Sample code for 30+ languages & platforms
Delphi ActiveX

RSA Sign using Private Key of Certificate Type A3 (smart card / token)

See more RSA Examples

Demonstrates RSA signing data using the private key of a certificate type A3 (smart card, token).

Note: This is a Windows-only example.

Chilkat Delphi ActiveX Downloads

Delphi ActiveX
uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Chilkat_TLB;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Integer;
certStore: TChilkatCertStore;
thumbprint: WideString;
bReadOnly: Integer;
json: TChilkatJsonObject;
cert: TChilkatCert;
rsa: TChilkatRsa;
bUsePrivateKey: Integer;
fac: TCkFileAccess;
inData: Array of Byte;
signature: Array of Byte;

begin
success := 0;

// First get the A3 certificate that was installed on the Windows system.
certStore := TChilkatCertStore.Create(Self);

thumbprint := '12c1dd8015f3f03f7b1fa619dc24e2493ca8b4b2';

// This is specific to Windows because it is opening the Windows Current-User certificate store.
bReadOnly := 1;
success := certStore.OpenCurrentUserStore(bReadOnly);
if (success <> 1) then
  begin
    Memo1.Lines.Add(certStore.LastErrorText);
    Exit;
  end;

// Find the certificate with the desired thumbprint
// (There are many ways to locate a certificate.  This example chooses to find by thumbprint.)
json := TChilkatJsonObject.Create(Self);
json.UpdateString('thumbprint',thumbprint);

cert := TChilkatCert.Create(Self);
success := certStore.FindCert(json.ControlInterface,cert.ControlInterface);
if (success = 0) then
  begin
    Memo1.Lines.Add('Failed to find the certificate.');
    Exit;
  end;

Memo1.Lines.Add('Found: ' + cert.SubjectCN);

rsa := TChilkatRsa.Create(Self);

// Provide the cert's private key
bUsePrivateKey := 1;
success := rsa.SetX509Cert(cert.ControlInterface,bUsePrivateKey);
if (success <> 1) then
  begin
    Memo1.Lines.Add(rsa.LastErrorText);
    Exit;
  end;

// Now we're ready to sign..
fac := TCkFileAccess.Create(Self);

// Get bytes to be signed..
inData := fac.ReadEntireFile('in.dat');
signature := rsa.SignBytes(inData,'SHA-256');
if (rsa.LastMethodSuccess <> 1) then
  begin
    Memo1.Lines.Add(rsa.LastErrorText);
    Exit;
  end;

Memo1.Lines.Add('Signature created.');
end;