C++
C++
SSH HSM Public Key Authentication
See more uncategorized Examples
Demonstrates how to authenticate with an SSH server using public key authentication using an HSM (USB token or smartcard).Chilkat C++ Downloads
#include <CkPkcs11.h>
#include <CkJsonObject.h>
#include <CkSshKey.h>
#include <CkSsh.h>
void ChilkatSample(void)
{
bool success = false;
// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// Note: Chilkat's PKCS11 implementation runs on Windows, Linux, MacOs, and other supported operating systems.
CkPkcs11 pkcs11;
// This would be a path to a .dylib on MacOS, or a path to a .so shared lib on Linux.
pkcs11.put_SharedLibPath("C:/Program Files (x86)/Gemalto/IDGo 800 PKCS#11/IDPrimePKCS1164.dll");
const char *pin = "0000";
int userType = 1;
// Establish a PKCS11 logged-on session using the driver (.so, .dylib, or .dll) as specified in the SharedLibPath above.
success = pkcs11.QuickSession(userType,pin);
if (success == false) {
std::cout << pkcs11.lastErrorText() << "\r\n";
return;
}
// Set PKCS11 attributes to find our desired private key object.
CkJsonObject json;
json.UpdateString("class","private_key");
json.UpdateString("label","MySshKey");
// Get the PKCS11 handle to the private key located on the HSM.
unsigned long priv_handle = pkcs11.FindObject(json);
// Get the PKCS11 handle to the corresponding public key located on the HSM.
json.UpdateString("class","public_key");
unsigned long pub_handle = pkcs11.FindObject(json);
CkSshKey key;
// The key type can be "rsa" or "ec"
const char *keyType = "rsa";
success = key.UsePkcs11(pkcs11,priv_handle,pub_handle,keyType);
if (success == false) {
std::cout << key.lastErrorText() << "\r\n";
return;
}
CkSsh ssh;
success = ssh.Connect("example.com",22);
if (success != true) {
std::cout << ssh.lastErrorText() << "\r\n";
return;
}
// Authenticate with the SSH server using the login and
// HSM private key. (The corresponding public key should've
// been installed on the SSH server beforehand.)
success = ssh.AuthenticatePk("myLogin",key);
if (success != true) {
std::cout << ssh.lastErrorText() << "\r\n";
return;
}
std::cout << "Public-Key Authentication Successful!" << "\r\n";
}