IPWorks Auth 2020 Python Edition

Questions / Feedback?

export_certificate Method

Exports the currently selected certificate.

Syntax

def export_certificate(cert_file: str, password: str) -> None: ...

Remarks

This method exports the certificate currently selected by cert_subject to the file specified by the CertFile parameter in the format specified by export_format. This method may effectively be used to convert between a variety of formats.

The Password parameter specifies a password for the private key when export_private_key is set to True. Password is not applicable when export_private_key is set to False.

If CertFile is set to empty string the exported certificate will not be written to disk and instead will be held as a string by the exported_cert property.

export_format is applicable when on_export_certificate is called and may be used to specify the output format. The applicability of each format depends on whether export_private_key is set. Some formats are only applicable when exporting to a private key and some values are only applicable when exporting to a public key.

ExportFormatApplicabilityDescription
"PFX" or "PKCS12" (default) Private Keys A PFX file (PKCS12).
"PEM" Public and Private Keys

A PEM formatted public certificate (X509/PKCS1/PKCS8), or PEM formatted private key (PKCS1/PKCS8).

When export_private_key is False the exported certificate will be a PEM formatted X509 public certificate if the certificate being exported includes X509 data. If no X509 information is present the public key will be exported in PKCS1 public key format for RSA/DSA keys and PKCS8 public key format for ECDSA/EdDSA keys.

When export_private_key is True the exported certificate will be a PEM formatted PKCS1 private key for RSA/DSA keys and a PEM formatted PKCS8 proviate key for ECDSA/EdDSA keys.

Example when export_private_key is False:

-----BEGIN CERTIFICATE-----
MIIBkTCB+6ADAgECAgEBMA0GCSqGSIb3DQEBBQUAMA4xDDAKBgNVBAMTAzEwMDAgFw0wNzAx
...
Pg49SpQ+HcUibIpum2O0hmnySH7BPGfXD8Lu
-----END CERTIFICATE-----
Example when export_private_key is True:
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQD5/STHUd7YkN1JyoyYnUvCf+Fyx1+ZleBJxvwDcm3yaZ98bvry
...
91y8ydb3mQ9l1hZudo2sj8tHnvEgph0r7B8hMM6Qaw==
-----END RSA PRIVATE KEY-----

"PKCS1" Public and Private KeysA PEM formatted PKCS1 key file.

Example when export_private_key is False:

-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBALAyxV5assz+9v7aHbj93NYN5uGB/1z7kb2Nx4hj02QyRYbcD4htkhK4Qcq2GCsG
...
MxW4+pdeN4oEZ6rbMZt01bvMwNRX2GDEyQBhAgMBAAE=
-----END RSA PUBLIC KEY-----
Example when export_private_key is True:
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQD5/STHUd7YkN1JyoyYnUvCf+Fyx1+ZleBJxvwDcm3yaZ98bvry
...
91y8ydb3mQ9l1hZudo2sj8tHnvEgph0r7B8hMM6Qaw==
-----END RSA PRIVATE KEY-----

"PKCS8" Public and Private KeysA PEM formatted PKCS8 key file.

Example when export_private_key is False:

-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxdTNtpJQbw90cq6aJEx5vRIBrAiCAB9/F
...
8UdUliXeU8UGYjVcMhGy5oPsVeBXGcPAqF2mjXdBKNnzlSlctOLnYRBS5jwRuNfTQQIDAQAB
-----END PUBLIC KEY-----
Example when export_private_key is True:
-----BEGIN PRIVATE KEY-----
MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAPn9JMdR3tiQ3UnK
...
HSvsHyEwzpBr
-----END PRIVATE KEY-----

"OpenSSH" Public and Private KeysAn OpenSSH public or private key file.

Example when export_private_key is False:

ssh-rsa AAAAB3NzaC1y...
Example when export_private_key is True:
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAlwAAAAdzc2gtcnNh
...
AwQFBgcICQo=
-----END OPENSSH PRIVATE KEY-----

"PPK" Private KeysA PuTTY private key file.

