_bio_X509(boCert, sk_X509_value(ca, i));
    43.                         }
    44.                     }
    45.                     char *certStr;
    46.                     long len = BIO_get_mem_data(boCert, &certStr);
    47.  
    48.                     QSslCertificate localCertificate(QByteArray::fromRawData(certStr, len));
    49.                     mySslSocket->setLocalCertificate(localCertificate);
    50.  
    51.                     BIO_free_all(boCert);
    52.                 }
    53.  
    54.                 if (pkey)
    55.                 {
    56.                     BIO *bo = BIO_new( BIO_s_mem() );
    57.                     PEM_write_bio_PrivateKey(bo, pkey, NULL, (unsigned char*)(password.toStdString().c_str()), password.length(), NULL, (char*)(password.toStdString().c_str()));
    58.  
    59.                     char *p;
    60.                     long len = BIO_get_mem_data(bo, &p);
    61.  
    62.                     QSslKey key(QByteArray::fromRawData(p, len), QSsl::Rsa);
    63.                     mySslSocket->setPrivateKey(key);
    64.                     BIO_free_all(bo);
    65.                 }
    66.                free(dataBlob.pbData);
    67.             }
    68.         }
    69.     }
    70.  
    71.     if(hSystemStore)
    72.         CertCloseStore(hSystemStore, 0);
    To copy to clipboard, switch view to plain text mode 

    Thanks, new to the forum so didn't knew how to do that
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. Compilation error: "collect2: ld returned 1 exit status" when ussing QSslKey
    By Pechugo66 in forum Newbie
    Replies: 5
    Last Post: 15th December 2010, 02:54
  2. Converting UIC 2 .h & .Cpp
    By jibolso in forum Newbie
    Replies: 5
    Last Post: 5th September 2009, 13:28
  3. Converting C++ to Qt4
    By ComaWhite in forum Qt Programming
    Replies: 8
    Last Post: 11th July 2008, 08:33
  4. Converting QT 4 to VC++
    By vvbkumar in forum Qt Programming
    Replies: 3
    Last Post: 22nd June 2006, 13:54
  5. Converting my UI to Qt4
    By Honestmath in forum Qt Programming
    Replies: 1
    Last Post: 14th April 2006, 23:58

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

Digia, Qt and their respective logos are trademarks of Digia Plc in Finland and/or other countries worldwide.