Sample code for 30+ languages & platforms
Lianja

RSA Sign using a Private Key on a USB Token or Smartcard

See more Apple Keychain Examples

Create an RSA signature using a private key stored on a USB token or smartcard.

Note: On MacOS and iOS, this example requires Chilkat v10.1.2 or later when the Apple Keychain is used as the underlying means to do the signing.

Chilkat Lianja Downloads

Lianja
llSuccess = .F.

// Assuming the smartcard/USB token is installed with the correct drivers from the manufacturer,
// this code can work on multiple platforms including Windows, MacOS, Linux, and iOS.

// Chilkat automatically detects and determines the way in which the HSM is used,
// which can be by PKCS11, Apple Keychain, Microsoft CNG / Crypto API, or ScMinidriver.

loCert = createobject("CkCert")

// Set the token/smartcard PIN prior to loading.
loCert.SmartCardPin = "123456"

// Specify the certificate by its common name.
llSuccess = loCert.LoadFromSmartcard("cn=chilkat-rsa-2048")
if (llSuccess = .F.) then
    ? loCert.LastErrorText
    release loCert
    return
endif

? "Signing with cert: " + loCert.SubjectCN

// Create data to be hashed and signed.
loBd = createobject("CkBinData")

for i = 0 to 100
    loBd.AppendEncoded("000102030405060708090A0B0C0D0E0F","hex")
next

loRsa = createobject("CkRsa")

// Use the certificate's private key for signing.
llSuccess = loRsa.SetX509Cert(loCert,.T.)
if (llSuccess = .F.) then
    ? loRsa.LastErrorText
    release loCert
    release loBd
    release loRsa
    return
endif

// Sign the SHA-256 hash of the contents of bd.
loBdSig = createobject("CkBinData")
llSuccess = loRsa.SignBd(loBd,"sha256",loBdSig)
if (llSuccess = .F.) then
    ? loRsa.LastErrorText
    release loCert
    release loBd
    release loRsa
    release loBdSig
    return
endif

// The RSA signature is equal in length to the size of the RSA key.
? "Output signature size in bits = " + str(loBdSig.NumBytes * 8)

// We can save the signature for later verification..
loBdSig.WriteFile("rsaSignatures/test1.sig")

// See the example to verify the RSA signature:
// Verfies an RSA Signature


release loCert
release loBd
release loRsa
release loBdSig