Delphi DLL
Delphi DLL
Yubikey RSA Encrypt/Decrypt
See more RSA Examples
Demonstrates how to do RSA decryption using a private key stored on a Yubikey (or other USB token or smartcard).Note: RSA encryption uses the public key, which is freely exportable and does not need to occur on the token/smartcard.
Chilkat Delphi DLL Downloads
uses
Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, BinData, Rsa, Cert;
...
procedure TForm1.Button1Click(Sender: TObject);
var
success: Boolean;
bd: HCkBinData;
cert: HCkCert;
rsa: HCkRsa;
usePrivateKey: Boolean;
begin
success := False;
// This example assumes you have a certificate with private key on the Yubikey token.
// When doing simple RSA encryption/decryption, we don't actually need the certificate,
// but we'll be using the private key associated with the certificate.
//
// The sensitive/secret material that needs to be kept private is the private key.
// The certificate itself and the public key can be freely shared.
//
// We're going to encrypt and decrypt 32-bytes of data.
bd := CkBinData_Create();
success := CkBinData_AppendEncoded(bd,'000102030405060708090A0B0C0D0E0F','hex');
success := CkBinData_AppendEncoded(bd,'000102030405060708090A0B0C0D0E0F','hex');
// Let's get the desired cert.
// For this example, a self-signed certificate with a 2048-bit RSA key was generated in slot 9A.
cert := CkCert_Create();
// Force Chilkat to use PKCS11 over ScMinidriver (if on Windows) and Apple Keychain (if on MacOS)
CkCert_putUncommonOptions(cert,'NoScMinidriver,NoAppleKeychain');
CkCert_putSmartCardPin(cert,'123456');
success := CkCert_LoadFromSmartcard(cert,'cn=chilkat_test_2048');
if (success = False) then
begin
Memo1.Lines.Add(CkCert__lastErrorText(cert));
Exit;
end;
// RSA encrypt using the public key.
rsa := CkRsa_Create();
// Provide the RSA object with the certificate on the Yubkey.
success := CkRsa_SetX509Cert(rsa,cert,True);
if (success = False) then
begin
Memo1.Lines.Add(CkRsa__lastErrorText(rsa));
Exit;
end;
// RSA encrypt using the public key.
usePrivateKey := False;
success := CkRsa_EncryptBd(rsa,bd,usePrivateKey);
if (success = False) then
begin
Memo1.Lines.Add(CkRsa__lastErrorText(rsa));
Exit;
end;
Memo1.Lines.Add('RSA Encrypted Output in Hex:');
Memo1.Lines.Add(CkBinData__getEncoded(bd,'hex'));
// Now let's decrypt, using the private key on the Yubikey.
usePrivateKey := True;
success := CkRsa_DecryptBd(rsa,bd,usePrivateKey);
if (success = False) then
begin
Memo1.Lines.Add(CkRsa__lastErrorText(rsa));
Exit;
end;
Memo1.Lines.Add('RSA Decrypted Output in Hex:');
Memo1.Lines.Add(CkBinData__getEncoded(bd,'hex'));
CkBinData_Dispose(bd);
CkCert_Dispose(cert);
CkRsa_Dispose(rsa);
end;