(DataFlex) RSA Sign using a Private Key on a USB Token or Smartcard

See more Apple Keychain Examples

Create an RSA signature using a private key stored on a USB token or smartcard.

Note: On MacOS and iOS, this example requires Chilkat v10.1.2 or later when the Apple Keychain is used as the underlying means to do the signing.

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows

Use ChilkatAx-win32.pkg

Procedure Test
    Variant vCert
    Handle hoCert
    Boolean iSuccess
    Variant vBd
    Handle hoBd
    Integer i
    Handle hoRsa
    Variant vBdSig
    Handle hoBdSig
    String sTemp1
    Integer iTemp1

    // Assuming the smartcard/USB token is installed with the correct drivers from the manufacturer,
    // this code can work on multiple platforms including Windows, MacOS, Linux, and iOS.

    // Chilkat automatically detects and determines the way in which the HSM is used,
    // which can be by PKCS11, Apple Keychain, Microsoft CNG / Crypto API, or ScMinidriver.

    Get Create (RefClass(cComChilkatCert)) To hoCert
    If (Not(IsComObjectCreated(hoCert))) Begin
        Send CreateComObject of hoCert
    End

    // Set the token/smartcard PIN prior to loading.
    Set ComSmartCardPin Of hoCert To "123456"

    // Specify the certificate by its common name.
    Get ComLoadFromSmartcard Of hoCert "cn=chilkat-rsa-2048" To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoCert To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    Get ComSubjectCN Of hoCert To sTemp1
    Showln "Signing with cert: " sTemp1

    // Create data to be hashed and signed.
    Get Create (RefClass(cComChilkatBinData)) To hoBd
    If (Not(IsComObjectCreated(hoBd))) Begin
        Send CreateComObject of hoBd
    End

    For i From 0 To 100
        Get ComAppendEncoded Of hoBd "000102030405060708090A0B0C0D0E0F" "hex" To iSuccess
    Loop

    Get Create (RefClass(cComChilkatRsa)) To hoRsa
    If (Not(IsComObjectCreated(hoRsa))) Begin
        Send CreateComObject of hoRsa
    End

    // Use the certificate's private key for signing.
    Get pvComObject of hoCert to vCert
    Get ComSetX509Cert Of hoRsa vCert True To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoRsa To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // Sign the SHA-256 hash of the contents of bd.
    Get Create (RefClass(cComChilkatBinData)) To hoBdSig
    If (Not(IsComObjectCreated(hoBdSig))) Begin
        Send CreateComObject of hoBdSig
    End
    Get pvComObject of hoBd to vBd
    Get pvComObject of hoBdSig to vBdSig
    Get ComSignBd Of hoRsa vBd "sha256" vBdSig To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoRsa To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // The RSA signature is equal in length to the size of the RSA key.
    Get ComNumBytes Of hoBdSig To iTemp1
    Showln "Output signature size in bits = " (iTemp1 * 8)

    // We can save the signature for later verification..
    Get ComWriteFile Of hoBdSig "rsaSignatures/test1.sig" To iSuccess

    // See the example to verify the RSA signature:
    // Verfies an RSA Signature


End_Procedure