CryptoSys Home > PKI > Examples

Examples for CryptoSys PKI Pro

This page contains some examples showing how to use the functions in CryptoSys PKI Pro. For hints on programming see the manual and Programming with CryptoSys PKI


"Hello World" programs | Example code and test modules in the distribution | Recent examples | Examples of new features in v12 | Techniques and help about RSA keys | Using in Excel | Creating S/MIME signedData and envelopedData objects | Sending secure CMS messages using VB.NET | How to validate an X.509 certficate | Doing RSA Encryption and Signing with C# | Encrypting and decrypting using RSA-OAEP in XML | Handling PFX/P12 data in memory | SAT Mexico Examples | Examples using Python | Contact us

Simple "Hello World" programs

The equivalent of the "Hello world" program for CryptoSys PKI is to call the PKI_Version function. A correct response demonstrates that the Toolkit is properly installed. See Hello World programs for some sample code.

Example code and test modules in the distribution

There are a comprehensive set of tests provided in the distribution download, which give examples of how to use almost all the functions in the library. You will find the latest versions of these files in the installation directory, usually C:\Program Files (x86)\CryptoSysPKI.

Recent examples

Examples of recent features in v12

Techniques and help about RSA keys

See RSA Techniques for some examples of using the "raw" RSA functions to carry out simple encryption and signing operations. (Hint: you are strongly recommended to use the S/MIME CMS functions if you need to pass secure messages. The S/MIME protocols have been well designed and tested - be careful designing your own.) If you need more information about RSA keys and how they can be stored and the functions available in the Toolkit to handle them, see RSA Key Formats.

New2018-06-10: You can pass a string directly instead of a filename for the 'keyFile' and 'certFile' arguments. See some C# code to do this in KeyCertsAsStrings.cs.

New2019-01-19: The page How to process a PFX file shows how to extract your X.509 certificate and private key from a PFX (PKCS12/p12) file. It includes C# and Python code.

Making an RSA signature in an Excel spreadsheet

This Excel spreadsheet (65 kB) contains VBA macros that show how to use CryptoSys PKI to make and verify RSA signatures in a spreadsheet (it's Excel 2003 but should still work in the latest version). Here is the VBA code in Module1.bas. A sample certificate and encrypted private key is included (the password for the sample key is, of course, password). The key and certificate files must be in the same directory as the spreadsheet itself, and macros must be enabled. The spreadsheet will show you how to make a signature and verify one.

Creating S/MIME signedData and envelopedData objects

See Sign and Encrypt for a VB6/VBA example showing how to sign and then encrypt some data to produce an S/MIME-conformant CMS object you could send as part of an email. The output in the debug immediate window should look like this. Download all files including the test certificate and private key files here. The password for both private keys is "password".

Sending secure CMS messages using VB.NET

How to create and read secure CMS messages between parties, starting from scratch by generating your own keys and your own private set of X.509 certificates: VB.NET source code (zipped, 5kB). You need to create your own certificates because the CMS format requires public key in X.509 form, but there's no need to pay for them - just be your own CA. You can check that your end users have the correct certificates by comparing the certificate file thumbprints (aka SHA-1 message digest values) over the phone.

How to validate an X.509 certficate

The VB6 code in How to Validate a Certificate Chain shows how you can validate that an end user's certificate is still current and really was issued by the correct authority.
2010-05-02: Check out the X509_ValidatePath function.

Doing RSA Encryption and Signing with C#

See Doing RSA Encryption and Signing with C#.

Encrypting and decrypting using RSA-OAEP in XML, handling PFX/P12 data in memory

Question: I am programming in C. I want to encrypt and decrypt a session key using the following parameters:
<xenc:EncryptionMethod Algorithm="">
<xenc11:MGF Algorithm=""/>
<ds:DigestMethod Algorithm=""/>
Also, I already have the P12 (PFX) data in memory. Is there a way to access this without writing to a file? And can I create an X.509 certificate (.cer) file from the PFX data?

Answer: yes, yes and yes. See the solution in XmlEnc.c. The PFX file used is bob.pfx with password "password". (Remember if you were encrypting a message to Bob, you wouldn't have his PFX or private key data. This is just a demonstration of techniques.) The EncryptedKey subset of your XML might look like this: XmlEncKey.xml.

To use a PFX file in memory instead of a file, pass a string containing the PFX file in PEM format
char *pfxstr="-----BEGIN PKCS12-----"
"-----END PKCS12-----";
For more details about handling file data as a string, see PEM string alternative.

SAT Mexico Examples

See SAT Mexico and CryptoSys PKI (now mostly superseded by FirmaSAT). But also

Techniques shown in the example C/C++ code

Carol is the CA who signs her own certificate. Ann, Ben and Damien are end users whose certificates are issued by Carol. Damien's certificate is then revoked by Carol.

Important Note: Some examples of RSA encryption and signing given here use a 512-bit key. This is for convenience and speed in demonstration and testing. Using a 512-bit key is not recommended for production work. Use at least a 1024-bit key in practice.


See the page A Python interface to CryptoSys PKI Pro.


To comment on this page or get more information, please send us a message.

This page last updated 18 january 2023