Skip to main content

Export Key in Cpp

The following code sample illustrates how to export key.


Code Sample

See the C++ environment settings for details on setting the project environment.


<cpp_create_key.cpp>
/*****************************************************************************************
* cpp_export_key.cpp
*
*
******************************************************************************************/

#include <iostream>
#include "teconnection.h"
#include "teagent.h"
#include "teexception.h"
#include "teauthldapctx.h"
#include "teutil_keycert.h"
#include "teauthuserctx.h"
#include "teadmin.h"
#include "teparameter.h"
#include "teadmin_config.h"
#include "tekey.h"

using namespace ERUCES;
using namespace std;

auto_ptr<TEConnection> te_conn;

void connect_native(string strServer, int nAdminPort, string strUsername, string strPassword)
{
te_conn = TEConnection::createInstance(TEConnection::NormalConnection);

auto_ptr<TEUserAuthenticationContext> ctx = TEUserAuthenticationContext::getInstance();
ctx->setUser(strUsername);
ctx->setPasswd(strPassword);

te_conn->open(strServer, nAdminPort, *ctx.operator->());
cout << "Connected to " << strServer << " at " << nAdminPort << " as " << strUsername << endl;
}

void connect_native_admin(string strServer, int nAdminPort, string strUsername, string strPassword)
{
te_conn = TEConnection::createInstance(TEConnection::SecureConnection);

auto_ptr<TEUserAuthenticationContext> ctx = TEUserAuthenticationContext::getInstance();
ctx->setUser(strUsername);
ctx->setPasswd(strPassword);

te_conn->open(strServer, nAdminPort, *ctx.operator->());
cout << "Connected to " << strServer << " at " << nAdminPort << " as " << strUsername << endl;
}

void connect_cert_PKCS12(string strServer, int nAdminPort, string strPKCS12_PKey_File, string strPassword)
{
te_conn = TEConnection::createInstance(TEConnection::SSLMutualConnection); // SSLMutualConnection = 0x00000004

// Read Certificate and Private Key from PKCS#12 private key file.
string strCertChain = "";
string strPrivKey = "";
TEKeyCertUtil::loadFromFile(strPKCS12_PKey_File, strPassword, strCertChain, strPrivKey, false);

// Open connection to the server for certificate user
te_conn->open(strServer, nAdminPort, strCertChain, strPrivKey);

cout << "Connected to " << strServer << " at " << nAdminPort << " as certificate user" << endl;
}

void disconnect()
{
te_conn->close();
cout << "Disconnected from server" << endl;
}

void EncryptData(string& strData, string& strHiddenLink) {

TEAgent teagent;
teagent.attachConnection(te_conn.get());

string strIV;
cout << "Original data = " << strData.c_str() << endl;
cout << "Original data size = " << strData.size() << endl;

teagent.encryptData(strData, strHiddenLink, strIV);
teagent.detachConnection();

cout << "Encrypted data = ";
int i;
for(i=0; i<strData.size(); i++) {
cout << "[" << (int)strData[i] << "]";
}
cout << endl;
cout << "Encrypted size = " << strData.size() << endl;

cout << "HiddenLink = ";
for(i=0; i<strHiddenLink.size(); i++) {
cout << "[" << (int)strHiddenLink[i] << "]";
}
cout << endl;
cout << "HiddenLink size = " << strHiddenLink.size() << endl;
}

void DecryptData(string& strData, string& strHiddenLink) {

TEAgent teagent;
teagent.attachConnection(te_conn.get());
teagent.detachConnection();

string strIV;
teagent.decryptData(strData, strHiddenLink, strIV);
cout << "Decrypted data = " << strData.c_str() << endl;
cout << "Decrypted size = " << strData.size() << endl;
}

void ExportKeyWithCertId(string& strHiddenLink, string& strExportedKey, int nServerSystemId, int nCertPrincipalId, unsigned int type) {

// Attach Connection to the Key class.
TEKey tekey;
tekey.attachConnection(te_conn.get());

if(type == 0) {
KeyPair strPair = make_pair<string *, string *>(&strHiddenLink, &strExportedKey);
KeyPair pairArray[1];
pairArray[0] = strPair;
tekey.exportKey(nServerSystemId, nCertPrincipalId, pairArray, sizeof(pairArray)/sizeof(KeyPair));
}
else {
string * hlArray[1];
hlArray[0] = &strHiddenLink;

tekey.exportKeyFormatted(nServerSystemId, nCertPrincipalId, hlArray, 1, strExportedKey, type);
}

tekey.detachConnection();
}

void AddACLEntry(string strHL, int nPrincipalID) {
TEAdmin admin;
admin.attachConnection(te_conn.get());

