SmartFTP FTP Library
IKeyManager Interface Reference

import "sfFTPLib.idl";

Public Member Functions

HRESULT LoadFile ([in] BSTR file, [in] BSTR password, [out, retval] IKey **retval)
 Loads a cryptographic key from a local file.
HRESULT SaveFile ([in] KeyFileFormat fileFormat, [in] IKey *key, [in] KeyType keyType, [in] BSTR file, [in] BSTR password)
 Saves a key object to a file in a specified format.
HRESULT LoadFromCertificateStore ([in] BSTR thumbprint, [out, retval] IKey **retval)
 Loads a cryptographic key from the Windows "Personal" (My) Certificate Store.

Member Function Documentation

◆ LoadFile()

HRESULT IKeyManager::LoadFile ( [in] BSTR file,
[in] BSTR password,
[out, retval] IKey ** retval )

Loads a cryptographic key from a local file.

This method automatically detects the format of the provided file. It supports common formats such as OpenSSH, PuTTY (.ppk), and PKCS#12 (.p12/.pfx).

Parameters
[in]fileThe full path to the key file on the local file system.
[in]passwordThe passphrase used to decrypt the private key. If the key is not password protected, this should be an empty string.
[out]retvalReturns an IKey interface representing the loaded key.

◆ LoadFromCertificateStore()

HRESULT IKeyManager::LoadFromCertificateStore ( [in] BSTR thumbprint,
[out, retval] IKey ** retval )

Loads a cryptographic key from the Windows "Personal" (My) Certificate Store.

This method allows the library to leverage the Windows Certificate Management infrastructure. It is particularly useful for enterprise environments where keys are managed centrally or stored on hardware devices.

Security Advantages:

  • Hardware Security: Supports keys stored on TPM (Trusted Platform Module) or Smart Cards.
  • Non-Exportable Keys: The library can perform authentication even if the private key is marked as non-exportable, as the actual cryptographic operations are handed off to the Windows CryptoAPI/NCrypt provider.
  • No Passphrases in Code: Since the OS manages the key access, you don't need to hardcode key passwords in your application.

How to obtain the Thumbprint:

  1. Press Win+R, type certmgr.msc, and hit Enter.
  2. Navigate to Personal > Certificates.
  3. Double-click the desired certificate.
  4. Select the Details tab.
  5. Scroll down to the Thumbprint field and copy the hex string.
Note
The thumbprint parameter is case-insensitive. Spaces within the string are automatically stripped by the library.
Parameters
[in]thumbprintThe SHA-1 hash of the certificate. This acts as a unique ID to locate the key pair.
[out]retvalReturns an IKey interface linked to the store entry.

◆ SaveFile()

HRESULT IKeyManager::SaveFile ( [in] KeyFileFormat fileFormat,
[in] IKey * key,
[in] KeyType keyType,
[in] BSTR file,
[in] BSTR password )

Saves a key object to a file in a specified format.

This method exports an IKey object to the local file system.

Parameters
[in]fileFormatThe destination container format (e.g., OpenSSH, PuTTY, or PKCS#12). See KeyFileFormat.
[in]keyThe IKey interface instance to be exported.
[in]keyTypeSpecifies which component of the key to save: the Public part, the Private part, or both. See KeyType.
[in]fileThe full destination path including the filename and extension.
[in]passwordThe passphrase used to encrypt the resulting file. Pass an empty string for no encryption (only recommended for public keys).
The documentation for this interface was generated from the following file: