Sample code for 30+ languages & platforms
C

RSA Sign using a Private Key on a USB Token or Smartcard

See more Apple Keychain Examples

Create an RSA signature using a private key stored on a USB token or smartcard.

Note: On MacOS and iOS, this example requires Chilkat v10.1.2 or later when the Apple Keychain is used as the underlying means to do the signing.

Chilkat C Downloads

C
#include <C_CkCert.h>
#include <C_CkBinData.h>
#include <C_CkRsa.h>

void ChilkatSample(void)
    {
    BOOL success;
    HCkCert cert;
    HCkBinData bd;
    int i;
    HCkRsa rsa;
    HCkBinData bdSig;

    success = FALSE;

    // Assuming the smartcard/USB token is installed with the correct drivers from the manufacturer,
    // this code can work on multiple platforms including Windows, MacOS, Linux, and iOS.

    // Chilkat automatically detects and determines the way in which the HSM is used,
    // which can be by PKCS11, Apple Keychain, Microsoft CNG / Crypto API, or ScMinidriver.

    cert = CkCert_Create();

    // Set the token/smartcard PIN prior to loading.
    CkCert_putSmartCardPin(cert,"123456");

    // Specify the certificate by its common name.
    success = CkCert_LoadFromSmartcard(cert,"cn=chilkat-rsa-2048");
    if (success == FALSE) {
        printf("%s\n",CkCert_lastErrorText(cert));
        CkCert_Dispose(cert);
        return;
    }

    printf("Signing with cert: %s\n",CkCert_subjectCN(cert));

    // Create data to be hashed and signed.
    bd = CkBinData_Create();

    for (i = 0; i <= 100; i++) {
        CkBinData_AppendEncoded(bd,"000102030405060708090A0B0C0D0E0F","hex");
    }

    rsa = CkRsa_Create();

    // Use the certificate's private key for signing.
    success = CkRsa_SetX509Cert(rsa,cert,TRUE);
    if (success == FALSE) {
        printf("%s\n",CkRsa_lastErrorText(rsa));
        CkCert_Dispose(cert);
        CkBinData_Dispose(bd);
        CkRsa_Dispose(rsa);
        return;
    }

    // Sign the SHA-256 hash of the contents of bd.
    bdSig = CkBinData_Create();
    success = CkRsa_SignBd(rsa,bd,"sha256",bdSig);
    if (success == FALSE) {
        printf("%s\n",CkRsa_lastErrorText(rsa));
        CkCert_Dispose(cert);
        CkBinData_Dispose(bd);
        CkRsa_Dispose(rsa);
        CkBinData_Dispose(bdSig);
        return;
    }

    // The RSA signature is equal in length to the size of the RSA key.
    printf("Output signature size in bits = %d\n",CkBinData_getNumBytes(bdSig) * 8);

    // We can save the signature for later verification..
    CkBinData_WriteFile(bdSig,"rsaSignatures/test1.sig");

    // See the example to verify the RSA signature:
    // Verfies an RSA Signature


    CkCert_Dispose(cert);
    CkBinData_Dispose(bd);
    CkRsa_Dispose(rsa);
    CkBinData_Dispose(bdSig);

    }