AutoIt
AutoIt
Yubikey RSA Encrypt/Decrypt
See more RSA Examples
Demonstrates how to do RSA decryption using a private key stored on a Yubikey (or other USB token or smartcard).Note: RSA encryption uses the public key, which is freely exportable and does not need to occur on the token/smartcard.
Chilkat AutoIt Downloads
Local $bSuccess = False
; This example assumes you have a certificate with private key on the Yubikey token.
; When doing simple RSA encryption/decryption, we don't actually need the certificate,
; but we'll be using the private key associated with the certificate.
;
; The sensitive/secret material that needs to be kept private is the private key.
; The certificate itself and the public key can be freely shared.
;
; We're going to encrypt and decrypt 32-bytes of data.
$oBd = ObjCreate("Chilkat.BinData")
$bSuccess = $oBd.AppendEncoded("000102030405060708090A0B0C0D0E0F","hex")
$bSuccess = $oBd.AppendEncoded("000102030405060708090A0B0C0D0E0F","hex")
; Let's get the desired cert.
; For this example, a self-signed certificate with a 2048-bit RSA key was generated in slot 9A.
$oCert = ObjCreate("Chilkat.Cert")
; Force Chilkat to use PKCS11 over ScMinidriver (if on Windows) and Apple Keychain (if on MacOS)
$oCert.UncommonOptions = "NoScMinidriver,NoAppleKeychain"
$oCert.SmartCardPin = "123456"
$bSuccess = $oCert.LoadFromSmartcard("cn=chilkat_test_2048")
If ($bSuccess = False) Then
ConsoleWrite($oCert.LastErrorText & @CRLF)
Exit
EndIf
; RSA encrypt using the public key.
$oRsa = ObjCreate("Chilkat.Rsa")
; Provide the RSA object with the certificate on the Yubkey.
$bSuccess = $oRsa.SetX509Cert($oCert,True)
If ($bSuccess = False) Then
ConsoleWrite($oRsa.LastErrorText & @CRLF)
Exit
EndIf
; RSA encrypt using the public key.
Local $bUsePrivateKey = False
$bSuccess = $oRsa.EncryptBd($oBd,$bUsePrivateKey)
If ($bSuccess = False) Then
ConsoleWrite($oRsa.LastErrorText & @CRLF)
Exit
EndIf
ConsoleWrite("RSA Encrypted Output in Hex:" & @CRLF)
ConsoleWrite($oBd.GetEncoded("hex") & @CRLF)
; Now let's decrypt, using the private key on the Yubikey.
$bUsePrivateKey = True
$bSuccess = $oRsa.DecryptBd($oBd,$bUsePrivateKey)
If ($bSuccess = False) Then
ConsoleWrite($oRsa.LastErrorText & @CRLF)
Exit
EndIf
ConsoleWrite("RSA Decrypted Output in Hex:" & @CRLF)
ConsoleWrite($oBd.GetEncoded("hex") & @CRLF)