C
C
RSA Sign String using Private Key of Certificate Type A3 (smart card / token)
See more RSA Examples
Demonstrates RSA signing a string using the private key of a certificate type A3 (smart card, token).Note: This is a Windows-only example.
Chilkat C Downloads
#include <C_CkCertStore.h>
#include <C_CkJsonObject.h>
#include <C_CkCert.h>
#include <C_CkRsa.h>
void ChilkatSample(void)
{
BOOL success;
HCkCertStore certStore;
const char *thumbprint;
BOOL bReadOnly;
HCkJsonObject json;
HCkCert cert;
HCkRsa rsa;
BOOL bUsePrivateKey;
const char *sigBase64;
success = FALSE;
// First get the A3 certificate that was installed on the Windows system.
certStore = CkCertStore_Create();
thumbprint = "12c1dd8015f3f03f7b1fa619dc24e2493ca8b4b2";
// This is specific to Windows because it is opening the Windows Current-User certificate store.
bReadOnly = TRUE;
success = CkCertStore_OpenCurrentUserStore(certStore,bReadOnly);
if (success != TRUE) {
printf("%s\n",CkCertStore_lastErrorText(certStore));
CkCertStore_Dispose(certStore);
return;
}
// Find the certificate with the desired thumbprint
// (There are many ways to locate a certificate. This example chooses to find by thumbprint.)
json = CkJsonObject_Create();
CkJsonObject_UpdateString(json,"thumbprint",thumbprint);
cert = CkCert_Create();
success = CkCertStore_FindCert(certStore,json,cert);
if (success == FALSE) {
printf("Failed to find the certificate.\n");
CkCertStore_Dispose(certStore);
CkJsonObject_Dispose(json);
CkCert_Dispose(cert);
return;
}
printf("Found: %s\n",CkCert_subjectCN(cert));
rsa = CkRsa_Create();
// Provide the cert's private key
bUsePrivateKey = TRUE;
success = CkRsa_SetX509Cert(rsa,cert,bUsePrivateKey);
if (success != TRUE) {
printf("%s\n",CkRsa_lastErrorText(rsa));
CkCertStore_Dispose(certStore);
CkJsonObject_Dispose(json);
CkCert_Dispose(cert);
CkRsa_Dispose(rsa);
return;
}
// Return the RSA signature in base64 encoded form.
CkRsa_putEncodingMode(rsa,"base64");
// Sign the utf-8 byte representation of the string.
CkRsa_putCharset(rsa,"utf-8");
// You can also choose other hash algorithms, such as SHA-1.
sigBase64 = CkRsa_signStringENC(rsa,"text to sign","SHA-256");
if (CkRsa_getLastMethodSuccess(rsa) != TRUE) {
printf("%s\n",CkRsa_lastErrorText(rsa));
CkCertStore_Dispose(certStore);
CkJsonObject_Dispose(json);
CkCert_Dispose(cert);
CkRsa_Dispose(rsa);
return;
}
printf("Base64 signature: %s\n",sigBase64);
CkCertStore_Dispose(certStore);
CkJsonObject_Dispose(json);
CkCert_Dispose(cert);
CkRsa_Dispose(rsa);
}