本文介绍了如何将我所有的软件证书分别导出到.pfx文件?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我想以编程方式将计算机上所有我的软件证书分别导出到 .pfx 文件中,以对已经在另一台PC上进行最终构建的2个新软件进行签名.

I want export programatically of a computer all my certificates of software separately to .pfx file to sign 2 new softwares that already are in final step of building in another pc.

为此,我找到了一个C ++代码示例(在我翻译成Delphi之后).

To make this i found a C++ code example (that after i translate to Delphi).

我的Delphi版本仍然没有经过测试,但是即使如此,我仍然认为效果很好.

My Delphi version still not was tested but even so i think that is working fine.

program CertToPFX;

{$APPTYPE CONSOLE}
{$R *.res}

uses
  Windows,
  WinCrypt,
  Classes,
  SysUtils;

var
  CertContext: PCCERT_CONTEXT;
  CertPropId: DWORD;
  Data: array [0 .. 511] of Char;
  DataLen: DWORD;

procedure DisplayCertContext(Cert: PCertContext);
var
  CertName: array [0 .. 255] of Char;
begin
  if CertGetNameString(CertContext, CERT_NAME_EMAIL_TYPE, 0, nil, CertName,
    256) = 0 then
    RaiseLastOSError;
  Writeln('Subject CERT_NAME_EMAIL_TYPE: ', CertName);
  if CertGetNameString(CertContext, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, nil,
    CertName, 256) = 0 then
    RaiseLastOSError;
  Writeln('Subject CERT_NAME_SIMPLE_DISPLAY_TYPE: ', CertName);
  if CertGetNameString(CertContext, CERT_NAME_FRIENDLY_DISPLAY_TYPE, 0, nil,
    CertName, 256) = 0 then
    RaiseLastOSError;
  Writeln('Subject CERT_NAME_FRIENDLY_DISPLAY_TYPE: ', CertName);

  if CertGetNameString(CertContext, CERT_NAME_EMAIL_TYPE, CERT_NAME_ISSUER_FLAG,
    nil, CertName, 256) = 0 then
    RaiseLastOSError;
  Writeln('Issuer CERT_NAME_EMAIL_TYPE: ', CertName);
  if CertGetNameString(CertContext, CERT_NAME_SIMPLE_DISPLAY_TYPE,
    CERT_NAME_ISSUER_FLAG, nil, CertName, 256) = 0 then
    RaiseLastOSError;
  Writeln('Issuer CERT_NAME_SIMPLE_DISPLAY_TYPE: ', CertName);
  if CertGetNameString(CertContext, CERT_NAME_FRIENDLY_DISPLAY_TYPE,
    CERT_NAME_ISSUER_FLAG, nil, CertName, 256) = 0 then
    RaiseLastOSError;
  Writeln('Issuer CERT_NAME_FRIENDLY_DISPLAY_TYPE: ', CertName);
end;

procedure ExportCertToPFX(NameStore, Password: string);
var
  TmpPFX: CRYPT_DATA_BLOB;
  hStore: HCERTSTORE;
  Mem: TMemoryStream;
  i, J: Integer;
begin
  hStore := CertOpenSystemStore(0, PChar(NameStore));
  if (hStore = nil) then
    RaiseLastOSError;
  Mem := TMemoryStream.Create;
  J := 0;
  try
    try
      CertContext := CertEnumCertificatesInStore(hStore, nil);
      while (CertContext <> nil) do
      begin
        DisplayCertContext(CertContext);
        CertPropId := CertEnumCertificateContextProperties(CertContext, 0);
        while CertPropId <> 0 do
        begin
          DataLen := 512;
          case CertPropId of
            CERT_KEY_PROV_HANDLE_PROP_ID:
              begin
                CertGetCertificateContextProperty(CertContext, CertPropId,
                  @Data[0], DataLen);
                Writeln(Format('KEY_PROV_HANDLE: $%.8x', [PDWORD(@Data[0])^]));
              end;
            CERT_KEY_PROV_INFO_PROP_ID:
              begin
                CertGetCertificateContextProperty(CertContext, CertPropId,
                  @Data[0], DataLen);
                with PCryptKeyProvInfo(@Data[0])^ do
                begin
                  Writeln(Format('pwszContainerName = %s',
                    [pwszContainerName]));
                  Writeln(Format('pwszProvName = %s', [pwszProvName]));
                  Writeln(Format('dwFlags = %d', [dwFlags]));
                  Writeln(Format('cProvParams = %d', [cProvParam]));
                  Writeln(Format('dwKeySpec = %d', [dwKeySpec]));
                end;
                Writeln(Format('KEY_PROV_INFO: %d', [@Data[0]]));
              end;
            CERT_FRIENDLY_NAME_PROP_ID:
              begin
                CertGetCertificateContextProperty(CertContext, CertPropId,
                  @Data[0], DataLen);
                Writeln(Format('FRIENDLY_NAME: %s', [PChar(@Data[0])]));
              end;
            CERT_KEY_IDENTIFIER_PROP_ID:
              begin
                CertGetCertificateContextProperty(CertContext, CertPropId,
                  @Data[0], DataLen);
                Write('KEY_IDENTIFIER: ');
                for i := 1 to DataLen do
                  Write(Format('%.2x ', [PBYTE(@Data[i - 1])^]));
                Writeln;
              end;
            CERT_SHA1_HASH_PROP_ID:
              begin
                CertGetCertificateContextProperty(CertContext, CertPropId,
                  @Data[0], DataLen);
                Write('SHA1_HASH: ');
                for i := 1 to DataLen do
                  Write(Format('%.2x ', [PBYTE(@Data[i - 1])^]));
                Writeln;
              end;
            CERT_MD5_HASH_PROP_ID:
              begin
                CertGetCertificateContextProperty(CertContext, CertPropId,
                  @Data[0], DataLen);
                Write('MD5_HASH: ');
                for i := 1 to DataLen do
                  Write(Format('%.2x ', [PBYTE(@Data[i - 1])^]));
                Writeln;
              end;
          else
          end;
          CertPropId := CertEnumCertificateContextProperties(CertContext,
            CertPropId);
        end;
        Inc(J);
        CertContext := CertEnumCertificatesInStore(hStore, CertContext);
      end;

