I had a little time to read MSDN docs about RSA public / private key pair, encrypting, CAPICOM, Certificates, EnvelopedData, PFX files. The sample is vbscript based, but we know that to port it into VFP not a challenge.
Ok, let's see it. I have a PFX file, what was created by CIPHER. Just to have something. I used this passphrase while creating the certificate: "a very secret passphrase of the private key".
I can load it this way:
set oCert = Createobject("CAPICOM.Certificate")
oCert.Load "D:\test\test.pfx", "a very secret passphrase of the private key", CAPICOM_KEY_STORAGE_USER_PROTECTED, CAPICOM_CURRENT_USER_KEY
This certificate has a public key, private key. To use it, the EnvelopedData look like usable. It's really simple. Grab an EnvelopedData object, write something into the content property, add recipipents to it and finally call the encrypt method. The object automatically generates a symmetric key, what will be used to encrypt the large amount of content. This key will be encrypted by the public key of recipients. The default settings of the EnvelopedData obejct can be configured to strengthen the encryption or whatever you want. A sample:
set oEnvelope = createobject("CAPICOM.EnvelopedData")
oEnvelope.Content="Here's some very important and confidental data"
The format of message what we got this way is PKCS #7. To decrypt the message is a joke. Just call the decrypt method of the EnvelopedData object with only one parameter, like this:
Set EnvelopedData = CreateObject("CAPICOM.EnvelopedData")
wscript.echo "Decrypted text is: " & EnvelopedData.Content
Okay. Decryption method searches for the private key in the "My" certificate store at current user or the local machine. There's no way to setup a file for decryption.