Sample code for 30+ languages & platforms
Ruby

Yubikey RSA Encrypt/Decrypt

See more RSA Examples

Demonstrates how to do RSA decryption using a private key stored on a Yubikey (or other USB token or smartcard).

Note: RSA encryption uses the public key, which is freely exportable and does not need to occur on the token/smartcard.

Chilkat Ruby Downloads

Ruby
require 'chilkat'

success = false

# This example assumes you have a certificate with private key on the Yubikey token.
# When doing simple RSA encryption/decryption, we don't actually need the certificate,
# but we'll be using the private key associated with the certificate.
# 
# The sensitive/secret material that needs to be kept private is the private key.
# The certificate itself and the public key can be freely shared.
# 

# We're going to encrypt and decrypt 32-bytes of data.
bd = Chilkat::CkBinData.new()
success = bd.AppendEncoded("000102030405060708090A0B0C0D0E0F","hex")
success = bd.AppendEncoded("000102030405060708090A0B0C0D0E0F","hex")

# Let's get the desired cert.
# For this example, a self-signed certificate with a 2048-bit RSA key was generated in slot 9A.
cert = Chilkat::CkCert.new()

# Force Chilkat to use PKCS11 over ScMinidriver (if on Windows) and Apple Keychain (if on MacOS)
cert.put_UncommonOptions("NoScMinidriver,NoAppleKeychain")

cert.put_SmartCardPin("123456")

success = cert.LoadFromSmartcard("cn=chilkat_test_2048")
if (success == false)
    print cert.lastErrorText() + "\n";
    exit
end

# RSA encrypt using the public key.
rsa = Chilkat::CkRsa.new()

# Provide the RSA object with the certificate on the Yubkey.
success = rsa.SetX509Cert(cert,true)
if (success == false)
    print rsa.lastErrorText() + "\n";
    exit
end

# RSA encrypt using the public key.
usePrivateKey = false
success = rsa.EncryptBd(bd,usePrivateKey)
if (success == false)
    print rsa.lastErrorText() + "\n";
    exit
end

print "RSA Encrypted Output in Hex:" + "\n";
print bd.getEncoded("hex") + "\n";

# Now let's decrypt, using the private key on the Yubikey.
usePrivateKey = true
success = rsa.DecryptBd(bd,usePrivateKey)
if (success == false)
    print rsa.lastErrorText() + "\n";
    exit
end

print "RSA Decrypted Output in Hex:" + "\n";
print bd.getEncoded("hex") + "\n";