Chilkat Examples

ChilkatHOME.NET Core C#Android™AutoItCC#C++Chilkat2-PythonCkPythonClassic ASPDataFlexDelphi ActiveXDelphi DLLGoJavaLianjaMono C#Node.jsObjective-CPHP ActiveXPHP ExtensionPerlPowerBuilderPowerShellPureBasicRubySQL ServerSwift 2Swift 3,4,5...TclUnicode CUnicode C++VB.NETVBScriptVisual Basic 6.0Visual FoxProXojo Plugin

DataFlex Examples

Web API Categories

ASN.1
AWS KMS
AWS Misc
Amazon EC2
Amazon Glacier
Amazon S3
Amazon S3 (new)
Amazon SES
Amazon SNS
Amazon SQS
Async
Azure Cloud Storage
Azure Key Vault
Azure Service Bus
Azure Table Service
Base64
Bounced Email
Box
CAdES
CSR
CSV
Certificates
Code Signing
Compression
DKIM / DomainKey
DNS
DSA
Diffie-Hellman
Digital Signatures
Dropbox
Dynamics CRM
EBICS
ECC
Ed25519
Email Object
Encryption
FTP
FileAccess
Firebase
GMail REST API
GMail SMTP/IMAP/POP
Geolocation
Google APIs
Google Calendar
Google Cloud SQL
Google Cloud Storage
Google Drive
Google Photos
Google Sheets
Google Tasks
Gzip
HTML-to-XML/Text
HTTP

HTTP Misc
IMAP
JSON
JSON Web Encryption (JWE)
JSON Web Signatures (JWS)
JSON Web Token (JWT)
Java KeyStore (JKS)
MHT / HTML Email
MIME
MS Storage Providers
Microsoft Graph
Misc
NTLM
OAuth1
OAuth2
OIDC
Office365
OneDrive
OpenSSL
Outlook
Outlook Calendar
Outlook Contact
PDF Signatures
PEM
PFX/P12
PKCS11
POP3
PRNG
REST
REST Misc
RSA
SCP
SCard
SFTP
SMTP
SSH
SSH Key
SSH Tunnel
ScMinidriver
SharePoint
SharePoint Online
Signing in the Cloud
Socket/SSL/TLS
Spider
Stream
Tar Archive
ULID/UUID
Upload
WebSocket
XAdES
XML
XML Digital Signatures
XMP
Zip
curl
uncategorized

 

 

 

(DataFlex) PKCS11 Generate a RSA Key that stays on the HSM

See more PKCS11 Examples

Generates an RSA key on the smart card or token and returns the public and private key handles. The generated RSA key stays on the HSM even after the PKCS11 session has ended.

Note: This example requires Chilkat v9.5.0.96 or later.

Chilkat ActiveX Downloads

ActiveX for 32-bit and 64-bit Windows

Use ChilkatAx-9.5.0-win32.pkg

Procedure Test
    Handle hoPkcs11
    String sPin
    Integer iUserType
    Boolean iSuccess
    Variant vPubKey
Attr    Handle hoPubKeyAttr
    String sKeyId
    String sKeyLabel
    Variant vPrivKeyAttr
    Handle hoPrivKeyAttr
    Variant vJsonHandles
    Handle hoJsonHandles
    Variant vPubKey
    Handle hoPubKey
    String sTemp1
    Integer iTemp1

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // Note: Chilkat's PKCS11 implementation runs on Windows, Linux, Mac OS X, and other supported operating systems.

    Get Create (RefClass(cComChilkatPkcs11)) To hoPkcs11
    If (Not(IsComObjectCreated(hoPkcs11))) Begin
        Send CreateComObject of hoPkcs11
    End

    // Use the PKCS11 driver (.dll, .so, .dylib) for your particular HSM.
    // (The format of the path will change with the operating system.  Obviously, "C:/" is not used on non-Windows systems.
    Set ComSharedLibPath Of hoPkcs11 To "C:/Program Files (x86)/Gemalto/IDGo 800 PKCS#11/IDPrimePKCS1164.dll"

    // Establish a logged-on session.
    // Use your actual PIN here.
    Move "0000" To sPin
    Move 1 To iUserType
    Get ComQuickSession Of hoPkcs11 iUserType sPin To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoPkcs11 To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // Specify attributes and abilities (how this key can be used) by providing a JSON template.
    // One template is for the public key, and the other for the private key.
    Get Create (RefClass(cComChilkatJsonObject)) To hoPubKeyAttr
    If (Not(IsComObjectCreated(hoPubKeyAttr))) Begin
        Send CreateComObject of hoPubKeyAttr
    End

    // Generate a RSA key that remains on the HSM by setting the "token" attribute equal to True
    Get ComUpdateBool Of hoPubKeyAttr "token" True To iSuccess

    // Given that our key will reside on the token, we should give it two attributes (id and label) to help us
    // find it in future sessions.

