Sample code for 30+ languages & platforms
PureBasic

Yubikey RSA Encrypt/Decrypt

See more RSA Examples

Demonstrates how to do RSA decryption using a private key stored on a Yubikey (or other USB token or smartcard).

Note: RSA encryption uses the public key, which is freely exportable and does not need to occur on the token/smartcard.

Chilkat PureBasic Downloads

PureBasic
IncludeFile "CkBinData.pb"
IncludeFile "CkCert.pb"
IncludeFile "CkRsa.pb"

Procedure ChilkatExample()

    success.i = 0

    ; This example assumes you have a certificate with private key on the Yubikey token.
    ; When doing simple RSA encryption/decryption, we don't actually need the certificate,
    ; but we'll be using the private key associated with the certificate.
    ; 
    ; The sensitive/secret material that needs to be kept private is the private key.
    ; The certificate itself and the public key can be freely shared.
    ; 

    ; We're going to encrypt and decrypt 32-bytes of data.
    bd.i = CkBinData::ckCreate()
    If bd.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success = CkBinData::ckAppendEncoded(bd,"000102030405060708090A0B0C0D0E0F","hex")
    success = CkBinData::ckAppendEncoded(bd,"000102030405060708090A0B0C0D0E0F","hex")

    ; Let's get the desired cert.
    ; For this example, a self-signed certificate with a 2048-bit RSA key was generated in slot 9A.
    cert.i = CkCert::ckCreate()
    If cert.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    ; Force Chilkat to use PKCS11 over ScMinidriver (if on Windows) and Apple Keychain (if on MacOS)
    CkCert::setCkUncommonOptions(cert, "NoScMinidriver,NoAppleKeychain")

    CkCert::setCkSmartCardPin(cert, "123456")

    success = CkCert::ckLoadFromSmartcard(cert,"cn=chilkat_test_2048")
    If success = 0
        Debug CkCert::ckLastErrorText(cert)
        CkBinData::ckDispose(bd)
        CkCert::ckDispose(cert)
        ProcedureReturn
    EndIf

    ; RSA encrypt using the public key.
    rsa.i = CkRsa::ckCreate()
    If rsa.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    ; Provide the RSA object with the certificate on the Yubkey.
    success = CkRsa::ckSetX509Cert(rsa,cert,1)
    If success = 0
        Debug CkRsa::ckLastErrorText(rsa)
        CkBinData::ckDispose(bd)
        CkCert::ckDispose(cert)
        CkRsa::ckDispose(rsa)
        ProcedureReturn
    EndIf

    ; RSA encrypt using the public key.
    usePrivateKey.i = 0
    success = CkRsa::ckEncryptBd(rsa,bd,usePrivateKey)
    If success = 0
        Debug CkRsa::ckLastErrorText(rsa)
        CkBinData::ckDispose(bd)
        CkCert::ckDispose(cert)
        CkRsa::ckDispose(rsa)
        ProcedureReturn
    EndIf

    Debug "RSA Encrypted Output in Hex:"
    Debug CkBinData::ckGetEncoded(bd,"hex")

    ; Now let's decrypt, using the private key on the Yubikey.
    usePrivateKey = 1
    success = CkRsa::ckDecryptBd(rsa,bd,usePrivateKey)
    If success = 0
        Debug CkRsa::ckLastErrorText(rsa)
        CkBinData::ckDispose(bd)
        CkCert::ckDispose(cert)
        CkRsa::ckDispose(rsa)
        ProcedureReturn
    EndIf

    Debug "RSA Decrypted Output in Hex:"
    Debug CkBinData::ckGetEncoded(bd,"hex")


    CkBinData::ckDispose(bd)
    CkCert::ckDispose(cert)
    CkRsa::ckDispose(rsa)


    ProcedureReturn
EndProcedure