Sample code for 30+ languages & platforms
DataFlex

SSH HSM Public Key Authentication

See more uncategorized Examples

Demonstrates how to authenticate with an SSH server using public key authentication using an HSM (USB token or smartcard).

Chilkat DataFlex Downloads

DataFlex
Use ChilkatAx-win32.pkg

Procedure Test
    Boolean iSuccess
    Variant vPkcs11
    Handle hoPkcs11
    String sPin
    Integer iUserType
    Variant vJson
    Handle hoJson
    UInteger iPriv_handle
    UInteger iPub_handle
    Variant vKey
    Handle hoKey
    String sKeyType
    Handle hoSsh
    String sTemp1

    Move False To iSuccess

    // This example assumes the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // Note: Chilkat's PKCS11 implementation runs on Windows, Linux, MacOs, and other supported operating systems.

    Get Create (RefClass(cComChilkatPkcs11)) To hoPkcs11
    If (Not(IsComObjectCreated(hoPkcs11))) Begin
        Send CreateComObject of hoPkcs11
    End

    // This would be a path to a .dylib on MacOS, or a path to a .so shared lib on Linux.
    Set ComSharedLibPath Of hoPkcs11 To "C:/Program Files (x86)/Gemalto/IDGo 800 PKCS#11/IDPrimePKCS1164.dll"
    Move "0000" To sPin
    Move 1 To iUserType

    // Establish a PKCS11 logged-on session using the driver (.so, .dylib, or .dll) as specified in the SharedLibPath above.
    Get ComQuickSession Of hoPkcs11 iUserType sPin To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoPkcs11 To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // Set PKCS11 attributes to find our desired private key object.
    Get Create (RefClass(cComChilkatJsonObject)) To hoJson
    If (Not(IsComObjectCreated(hoJson))) Begin
        Send CreateComObject of hoJson
    End
    Get ComUpdateString Of hoJson "class" "private_key" To iSuccess
    Get ComUpdateString Of hoJson "label" "MySshKey" To iSuccess

    // Get the PKCS11 handle to the private key located on the HSM.
    Get pvComObject of hoJson to vJson
    Get ComFindObject Of hoPkcs11 vJson To iPriv_handle

    // Get the PKCS11 handle to the corresponding public key located on the HSM.
    Get ComUpdateString Of hoJson "class" "public_key" To iSuccess

    Get pvComObject of hoJson to vJson
    Get ComFindObject Of hoPkcs11 vJson To iPub_handle

    Get Create (RefClass(cComChilkatSshKey)) To hoKey
    If (Not(IsComObjectCreated(hoKey))) Begin
        Send CreateComObject of hoKey
    End
    // The key type can be "rsa" or "ec"
    Move "rsa" To sKeyType
    Get pvComObject of hoPkcs11 to vPkcs11
    Get ComUsePkcs11 Of hoKey vPkcs11 iPriv_handle iPub_handle sKeyType To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoKey To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    Get Create (RefClass(cComChilkatSsh)) To hoSsh
    If (Not(IsComObjectCreated(hoSsh))) Begin
        Send CreateComObject of hoSsh
    End

    Get ComConnect Of hoSsh "example.com" 22 To iSuccess
    If (iSuccess <> True) Begin
        Get ComLastErrorText Of hoSsh To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // Authenticate with the SSH server using the login and
    // HSM private key.  (The corresponding public key should've 
    // been installed on the SSH server beforehand.)
    Get pvComObject of hoKey to vKey
    Get ComAuthenticatePk Of hoSsh "myLogin" vKey To iSuccess
    If (iSuccess <> True) Begin
        Get ComLastErrorText Of hoSsh To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    Showln "Public-Key Authentication Successful!"


End_Procedure