Example:

PuTTY-User-Key-File-2: ssh-rsa
Encryption: none
Comment: rsa-key-20180822
Public-Lines: 4
AAAAB3NzaC1yc2EAAAADAQABAAAAgQCmz5j5kWUKxfwiv6J0LQ4wN9ekpeORXVaP
...
8pSSWejQ5Q==
Private-Lines: 8
AAAAgH87Sp/YcSw1dKoAZuWb0/2dKkKwMRIYEkS15caRpzAteay6WWX7l1sgBTU7
...
Oa0=
Private-MAC: d53e24f44bde8d1d3844a142fbb1fa7c88ea3585

"SSH2PublicKey"Public KeysAn SSH2 public key.

Example:

---- BEGIN SSH2 PUBLIC KEY ----
AAAAB3NzaC1yc2EAAAADAQABAAAAgQD5/STHUd7YkN1JyoyYnUvCf+Fyx1+ZleBJxvwDcm3y
...
6bVPTODELil1PVWJDlfdwoLZZKY2ACFHzxBqaOlYv1rbd2JIYAuqGca2ow==
---- END SSH2 PUBLIC KEY ----

"SSH2PrivateKey"Private KeysAn SSH2 private key.

Example:

---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----
AAAAB3NzaC1yc2EAAAADAQABAAAAgQD5/STHUd7YkN1JyoyYnUvCf+Fyx1+ZleBJxvwDcm3y
...
6bVPTODELil1PVWJDlfdwoLZZKY2ACFHzxBqaOlYv1rbd2JIYAuqGca2ow==
---- END SSH2 ENCRYPTED PRIVATE KEY ----

"JWK"Private and Public KeysA JSON Web Key (JWK).

Example when export_private_key is False:

{
	"kty": "EC",
	"crv": "P-256",
	"x": "M_P_uqzP43FYW-kXWlpEDlX3nPZUr1QaMllAxUnao7w",
	"y": "zRFhp7iCXYIoTgerQ4LjGPTujodlimrwIMk-3enj_1Q"
}
Example when export_private_key is True:
{
	"kty": "EC",
	"crv": "P-256",
	"x": "M_P_uqzP43FYW-kXWlpEDlX3nPZUr1QaMllAxUnao7w",
	"y": "zRFhp7iCXYIoTgerQ4LjGPTujodlimrwIMk-3enj_1Q",
	"d": "eFBtl-uaB9Y4b-CIav5IYX4gGRFBvpBmrMOOQ7L-euI"
}

"XML"Private and Public KeysAn XML file holding the key or X509 data.

Example when export_private_key is False:

<X509Data>
	<X509Certificate>MIIB...D8Lu</X509Certificate>
</X509Data>
Example when export_private_key is True:
<RSAKeyValue>
	<Modulus>+f0k...tqM=</Modulus>
	<Exponent>AQAB</Exponent>
	<P>/cOnF...tGw==</P>
	<Q>/DD5...dGQ==</Q>
	<DP>d75...N0w==</DP>
	<DQ>Cyv...rKQ==</DQ>
	<InverseQ>fsB...Qaw==</InverseQ>
	<D>J7p...YJE=</D>
</RSAKeyValue>

ExportCertificate Example:


//Convert from PFX to PPK
certmgr.SetCertStoreType(CST_PFXFILE);
certmgr.SetCertStore("..\\test.pfx", strlen("..\\test.pfx"));
certmgr.SetCertStorePassword("password");
certmgr.SetCertSubject("*");

certmgr.SetExportPrivateKey(true);
certmgr.SetExportFormat("PPK");
int ret_code = certmgr.ExportCertificate("..\\test.ppk", "newpassword");

//Export public certificate from PFX
certmgr.SetCertStoreType(CST_PFXFILE);
certmgr.SetCertStore("..\\test.pfx", strlen("..\\test.pfx"));
certmgr.SetCertStorePassword("password");
certmgr.SetCertSubject("*");

certmgr.SetExportPrivateKey(false);
certmgr.SetExportFormat("PEM");
ret_code = certmgr.ExportCertificate("..\\exported.cer", "");

//Convert .cer file to SSH2 Public Key
certmgr.SetCertStoreType(CST_PUBLIC_KEY_FILE);
certmgr.SetCertStore("..\\exported.cer", strlen("..\\exported.cer"));
certmgr.SetCertSubject("*");

certmgr.SetExportPrivateKey(false);
certmgr.SetExportFormat("SSH2PublicKey");
ret_code = certmgr.ExportCertificate("C:\\ssh2.pub", "");

Copyright (c) 2022 /n software inc. - All rights reserved.
IPWorks Auth 2020 Python Edition - Version 20.0 [Build 8155]