Sample code for 30+ languages & platforms
Go

RSA Sign using a Private Key on a USB Token or Smartcard

See more Apple Keychain Examples

Create an RSA signature using a private key stored on a USB token or smartcard.

Note: On MacOS and iOS, this example requires Chilkat v10.1.2 or later when the Apple Keychain is used as the underlying means to do the signing.

Chilkat Go Downloads

Go
    success := false

    // Assuming the smartcard/USB token is installed with the correct drivers from the manufacturer,
    // this code can work on multiple platforms including Windows, MacOS, Linux, and iOS.

    // Chilkat automatically detects and determines the way in which the HSM is used,
    // which can be by PKCS11, Apple Keychain, Microsoft CNG / Crypto API, or ScMinidriver.

    cert := chilkat.NewCert()

    // Set the token/smartcard PIN prior to loading.
    cert.SetSmartCardPin("123456")

    // Specify the certificate by its common name.
    success = cert.LoadFromSmartcard("cn=chilkat-rsa-2048")
    if success == false {
        fmt.Println(cert.LastErrorText())
        cert.DisposeCert()
        return
    }

    fmt.Println("Signing with cert: ", cert.SubjectCN())

    // Create data to be hashed and signed.
    bd := chilkat.NewBinData()
    var i int
    for i = 0; i <= 100; i++ {
        bd.AppendEncoded("000102030405060708090A0B0C0D0E0F","hex")
    }

    rsa := chilkat.NewRsa()

    // Use the certificate's private key for signing.
    success = rsa.SetX509Cert(cert,true)
    if success == false {
        fmt.Println(rsa.LastErrorText())
        cert.DisposeCert()
        bd.DisposeBinData()
        rsa.DisposeRsa()
        return
    }

    // Sign the SHA-256 hash of the contents of bd.
    bdSig := chilkat.NewBinData()
    success = rsa.SignBd(bd,"sha256",bdSig)
    if success == false {
        fmt.Println(rsa.LastErrorText())
        cert.DisposeCert()
        bd.DisposeBinData()
        rsa.DisposeRsa()
        bdSig.DisposeBinData()
        return
    }

    // The RSA signature is equal in length to the size of the RSA key.
    fmt.Println("Output signature size in bits = ", bdSig.NumBytes() * 8)

    // We can save the signature for later verification..
    bdSig.WriteFile("rsaSignatures/test1.sig")

    // See the example to verify the RSA signature:
    // Verfies an RSA Signature

    cert.DisposeCert()
    bd.DisposeBinData()
    rsa.DisposeRsa()
    bdSig.DisposeBinData()