Sample code for 30+ languages & platforms
Delphi ActiveX

Yubikey RSA Encrypt/Decrypt

See more RSA Examples

Demonstrates how to do RSA decryption using a private key stored on a Yubikey (or other USB token or smartcard).

Note: RSA encryption uses the public key, which is freely exportable and does not need to occur on the token/smartcard.

Chilkat Delphi ActiveX Downloads

Delphi ActiveX
uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Chilkat_TLB;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Integer;
bd: TChilkatBinData;
cert: TChilkatCert;
rsa: TChilkatRsa;
usePrivateKey: Integer;

begin
success := 0;

// This example assumes you have a certificate with private key on the Yubikey token.
// When doing simple RSA encryption/decryption, we don't actually need the certificate,
// but we'll be using the private key associated with the certificate.
// 
// The sensitive/secret material that needs to be kept private is the private key.
// The certificate itself and the public key can be freely shared.
// 

// We're going to encrypt and decrypt 32-bytes of data.
bd := TChilkatBinData.Create(Self);
success := bd.AppendEncoded('000102030405060708090A0B0C0D0E0F','hex');
success := bd.AppendEncoded('000102030405060708090A0B0C0D0E0F','hex');

// Let's get the desired cert.
// For this example, a self-signed certificate with a 2048-bit RSA key was generated in slot 9A.
cert := TChilkatCert.Create(Self);

// Force Chilkat to use PKCS11 over ScMinidriver (if on Windows) and Apple Keychain (if on MacOS)
cert.UncommonOptions := 'NoScMinidriver,NoAppleKeychain';

cert.SmartCardPin := '123456';

success := cert.LoadFromSmartcard('cn=chilkat_test_2048');
if (success = 0) then
  begin
    Memo1.Lines.Add(cert.LastErrorText);
    Exit;
  end;

// RSA encrypt using the public key.
rsa := TChilkatRsa.Create(Self);

// Provide the RSA object with the certificate on the Yubkey.
success := rsa.SetX509Cert(cert.ControlInterface,1);
if (success = 0) then
  begin
    Memo1.Lines.Add(rsa.LastErrorText);
    Exit;
  end;

// RSA encrypt using the public key.
usePrivateKey := 0;
success := rsa.EncryptBd(bd.ControlInterface,usePrivateKey);
if (success = 0) then
  begin
    Memo1.Lines.Add(rsa.LastErrorText);
    Exit;
  end;

Memo1.Lines.Add('RSA Encrypted Output in Hex:');
Memo1.Lines.Add(bd.GetEncoded('hex'));

// Now let's decrypt, using the private key on the Yubikey.
usePrivateKey := 1;
success := rsa.DecryptBd(bd.ControlInterface,usePrivateKey);
if (success = 0) then
  begin
    Memo1.Lines.Add(rsa.LastErrorText);
    Exit;
  end;

Memo1.Lines.Add('RSA Decrypted Output in Hex:');
Memo1.Lines.Add(bd.GetEncoded('hex'));
end;