DataFlex
DataFlex
Yubikey RSA Encrypt/Decrypt
See more RSA Examples
Demonstrates how to do RSA decryption using a private key stored on a Yubikey (or other USB token or smartcard).Note: RSA encryption uses the public key, which is freely exportable and does not need to occur on the token/smartcard.
Chilkat DataFlex Downloads
Use ChilkatAx-win32.pkg
Procedure Test
Boolean iSuccess
Variant vBd
Handle hoBd
Variant vCert
Handle hoCert
Handle hoRsa
Boolean iUsePrivateKey
String sTemp1
Move False To iSuccess
// This example assumes you have a certificate with private key on the Yubikey token.
// When doing simple RSA encryption/decryption, we don't actually need the certificate,
// but we'll be using the private key associated with the certificate.
//
// The sensitive/secret material that needs to be kept private is the private key.
// The certificate itself and the public key can be freely shared.
//
// We're going to encrypt and decrypt 32-bytes of data.
Get Create (RefClass(cComChilkatBinData)) To hoBd
If (Not(IsComObjectCreated(hoBd))) Begin
Send CreateComObject of hoBd
End
Get ComAppendEncoded Of hoBd "000102030405060708090A0B0C0D0E0F" "hex" To iSuccess
Get ComAppendEncoded Of hoBd "000102030405060708090A0B0C0D0E0F" "hex" To iSuccess
// Let's get the desired cert.
// For this example, a self-signed certificate with a 2048-bit RSA key was generated in slot 9A.
Get Create (RefClass(cComChilkatCert)) To hoCert
If (Not(IsComObjectCreated(hoCert))) Begin
Send CreateComObject of hoCert
End
// Force Chilkat to use PKCS11 over ScMinidriver (if on Windows) and Apple Keychain (if on MacOS)
Set ComUncommonOptions Of hoCert To "NoScMinidriver,NoAppleKeychain"
Set ComSmartCardPin Of hoCert To "123456"
Get ComLoadFromSmartcard Of hoCert "cn=chilkat_test_2048" To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoCert To sTemp1
Showln sTemp1
Procedure_Return
End
// RSA encrypt using the public key.
Get Create (RefClass(cComChilkatRsa)) To hoRsa
If (Not(IsComObjectCreated(hoRsa))) Begin
Send CreateComObject of hoRsa
End
// Provide the RSA object with the certificate on the Yubkey.
Get pvComObject of hoCert to vCert
Get ComSetX509Cert Of hoRsa vCert True To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoRsa To sTemp1
Showln sTemp1
Procedure_Return
End
// RSA encrypt using the public key.
Move False To iUsePrivateKey
Get pvComObject of hoBd to vBd
Get ComEncryptBd Of hoRsa vBd iUsePrivateKey To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoRsa To sTemp1
Showln sTemp1
Procedure_Return
End
Showln "RSA Encrypted Output in Hex:"
Get ComGetEncoded Of hoBd "hex" To sTemp1
Showln sTemp1
// Now let's decrypt, using the private key on the Yubikey.
Move True To iUsePrivateKey
Get pvComObject of hoBd to vBd
Get ComDecryptBd Of hoRsa vBd iUsePrivateKey To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoRsa To sTemp1
Showln sTemp1
Procedure_Return
End
Showln "RSA Decrypted Output in Hex:"
Get ComGetEncoded Of hoBd "hex" To sTemp1
Showln sTemp1
End_Procedure