Close #152: How can we specify the Cryptographic Service Provider

A comment line of the format "CSP: <Provider Name>" in the private key will be used as CSP during PKCS#12 / PFX export.
chris2511 · Sep 30, 2024 · 53cbeea · 53cbeea
1 parent 1fe2c99
commit 53cbeea
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 4 deletions.
diff --git a/doc/rst/certificates.rst b/doc/rst/certificates.rst
@@ -106,6 +106,13 @@ Certificate Export
 
 When exporting PKCS#12 structures XCA asks later for an encryption password.
 
+Microsoft Cryptographic Service Provider (CSP)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The PKCS#12/PFX export function will include the CSP from the comment section
+of the corresponding private key. The first line containing "CSP: <CSP Name>"
+like **CSP: Microsoft Tatooine Sand Provider** will put the CSP Name into the PKCS#12 file.
+
 Certificate Transformation
 --------------------------
 

diff --git a/lib/pki_pkcs12.cpp b/lib/pki_pkcs12.cpp
@@ -103,7 +103,6 @@ pki_pkcs12::pki_pkcs12(const QString &fname)
 	}
 	if (mykey) {
 		key = new pki_evp(mykey);
-		Q_CHECK_PTR(key);
 		key->setIntName(alias + "_key");
 		key->pkiSource = imported;
 		inheritFilename(key);
@@ -159,10 +158,22 @@ void pki_pkcs12::writePKCS12(XFile &file, encAlgo &encAlgo) const
 	if (keyAlgoNid == NID_pbe_WithSHA1And40BitRC2_CBC)
 		keyAlgoNid = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
 
+	EVP_PKEY *pkey = key->decryptKey();
+	for (const QString &line : key->getComment().split('\n')) {
+		QStringList kv = line.split(":");
+		qDebug() << line << kv;
+		if (kv.size() != 2 || kv[0] != "CSP")
+			continue;
+		QByteArray csp = kv[1].trimmed().toLatin1();
+		EVP_PKEY_add1_attr_by_NID(pkey, NID_ms_csp_name,
+			MBSTRING_ASC, (const unsigned char*)csp.constData(), csp.size());
+	}
+
 	pkcs12 = PKCS12_create(pass.data(), getIntName().toUtf8().data(),
-				key->decryptKey(), cert->getCert(), certstack,
+				pkey, cert->getCert(), certstack,
 				keyAlgoNid, certAlgoNid, 0, 0, 0);
 	pki_openssl_error();
+	EVP_PKEY_free(pkey);
 	Q_CHECK_PTR(pkcs12);
 
 	if (encAlgo.legacy())

diff --git a/ui/ExportDialog.ui b/ui/ExportDialog.ui
@@ -6,7 +6,7 @@
    <rect>
     <x>0</x>
     <y>0</y>
-    <width>520</width>
+    <width>671</width>
     <height>385</height>
    </rect>
   </property>

diff --git a/widgets/CertDetail.cpp b/widgets/CertDetail.cpp
@@ -307,7 +307,7 @@ void CertDetail::itemChanged(pki_base *pki)
 
 void CertDetail::showPubKey()
 {
-	KeyDetail::showKey(this, myPubKey, false);
+	KeyDetail::showKey(this, myPubKey, keySqlId.isValid());
 }
 
 void CertDetail::showIssuer()