TEACLInfo acl;
admin.getACL(strHL, acl, false); // hiddenlink is not base64 encoded.

cout << "ACLInfo: " << endl;
cout << "\tACLID: " << acl.getACLId() << endl;
cout << "\tExpiration Flag: " << acl.getKeyExpirationFlag() << endl;
cout << "\tNumber of ACL entries: " << acl.EntryCount() << endl;

long lSystemID; // for assignment late
int i = 0;
TEObjectContainer cont;
acl.getEntries(cont);
for (i=0; i < cont.size(); ++i)
{
TEACLEntry *ent = (TEACLEntry *)cont[i];
cout << endl;
cout << "\tACLID: " << ent->getACLId() << endl;
cout << "\tACLRight: " << ent->getACLRight() << endl;
cout << "\tCreationTimestamp: " << ent->getCreationTimestamp() << endl;
cout << "\tEndTimestamp: " << ent->getEndTimestamp() << endl;
cout << "\tMaxUsage: " << ent->getMaxUsage() << endl;
cout << "\tPrincipalId: " << ent->getPrincipalId() << endl;
cout << "\tStartTimestamp: " << ent->getStartTimestamp() << endl;
cout << "\tSystemID: " << ent->getSystemID() << endl;
cout << "\tUserRight: " << ent->getUserRight() << endl;
if (i==0)
lSystemID = ent->getSystemID();
}

// Create an ACL entry to add
TEACLEntry ent2add;
ent2add.setACLId( acl.getACLId() );
ent2add.setACLRight(RIGHT_READ | RIGHT_WRITE); // read and write rights
ent2add.setEndTimestamp(0);
ent2add.setMaxUsage(-1); // no limit
ent2add.setPrincipalId(nPrincipalID);
ent2add.setStartTimestamp(0);
ent2add.setSystemID(lSystemID);
//ent2add.setUserRight(1); // reserved

TEACLInfo acl2;
acl2.setACLId( acl.getACLId() );
acl2.addEntry( ent2add );

// Update the server, the ACL entry will be added.
admin.updateACL(ACLENTRY_ADD, acl2);

cout << endl;
cout << "ACLInfo was updated. " << endl;

// Get the updated info.
admin.getACL(strHL, acl, false);
cout << "ACLInfo: " << endl;
cout << "\tACLID: " << acl.getACLId() << endl;
cout << "\tExpiration Flag: " << acl.getKeyExpirationFlag() << endl;
cout << "\tNumber of ACL entries: " << acl.EntryCount() << endl;
acl.getEntries(cont);
for (i=0; i < cont.size(); ++i)
{
TEACLEntry *ent = (TEACLEntry *)cont[i];
cout << endl;
cout << "\tACLID: " << ent->getACLId() << endl;
cout << "\tACLRight: " << ent->getACLRight() << endl;
cout << "\tCreationTimestamp: " << ent->getCreationTimestamp() << endl;
cout << "\tEndTimestamp: " << ent->getEndTimestamp() << endl;
cout << "\tMaxUsage: " << ent->getMaxUsage() << endl;
cout << "\tPrincipalId: " << ent->getPrincipalId() << endl;
cout << "\tStartTimestamp: " << ent->getStartTimestamp() << endl;
cout << "\tSystemID: " << ent->getSystemID() << endl;
cout << "\tUserRight: " << ent->getUserRight() << endl;
}

admin.detachConnection();
}

int main()
{

string strServer = "localhost";
int nSystemId = 1;
int nAdminPort = 8888;

string strPKCS12_PKey_File = "C:\\Documents and Settings\\Administrator\\pkcs12_private_key.pfx"; // PKCS#12 private key file.


unsigned int type = 0; // 0 - NORMAL,
// 1 - SMIME,
// 2 - XML.

string strData = "this is a test string.";
string strHiddenLink;
string strExportedKey;

try
{
int nTestCase = 2;

if (nTestCase == 1) {
// Case 1: Export the certificate user's own key

// Encrypt data
cout << endl << "Encrypt data at export server:" << endl;
connect_cert_PKCS12(strServer, nAdminPort, strPKCS12_PKey_File, "password");
EncryptData(strData, strHiddenLink);
disconnect();

// Export key
cout << endl << "Export key:" << endl;
connect_cert_PKCS12(strServer, nAdminPort, strPKCS12_PKey_File, "password");
int nCertPrincipalId = te_conn->getPrincipalID();
cout << "nCertPrincipalId = " << nCertPrincipalId << endl;
// Keys exported with system id and certificate principal id cannot be imported to other server.
ExportKeyWithCertId(strHiddenLink, strExportedKey, nSystemId, nCertPrincipalId, type);
}
else {
// Case 2: Export a native user's key using a certificae user's public key.

