Q/A 25-Oct-2019

Question:  One of my suppliers has provided a certified x509 certificate p12, in order to connect to his WS Soap.
Developing in the Visual FoxPro environment, I ask you if you have libraries with examples that can be used for this purpose.

Answer: I’m assuming the .p12 is to be used as the client certificate for the TLS connection.  (Using a client certificate is one way of authenticating with a web service.  It is also known as “TLS mutual authentication”.)  A .p12 is identical to a .pfx.  Both are files having the PKCS12 format which is a container for certs and encrypted private key(s).   In Chilkat, you provide the TLS client cert by calling the SetSslClientCertPfx method.   See https://www.example-code.com/foxpro/http_tlsMutualAuthentication.asp  (You can alternatively call SetSslClientCert if the Chilkat certificate object was loaded in some other way, or SetSslClientCertPem if the cert + private keys are in a PEM file.)

The example linked above uses the Chilkat Http object.  If the Chilkat Rest object is used, then you would first connect to the web server using Chilkat Socket (see https://www.example-code.com/foxpro/socket_tlsClientCert.asp) and then use the socket connection in the Rest object (see https://www.example-code.com/foxpro/rest_useSocketObject.asp)

Question: How to encrypt a whole file using a private key and then decrying it using a public key. I’m looking at Crypt2 doc and not finding this to be available. Please advise.

Answer: Public key encryption is only intended for small amounts of data.  There are two reasons for this:  (1) it is a computationally expensive process, but more importantly (2) it is limited to the key size.  For example, if you have a 2048-bit RSA key, you cannot encrypt more than 256 bytes (256 * 8 = 2048).   In fact, there is overhead in padding, and the limit is actually less than 256 bytes – but the point is that you can’t encrypt entire files with RSA.   The solution is to public key encrypt a symmetric encryption key (such as an AES key) and use the AES key to encrypt the file.  For example, let’s say you have a 1MB file and a 2048-bit RSA key, and you want to encrypt the file using 128-bit AES.   You would generate a random 128-bit AES key (16 bytes).  Assuming you’re using AES CBC mode (cipher-block-chaining), you’ll also need an initialization vector (16-bytes for AES).  You would also generate a random 16-byte IV.   Encrypt the file using AES.  Then encrypt the IV + AES key using the 2048-bit RSA public key.   You deliver the encrypted AES key + the encrypted file to the counterparty that wishes to decrypt.  The decryption is accomplished bit first decrypting the IV + AES key using the RSA private key, then use the decrypted IV and AES key to decrypt the file.   You can decided how you wish to deliver the encrypted AES key + encrypted file to your partner.   However you do it, they’ll need to write code to “unwrap” according to what you did.

Here is an example that does what’s described above, but leaves the IV unset such that the default 0x00000000000000000000000000000000 will be used: https://www.example-code.com/csharp/rsa_keyExchange.asp

Another option is to use JWE, which is essentially a defined format for what’s described above.  Chilkat provides JWE functionality.  Here’s an example: https://www.example-code.com/csharp/jwe_binary_data.asp

Question: When does my unlock code expire (ABCXYZ.CBX052020_abcdefhijklm)? We need unlimited time and unlimited deploy.

Answer: A Chilkat unlock code is valid for those versions of Chilkat released before the end of your maintenance period.  For example, if you purchased a license with 1-Year maintenance in May 2019, then your unlock code is valid for versions of Chilkat released before the end of May 2020.   The unlock code contains the maintenance expiration month/year.  For example, the “052020” in the above unlock code indicates May 2020.

The unlock code never expires when using a version of Chilkat released before the end of your maintenance period.  The unlock code above can be used (without expiration) with any version of Chilkat released before the end of May 2020.   To use a version of Chilkat released after May 2020 would require a renewal (or fresh purchase if maintenance expires for too long).