Sample code for 30+ languages & platforms
AutoIt

Yubikey RSA Encrypt/Decrypt

See more RSA Examples

Demonstrates how to do RSA decryption using a private key stored on a Yubikey (or other USB token or smartcard).

Note: RSA encryption uses the public key, which is freely exportable and does not need to occur on the token/smartcard.

Chilkat AutoIt Downloads

AutoIt
Local $bSuccess = False

; This example assumes you have a certificate with private key on the Yubikey token.
; When doing simple RSA encryption/decryption, we don't actually need the certificate,
; but we'll be using the private key associated with the certificate.
; 
; The sensitive/secret material that needs to be kept private is the private key.
; The certificate itself and the public key can be freely shared.
; 

; We're going to encrypt and decrypt 32-bytes of data.
$oBd = ObjCreate("Chilkat.BinData")
$bSuccess = $oBd.AppendEncoded("000102030405060708090A0B0C0D0E0F","hex")
$bSuccess = $oBd.AppendEncoded("000102030405060708090A0B0C0D0E0F","hex")

; Let's get the desired cert.
; For this example, a self-signed certificate with a 2048-bit RSA key was generated in slot 9A.
$oCert = ObjCreate("Chilkat.Cert")

; Force Chilkat to use PKCS11 over ScMinidriver (if on Windows) and Apple Keychain (if on MacOS)
$oCert.UncommonOptions = "NoScMinidriver,NoAppleKeychain"

$oCert.SmartCardPin = "123456"

$bSuccess = $oCert.LoadFromSmartcard("cn=chilkat_test_2048")
If ($bSuccess = False) Then
    ConsoleWrite($oCert.LastErrorText & @CRLF)
    Exit
EndIf

; RSA encrypt using the public key.
$oRsa = ObjCreate("Chilkat.Rsa")

; Provide the RSA object with the certificate on the Yubkey.
$bSuccess = $oRsa.SetX509Cert($oCert,True)
If ($bSuccess = False) Then
    ConsoleWrite($oRsa.LastErrorText & @CRLF)
    Exit
EndIf

; RSA encrypt using the public key.
Local $bUsePrivateKey = False
$bSuccess = $oRsa.EncryptBd($oBd,$bUsePrivateKey)
If ($bSuccess = False) Then
    ConsoleWrite($oRsa.LastErrorText & @CRLF)
    Exit
EndIf

ConsoleWrite("RSA Encrypted Output in Hex:" & @CRLF)
ConsoleWrite($oBd.GetEncoded("hex") & @CRLF)

; Now let's decrypt, using the private key on the Yubikey.
$bUsePrivateKey = True
$bSuccess = $oRsa.DecryptBd($oBd,$bUsePrivateKey)
If ($bSuccess = False) Then
    ConsoleWrite($oRsa.LastErrorText & @CRLF)
    Exit
EndIf

ConsoleWrite("RSA Decrypted Output in Hex:" & @CRLF)
ConsoleWrite($oBd.GetEncoded("hex") & @CRLF)