PureBasic
PureBasic
Yubikey RSA Encrypt/Decrypt
See more RSA Examples
Demonstrates how to do RSA decryption using a private key stored on a Yubikey (or other USB token or smartcard).Note: RSA encryption uses the public key, which is freely exportable and does not need to occur on the token/smartcard.
Chilkat PureBasic Downloads
IncludeFile "CkBinData.pb"
IncludeFile "CkCert.pb"
IncludeFile "CkRsa.pb"
Procedure ChilkatExample()
success.i = 0
; This example assumes you have a certificate with private key on the Yubikey token.
; When doing simple RSA encryption/decryption, we don't actually need the certificate,
; but we'll be using the private key associated with the certificate.
;
; The sensitive/secret material that needs to be kept private is the private key.
; The certificate itself and the public key can be freely shared.
;
; We're going to encrypt and decrypt 32-bytes of data.
bd.i = CkBinData::ckCreate()
If bd.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
success = CkBinData::ckAppendEncoded(bd,"000102030405060708090A0B0C0D0E0F","hex")
success = CkBinData::ckAppendEncoded(bd,"000102030405060708090A0B0C0D0E0F","hex")
; Let's get the desired cert.
; For this example, a self-signed certificate with a 2048-bit RSA key was generated in slot 9A.
cert.i = CkCert::ckCreate()
If cert.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
; Force Chilkat to use PKCS11 over ScMinidriver (if on Windows) and Apple Keychain (if on MacOS)
CkCert::setCkUncommonOptions(cert, "NoScMinidriver,NoAppleKeychain")
CkCert::setCkSmartCardPin(cert, "123456")
success = CkCert::ckLoadFromSmartcard(cert,"cn=chilkat_test_2048")
If success = 0
Debug CkCert::ckLastErrorText(cert)
CkBinData::ckDispose(bd)
CkCert::ckDispose(cert)
ProcedureReturn
EndIf
; RSA encrypt using the public key.
rsa.i = CkRsa::ckCreate()
If rsa.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
; Provide the RSA object with the certificate on the Yubkey.
success = CkRsa::ckSetX509Cert(rsa,cert,1)
If success = 0
Debug CkRsa::ckLastErrorText(rsa)
CkBinData::ckDispose(bd)
CkCert::ckDispose(cert)
CkRsa::ckDispose(rsa)
ProcedureReturn
EndIf
; RSA encrypt using the public key.
usePrivateKey.i = 0
success = CkRsa::ckEncryptBd(rsa,bd,usePrivateKey)
If success = 0
Debug CkRsa::ckLastErrorText(rsa)
CkBinData::ckDispose(bd)
CkCert::ckDispose(cert)
CkRsa::ckDispose(rsa)
ProcedureReturn
EndIf
Debug "RSA Encrypted Output in Hex:"
Debug CkBinData::ckGetEncoded(bd,"hex")
; Now let's decrypt, using the private key on the Yubikey.
usePrivateKey = 1
success = CkRsa::ckDecryptBd(rsa,bd,usePrivateKey)
If success = 0
Debug CkRsa::ckLastErrorText(rsa)
CkBinData::ckDispose(bd)
CkCert::ckDispose(cert)
CkRsa::ckDispose(rsa)
ProcedureReturn
EndIf
Debug "RSA Decrypted Output in Hex:"
Debug CkBinData::ckGetEncoded(bd,"hex")
CkBinData::ckDispose(bd)
CkCert::ckDispose(cert)
CkRsa::ckDispose(rsa)
ProcedureReturn
EndProcedure