Sample code for 30+ languages & platforms
AutoIt

PKCS11 Find All Certificates on Smart Card or USB Token

See more PKCS11 Examples

Sample code showing how to examine all the certificates on a smart card or USB token.

Note: This example requires Chilkat v9.5.0.88 or later.

Chilkat AutoIt Downloads

AutoIt
Local $bSuccess = False

; This example requires the Chilkat API to have been previously unlocked.
; See Global Unlock Sample for sample code.

; Note: Chilkat's PKCS11 implementation runs on Windows, Linux, Mac OS X, and other supported operating systems.

$oPkcs11 = ObjCreate("Chilkat.Pkcs11")

; Set your shared lib path -- either a full path to the DLL, .so, or .dylib,
; or just the filename if the driver is in a location that can be automatically found. (Such as in C:\Windows\System32)
$oPkcs11.SharedLibPath = "aetpkss1.dll"

$bSuccess = $oPkcs11.Initialize()
If ($bSuccess = False) Then
    ConsoleWrite($oPkcs11.LastErrorText & @CRLF)
    Exit
EndIf

; Pass -1 for the slotID to open a session on the first non-empty slot.
Local $iSlotID = -1

; Open a session.
Local $bReadWrite = True
$bSuccess = $oPkcs11.OpenSession($iSlotID,$bReadWrite)
If ($bSuccess = False) Then
    ConsoleWrite($oPkcs11.LastErrorText & @CRLF)
    Exit
EndIf

; Make it an authenticated session by calling Login.
; 
; If we don't authenticate, then we won't be able to see the private keys, and thus
; we won't know which certificates have an associated private key stored on the smart card.

; The smart card PIN is passed to the Login method.
; userType 1 indicates a "Normal User".
Local $iUserType = 1
Local $sPin = "0000"
$bSuccess = $oPkcs11.Login($iUserType,$sPin)
If ($bSuccess = False) Then
    ConsoleWrite($oPkcs11.LastErrorText & @CRLF)
    $bSuccess = $oPkcs11.CloseSession()
    Exit
EndIf

; Call FindAllCerts to find all certificates on the smart card or USB token.
$bSuccess = $oPkcs11.FindAllCerts()
If ($bSuccess = False) Then
    ConsoleWrite($oPkcs11.LastErrorText & @CRLF)
    $bSuccess = $oPkcs11.CloseSession()
    Exit
EndIf

; The NumCerts property is set by FindAllCerts.
Local $iNumCerts = $oPkcs11.NumCerts
ConsoleWrite("Number of certs: " & $iNumCerts & @CRLF)

Local $sPrivateKeyNote
$oCert = ObjCreate("Chilkat.Cert")
Local $i = 0
While $i < $iNumCerts
    $oPkcs11.GetCert($i,$oCert)
    $sPrivateKeyNote = ""
    If ($oCert.HasPrivateKey() = True) Then
        $sPrivateKeyNote = "(has private key)"
    EndIf

    ConsoleWrite($i & ": " & $sPrivateKeyNote & " " & $oCert.SubjectDN & @CRLF)
    ConsoleWrite($i & ": issuer: " & $oCert.IssuerDN & @CRLF)
    ConsoleWrite("----" & @CRLF)
    $i = $i + 1
Wend

; Revert to an unauthenticated session by calling Logout.
$bSuccess = $oPkcs11.Logout()
If ($bSuccess = False) Then
    ConsoleWrite($oPkcs11.LastErrorText & @CRLF)
    $bSuccess = $oPkcs11.CloseSession()
    Exit
EndIf

; When finished, close the session.
; It is important to close the session (memory leaks will occur if the session is not properly closed).
$bSuccess = $oPkcs11.CloseSession()
If ($bSuccess = False) Then
    ConsoleWrite($oPkcs11.LastErrorText & @CRLF)
    Exit
EndIf

ConsoleWrite("Success." & @CRLF)