      if (J = 0) then
        Exit;

      Writeln(Format('CertificatesInStore = [%d]', [J]));
      Writeln('');

      TmpPFX.cbData := 0;
      TmpPFX.pbData := nil;

      if (PFXExportCertStoreEx(hStore, @TmpPFX, PChar(Password), nil,
        EXPORT_PRIVATE_KEYS)) then

        TmpPFX.pbData := CryptMemAlloc(SizeOf(BYTE) * TmpPFX.cbData);

      if (TmpPFX.pbData <> nil) then
      begin

        if (PFXExportCertStoreEx(hStore, @TmpPFX, PChar(Password), nil,
          EXPORT_PRIVATE_KEYS)) then
        begin

          Mem.WriteBuffer(TmpPFX.pbData^, TmpPFX.cbData);

          Mem.SaveToFile(NameStore + '_' + IntToStr(J) + '_' + Format('%08x',
            [GetTickCount]) + '.pfx');
        end;
        CryptMemFree(TmpPFX.pbData);
      end;
    except
      on E: Exception do
        Writeln(Format('[%s] %s', [E.ClassName, E.Message]));
    end;
  finally
    CertCloseStore(hStore, 0);
    Mem.Free;
  end;
end;

begin
  try
    ExportCertToPFX('MY', '123');
  except
    on E: Exception do
      Writeln(E.ClassName, ': ', E.Message);
  end;
  Readln;

end.

参考:

  • ExportSert.cpp in Carberp
  • WinCrypt.pas
  • How can I access windows root certificate authorities certificates with Delphi?
  • How to export certificate from Windows certificate store via CryptoAPI as Base64 string

我的麻烦是,显然我的Delphi版本(以及C ++示例)都将所有证书导出到唯一的.pfx文件中,直到我知道(如果我错了,请修复我)才可以使用1. pfx文件/软件,那么我如何在此代码导出到所有这些证书后将它们分离到唯一的.pfx文件中?

My trouble is that apparently my Delphi version (and also the C++ example), both exports ALL certificates to a unique .pfx file, and until where i know (fix me if i'm wrong) only is possible use 1 .pfx file/software, then how i can separate after all these certificates that this code exports to a unique .pfx file?

我相信,对 CertEnumCertificatesInStore 可以解决此问题,但是对此不确定.有人可以给我一个建议吗?

I belive that generating 1 .pfx file to each certificate found inCertEnumCertificatesInStore can solve this question, but not have sure about this. Someone could give me a suggestion please?

推荐答案

好吧,这是基于 @bartonjs

var
  CertContext: PCCERT_CONTEXT;

procedure ExportCertToPFX(NameStore, Password: string);
var
  TmpPFX: CRYPT_DATA_BLOB;
  hTempStore: HCERTSTORE;
begin

  hTempStore := CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
    CERT_STORE_CREATE_NEW_FLAG, nil);
  if (hTempStore = nil) then
    RaiseLastOSError;

  try
    CertContext := CertEnumCertificatesInStore(hStore, nil);
    while (CertContext <> nil) do
    begin

      if not CertAddCertificateContextToStore(hTempStore, CertContext,
        CERT_STORE_ADD_NEW, nil) then
        Continue;

      TmpPFX.cbData := 0;
      TmpPFX.pbData := nil;

      if (PFXExportCertStoreEx(hTempStore, @TmpPFX, PChar(Password), nil,
        EXPORT_PRIVATE_KEYS)) then

        TmpPFX.pbData := CryptMemAlloc(SizeOf(BYTE) * TmpPFX.cbData);

      if (TmpPFX.pbData <> nil) then
      begin

        if (PFXExportCertStoreEx(hTempStore, @TmpPFX, PChar(Password), nil,
          EXPORT_PRIVATE_KEYS)) then
        begin

          // Save to .pfx file

        end;

        CryptMemFree(TmpPFX.pbData);
      end;

      if not CertDeleteCertificateFromStore
        (CertDuplicateCertificateContext(CertContext)) then
        if (GetLastError = Cardinal(E_ACCESSDENIED)) then
          Continue;

      CertContext := CertEnumCertificatesInStore(hStore, CertContext);
    end;
  except
    on E: Exception do
      Writeln(Format('[%s] %s', [E.ClassName, E.Message]));
  CertCloseStore(hTempStore, 0);
  end;
CertCloseStore(hTempStore, 0);
end;

这篇关于如何将我所有的软件证书分别导出到.pfx文件?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-11 08:51