Sample code for 30+ languages & platforms
.NET Core C#

RSA Sign using a Private Key on a USB Token or Smartcard

See more Apple Keychain Examples

Create an RSA signature using a private key stored on a USB token or smartcard.

Note: On MacOS and iOS, this example requires Chilkat v10.1.2 or later when the Apple Keychain is used as the underlying means to do the signing.

Chilkat .NET Core C# Downloads

.NET Core C#
bool success = false;

// Assuming the smartcard/USB token is installed with the correct drivers from the manufacturer,
// this code can work on multiple platforms including Windows, MacOS, Linux, and iOS.

// Chilkat automatically detects and determines the way in which the HSM is used,
// which can be by PKCS11, Apple Keychain, Microsoft CNG / Crypto API, or ScMinidriver.

Chilkat.Cert cert = new Chilkat.Cert();

// Set the token/smartcard PIN prior to loading.
cert.SmartCardPin = "123456";

// Specify the certificate by its common name.
success = cert.LoadFromSmartcard("cn=chilkat-rsa-2048");
if (success == false) {
    Debug.WriteLine(cert.LastErrorText);
    return;
}

Debug.WriteLine("Signing with cert: " + cert.SubjectCN);

// Create data to be hashed and signed.
Chilkat.BinData bd = new Chilkat.BinData();
int i;
for (i = 0; i <= 100; i++) {
    bd.AppendEncoded("000102030405060708090A0B0C0D0E0F","hex");
}

Chilkat.Rsa rsa = new Chilkat.Rsa();

// Use the certificate's private key for signing.
success = rsa.SetX509Cert(cert,true);
if (success == false) {
    Debug.WriteLine(rsa.LastErrorText);
    return;
}

// Sign the SHA-256 hash of the contents of bd.
Chilkat.BinData bdSig = new Chilkat.BinData();
success = rsa.SignBd(bd,"sha256",bdSig);
if (success == false) {
    Debug.WriteLine(rsa.LastErrorText);
    return;
}

// The RSA signature is equal in length to the size of the RSA key.
Debug.WriteLine("Output signature size in bits = " + Convert.ToString(bdSig.NumBytes * 8));

// We can save the signature for later verification..
bdSig.WriteFile("rsaSignatures/test1.sig");

// See the example to verify the RSA signature:
// Verfies an RSA Signature