// Get the certificate user's principal ID
connect_cert_PKCS12(strServer, nAdminPort, strPKCS12_PKey_File, "password");
int nCertPrincipalId = te_conn->getPrincipalID();
cout << "nCertPrincipalId = " << nCertPrincipalId << endl;
disconnect();

// Encrypt data
cout << endl << "Encrypt data at export server:" << endl;
connect_native(strServer, nAdminPort, "ls", "password");
EncryptData(strData, strHiddenLink);
disconnect();

// Add the certificate user to the ACL
cout << endl << "Add the certificate user to the ACL:" << endl;
connect_native_admin(strServer, nAdminPort, "ls", "password");
AddACLEntry(strHiddenLink, nCertPrincipalId);

// Export key
ExportKeyWithCertId(strHiddenLink, strExportedKey, nSystemId, nCertPrincipalId, type);
disconnect();
}

cout << "export key done." << endl;
cout << "HiddenLink = ";
int i;
for(i=0; i<strHiddenLink.size(); i++) {
cout << "[" << (int)strHiddenLink[i] << "]";
}
cout << endl;
cout << "HiddenLink size = " << strHiddenLink.size() << endl;
cout << "Exported key = ";
for(i=0; i<strExportedKey.size(); i++) {
cout << "[" << (int)strExportedKey[i] << "]";
}
cout << endl;
cout << "Exported key size = " << strExportedKey.size() << endl;
disconnect();

}
catch (TEException &e)
{
cout << e.getAllMessages() << endl;
}
catch (...)
{
cout << "Unexpected error" << endl;
}

return 0;
}
Output
Connected to localhost at 8888 as certificate user
nCertPrincipalId = 3001
Disconnected from server

Encrypt data at export server:
Connected to localhost at 8888 as ls
Original data = this is a test string.
Original data size = 22
Encrypted data = [-60][-64][103][126][-35][53][93][-101][13][-55][-11][123][-76]
[-114][42][55][3][40][6][73][26][0][-88][-76]
Encrypted size = 24
HiddenLink = [0][0][0][1][100][-121][63][38][56][40][-102][42][-112][22][54][87]
[-50][106][101][111][-101][92][-7][44][-28][4][-110][-89][-57][95][41][-59][-56]
[-50][69][-6][73][10][63][-9]
HiddenLink size = 40
Disconnected from server

Add the certificate user to the ACL:
Connected to localhost at 8888 as ls
ACLInfo:
ACLID: 2008
Expiration Flag: 0
Number of ACL entries: 1

ACLID: 2008
ACLRight: 7
CreationTimestamp: 1196281739
EndTimestamp: 0
MaxUsage: 4294967295
PrincipalId: 1001
StartTimestamp: 0
SystemID: 1
UserRight: 0

ACLInfo was updated.
ACLInfo:
ACLID: 2008
Expiration Flag: 0
Number of ACL entries: 2

ACLID: 2008
ACLRight: 7
CreationTimestamp: 1196281739
EndTimestamp: 0
MaxUsage: 4294967295
PrincipalId: 1001
StartTimestamp: 0
SystemID: 1
UserRight: 0

ACLID: 2008
ACLRight: 3
CreationTimestamp: 1196281739
EndTimestamp: 0
MaxUsage: 4294967295
PrincipalId: 3001
StartTimestamp: 0
SystemID: 1
UserRight: 0
Disconnected from server
export key done.
HiddenLink = [0][0][0][1][100][-121][63][38][56][40][-102][42][-112][22][54][87]
[-50][106][101][111][-101][92][-7][44][-28][4][-110][-89][-57][95][41][-59][-56]
[-50][69][-6][73][10][63][-9]
HiddenLink size = 40
Exported key = [-63][101][57][-57][-86][104][7][-62][115][22][58][60][78][-67][2
0][58][-101][109][83][40][-21][-104][26][116][-40][25][-48][44][-80][-18][-109][
-55][68][41][46][-9][-90][-9][122][71][-94][-124][-76][1][34][47][13][97][-99][-
15][-42][-127][-71][98][-29][-72][-107][73][127][23][-37][-45][-58][52][66][-81]
[-36][-72][-88][69][33][98][-74][50][-75][40][-58][46][29][7][-34][-77][120][19]
[102][-109][-97][105][38][-106][-36][-69][15][126][-15][-1][56][46][43][94][27][
101][71][-96][100][-14][69][75][94][97][34][31][77][-46][49][122][127][-113][127
][88][3][73][104][-128][-26][-100][-77][17]
Exported key size = 128
Disconnected from server
Press any key to continue