C
C
Yubikey RSA Encrypt/Decrypt
See more RSA Examples
Demonstrates how to do RSA decryption using a private key stored on a Yubikey (or other USB token or smartcard).Note: RSA encryption uses the public key, which is freely exportable and does not need to occur on the token/smartcard.
Chilkat C Downloads
#include <C_CkBinData.h>
#include <C_CkCert.h>
#include <C_CkRsa.h>
void ChilkatSample(void)
{
BOOL success;
HCkBinData bd;
HCkCert cert;
HCkRsa rsa;
BOOL usePrivateKey;
success = FALSE;
// This example assumes you have a certificate with private key on the Yubikey token.
// When doing simple RSA encryption/decryption, we don't actually need the certificate,
// but we'll be using the private key associated with the certificate.
//
// The sensitive/secret material that needs to be kept private is the private key.
// The certificate itself and the public key can be freely shared.
//
// We're going to encrypt and decrypt 32-bytes of data.
bd = CkBinData_Create();
success = CkBinData_AppendEncoded(bd,"000102030405060708090A0B0C0D0E0F","hex");
success = CkBinData_AppendEncoded(bd,"000102030405060708090A0B0C0D0E0F","hex");
// Let's get the desired cert.
// For this example, a self-signed certificate with a 2048-bit RSA key was generated in slot 9A.
cert = CkCert_Create();
// Force Chilkat to use PKCS11 over ScMinidriver (if on Windows) and Apple Keychain (if on MacOS)
CkCert_putUncommonOptions(cert,"NoScMinidriver,NoAppleKeychain");
CkCert_putSmartCardPin(cert,"123456");
success = CkCert_LoadFromSmartcard(cert,"cn=chilkat_test_2048");
if (success == FALSE) {
printf("%s\n",CkCert_lastErrorText(cert));
CkBinData_Dispose(bd);
CkCert_Dispose(cert);
return;
}
// RSA encrypt using the public key.
rsa = CkRsa_Create();
// Provide the RSA object with the certificate on the Yubkey.
success = CkRsa_SetX509Cert(rsa,cert,TRUE);
if (success == FALSE) {
printf("%s\n",CkRsa_lastErrorText(rsa));
CkBinData_Dispose(bd);
CkCert_Dispose(cert);
CkRsa_Dispose(rsa);
return;
}
// RSA encrypt using the public key.
usePrivateKey = FALSE;
success = CkRsa_EncryptBd(rsa,bd,usePrivateKey);
if (success == FALSE) {
printf("%s\n",CkRsa_lastErrorText(rsa));
CkBinData_Dispose(bd);
CkCert_Dispose(cert);
CkRsa_Dispose(rsa);
return;
}
printf("RSA Encrypted Output in Hex:\n");
printf("%s\n",CkBinData_getEncoded(bd,"hex"));
// Now let's decrypt, using the private key on the Yubikey.
usePrivateKey = TRUE;
success = CkRsa_DecryptBd(rsa,bd,usePrivateKey);
if (success == FALSE) {
printf("%s\n",CkRsa_lastErrorText(rsa));
CkBinData_Dispose(bd);
CkCert_Dispose(cert);
CkRsa_Dispose(rsa);
return;
}
printf("RSA Decrypted Output in Hex:\n");
printf("%s\n",CkBinData_getEncoded(bd,"hex"));
CkBinData_Dispose(bd);
CkCert_Dispose(cert);
CkRsa_Dispose(rsa);
}