Sample code for 30+ languages & platforms
DataFlex

Yubikey RSA Encrypt/Decrypt

See more RSA Examples

Demonstrates how to do RSA decryption using a private key stored on a Yubikey (or other USB token or smartcard).

Note: RSA encryption uses the public key, which is freely exportable and does not need to occur on the token/smartcard.

Chilkat DataFlex Downloads

DataFlex
Use ChilkatAx-win32.pkg

Procedure Test
    Boolean iSuccess
    Variant vBd
    Handle hoBd
    Variant vCert
    Handle hoCert
    Handle hoRsa
    Boolean iUsePrivateKey
    String sTemp1

    Move False To iSuccess

    // This example assumes you have a certificate with private key on the Yubikey token.
    // When doing simple RSA encryption/decryption, we don't actually need the certificate,
    // but we'll be using the private key associated with the certificate.
    // 
    // The sensitive/secret material that needs to be kept private is the private key.
    // The certificate itself and the public key can be freely shared.
    // 

    // We're going to encrypt and decrypt 32-bytes of data.
    Get Create (RefClass(cComChilkatBinData)) To hoBd
    If (Not(IsComObjectCreated(hoBd))) Begin
        Send CreateComObject of hoBd
    End
    Get ComAppendEncoded Of hoBd "000102030405060708090A0B0C0D0E0F" "hex" To iSuccess
    Get ComAppendEncoded Of hoBd "000102030405060708090A0B0C0D0E0F" "hex" To iSuccess

    // Let's get the desired cert.
    // For this example, a self-signed certificate with a 2048-bit RSA key was generated in slot 9A.
    Get Create (RefClass(cComChilkatCert)) To hoCert
    If (Not(IsComObjectCreated(hoCert))) Begin
        Send CreateComObject of hoCert
    End

    // Force Chilkat to use PKCS11 over ScMinidriver (if on Windows) and Apple Keychain (if on MacOS)
    Set ComUncommonOptions Of hoCert To "NoScMinidriver,NoAppleKeychain"

    Set ComSmartCardPin Of hoCert To "123456"

    Get ComLoadFromSmartcard Of hoCert "cn=chilkat_test_2048" To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoCert To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // RSA encrypt using the public key.
    Get Create (RefClass(cComChilkatRsa)) To hoRsa
    If (Not(IsComObjectCreated(hoRsa))) Begin
        Send CreateComObject of hoRsa
    End

    // Provide the RSA object with the certificate on the Yubkey.
    Get pvComObject of hoCert to vCert
    Get ComSetX509Cert Of hoRsa vCert True To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoRsa To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // RSA encrypt using the public key.
    Move False To iUsePrivateKey
    Get pvComObject of hoBd to vBd
    Get ComEncryptBd Of hoRsa vBd iUsePrivateKey To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoRsa To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    Showln "RSA Encrypted Output in Hex:"
    Get ComGetEncoded Of hoBd "hex" To sTemp1
    Showln sTemp1

    // Now let's decrypt, using the private key on the Yubikey.
    Move True To iUsePrivateKey
    Get pvComObject of hoBd to vBd
    Get ComDecryptBd Of hoRsa vBd iUsePrivateKey To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoRsa To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    Showln "RSA Decrypted Output in Hex:"
    Get ComGetEncoded Of hoBd "hex" To sTemp1
    Showln sTemp1


End_Procedure