    // First, we can give it an arbitrary ID.  ID's are binary, so we specify bytes as either 
    // "id_hex" for hexidecimal bytes, 
    // "id_ascii" for the bytes of an ascii string, 
    // "id" for bytes in base64 format.
    Move "48656C6C6F" To sKeyId
    Get ComUpdateString Of hoPubKeyAttr "id_hex" sKeyId To iSuccess

    // We can also give our key a label with any descriptive string.
    Move "2048-bit RSA key for testing" To sKeyLabel
    Get ComUpdateString Of hoPubKeyAttr "label" sKeyLabel To iSuccess

    // -----------------------------------------------------------------------------------
    // IMPORTANT: The ID for the public key must be the same as the ID for the private key.
    // -----------------------------------------------------------------------------------

    // Allow the public key to be used for encryption, signature verification, and symmetric key wrapping.
    // These attributes are optional.
    Get ComUpdateBool Of hoPubKeyAttr "encrypt" True To iSuccess
    Get ComUpdateBool Of hoPubKeyAttr "verify" True To iSuccess
    Get ComUpdateBool Of hoPubKeyAttr "wrap" True To iSuccess

    // Generate a 2048-bit RSA key.
    // This attribute is required.
    Get ComUpdateInt Of hoPubKeyAttr "modulus_bits" 2048 To iSuccess

    Get Create (RefClass(cComChilkatJsonObject)) To hoPrivKeyAttr
    If (Not(IsComObjectCreated(hoPrivKeyAttr))) Begin
        Send CreateComObject of hoPrivKeyAttr
    End

    // Generate a RSA key that remains on the HSM by setting the "token" attribute equal to True
    Get ComUpdateBool Of hoPrivKeyAttr "token" True To iSuccess

    // Make sure we give the private key the same ID as the public key.
    Get ComUpdateString Of hoPrivKeyAttr "id_hex" sKeyId To iSuccess

    // We can also give our key a label with any descriptive string.
    // (Best to use the same label as for the public key)
    Get ComUpdateString Of hoPrivKeyAttr "label" sKeyLabel To iSuccess

    // Allow the private key to be used for signing and decryption.
    Get ComUpdateBool Of hoPrivKeyAttr "sign" True To iSuccess
    Get ComUpdateBool Of hoPrivKeyAttr "decrypt" True To iSuccess

    // Do not allow the private key to be extracted.
    Get ComUpdateBool Of hoPrivKeyAttr "extractable" False To iSuccess

    // Provide a JSON object to receive the public and private key handles.
    Get Create (RefClass(cComChilkatJsonObject)) To hoJsonHandles
    If (Not(IsComObjectCreated(hoJsonHandles))) Begin
        Send CreateComObject of hoJsonHandles
    End
    Set ComEmitCompact Of hoJsonHandles To False

    // Provide a Chilkat public key object to receive the public key.
    Get Create (RefClass(cComChilkatPublicKey)) To hoPubKey
    If (Not(IsComObjectCreated(hoPubKey))) Begin
        Send CreateComObject of hoPubKey
    End

    Get pvComObject of hoPubKeyAttr to vPubKeyAttr
    Get pvComObject of hoPrivKeyAttr to vPrivKeyAttr
    Get pvComObject of hoJsonHandles to vJsonHandles
    Get pvComObject of hoPubKey to vPubKey
    Get ComGenRsaKey Of hoPkcs11 vPubKeyAttr vPrivKeyAttr vJsonHandles vPubKey To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoPkcs11 To sTemp1
        Showln sTemp1
        Showln "Failed to generate an RSA key."
    End
    Else Begin
        // Sample JSON handles:
        // {
        //   "public_key_handle": 18415630,
        //   "private_key_handle": 74842125
        // }
        Get ComEmit Of hoJsonHandles To sTemp1
        Showln sTemp1
        Get ComUIntOf Of hoJsonHandles "public_key_handle" To iTemp1
        Showln "public_key_handle: " iTemp1
        Get ComUIntOf Of hoJsonHandles "private_key_handle" To iTemp1
        Showln "private_key_handle: " iTemp1
        Showln "public key JWK:"
        Get ComGetJwk Of hoPubKey To sTemp1
        Showln sTemp1
        // Sample JWK:
        // {"kty":"RSA","n":"1sQMSAntY80L .... If9jqfMp4omQ","e":"AQAB"}
        Showln "Success."
    End

    Get ComLogout Of hoPkcs11 To iSuccess
    Get ComCloseSession Of hoPkcs11 To iSuccess


End_Procedure
 

© 2000-2024 Chilkat Software, Inc. All Rights Reserved.