Sample code for 30+ languages & platforms
PureBasic

RSA Sign String using Private Key of Certificate Type A3 (smart card / token)

See more RSA Examples

Demonstrates RSA signing a string using the private key of a certificate type A3 (smart card, token).

Note: This is a Windows-only example.

Chilkat PureBasic Downloads

PureBasic
IncludeFile "CkCertStore.pb"
IncludeFile "CkCert.pb"
IncludeFile "CkJsonObject.pb"
IncludeFile "CkRsa.pb"

Procedure ChilkatExample()

    success.i = 0

    ; First get the A3 certificate that was installed on the Windows system.
    certStore.i = CkCertStore::ckCreate()
    If certStore.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    thumbprint.s = "12c1dd8015f3f03f7b1fa619dc24e2493ca8b4b2"

    ; This is specific to Windows because it is opening the Windows Current-User certificate store.
    bReadOnly.i = 1
    success = CkCertStore::ckOpenCurrentUserStore(certStore,bReadOnly)
    If success <> 1
        Debug CkCertStore::ckLastErrorText(certStore)
        CkCertStore::ckDispose(certStore)
        ProcedureReturn
    EndIf

    ; Find the certificate with the desired thumbprint
    ; (There are many ways to locate a certificate.  This example chooses to find by thumbprint.)
    json.i = CkJsonObject::ckCreate()
    If json.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    CkJsonObject::ckUpdateString(json,"thumbprint",thumbprint)

    cert.i = CkCert::ckCreate()
    If cert.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success = CkCertStore::ckFindCert(certStore,json,cert)
    If success = 0
        Debug "Failed to find the certificate."
        CkCertStore::ckDispose(certStore)
        CkJsonObject::ckDispose(json)
        CkCert::ckDispose(cert)
        ProcedureReturn
    EndIf

    Debug "Found: " + CkCert::ckSubjectCN(cert)

    rsa.i = CkRsa::ckCreate()
    If rsa.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    ; Provide the cert's private key
    bUsePrivateKey.i = 1
    success = CkRsa::ckSetX509Cert(rsa,cert,bUsePrivateKey)
    If success <> 1
        Debug CkRsa::ckLastErrorText(rsa)
        CkCertStore::ckDispose(certStore)
        CkJsonObject::ckDispose(json)
        CkCert::ckDispose(cert)
        CkRsa::ckDispose(rsa)
        ProcedureReturn
    EndIf

    ; Return the RSA signature in base64 encoded form.
    CkRsa::setCkEncodingMode(rsa, "base64")

    ; Sign the utf-8 byte representation of the string.
    CkRsa::setCkCharset(rsa, "utf-8")

    ; You can also choose other hash algorithms, such as SHA-1.
    sigBase64.s = CkRsa::ckSignStringENC(rsa,"text to sign","SHA-256")
    If CkRsa::ckLastMethodSuccess(rsa) <> 1
        Debug CkRsa::ckLastErrorText(rsa)
        CkCertStore::ckDispose(certStore)
        CkJsonObject::ckDispose(json)
        CkCert::ckDispose(cert)
        CkRsa::ckDispose(rsa)
        ProcedureReturn
    EndIf

    Debug "Base64 signature: " + sigBase64


    CkCertStore::ckDispose(certStore)
    CkJsonObject::ckDispose(json)
    CkCert::ckDispose(cert)
    CkRsa::ckDispose(rsa)


    ProcedureReturn
EndProcedure