Objective-C
Objective-C
RSA Sign using a Private Key on a USB Token or Smartcard
See more Apple Keychain Examples
Create an RSA signature using a private key stored on a USB token or smartcard.Note: On MacOS and iOS, this example requires Chilkat v10.1.2 or later when the Apple Keychain is used as the underlying means to do the signing.
Chilkat Objective-C Downloads
#import <CkoCert.h>
#import <CkoBinData.h>
#import <CkoRsa.h>
BOOL success = NO;
// Assuming the smartcard/USB token is installed with the correct drivers from the manufacturer,
// this code can work on multiple platforms including Windows, MacOS, Linux, and iOS.
// Chilkat automatically detects and determines the way in which the HSM is used,
// which can be by PKCS11, Apple Keychain, Microsoft CNG / Crypto API, or ScMinidriver.
CkoCert *cert = [[CkoCert alloc] init];
// Set the token/smartcard PIN prior to loading.
cert.SmartCardPin = @"123456";
// Specify the certificate by its common name.
success = [cert LoadFromSmartcard: @"cn=chilkat-rsa-2048"];
if (success == NO) {
NSLog(@"%@",cert.LastErrorText);
return;
}
NSLog(@"%@%@",@"Signing with cert: ",cert.SubjectCN);
// Create data to be hashed and signed.
CkoBinData *bd = [[CkoBinData alloc] init];
int i;
for (i = 0; i <= 100; i++) {
[bd AppendEncoded: @"000102030405060708090A0B0C0D0E0F" encoding: @"hex"];
}
CkoRsa *rsa = [[CkoRsa alloc] init];
// Use the certificate's private key for signing.
success = [rsa SetX509Cert: cert usePrivateKey: YES];
if (success == NO) {
NSLog(@"%@",rsa.LastErrorText);
return;
}
// Sign the SHA-256 hash of the contents of bd.
CkoBinData *bdSig = [[CkoBinData alloc] init];
success = [rsa SignBd: bd hashAlgorithm: @"sha256" bdSig: bdSig];
if (success == NO) {
NSLog(@"%@",rsa.LastErrorText);
return;
}
// The RSA signature is equal in length to the size of the RSA key.
NSLog(@"%@%d",@"Output signature size in bits = ",[bdSig.NumBytes intValue] * 8);
// We can save the signature for later verification..
[bdSig WriteFile: @"rsaSignatures/test1.sig"];
// See the example to verify the RSA signature:
// Verfies an RSA Signature