Objective-C
Objective-C
SSH HSM Public Key Authentication
See more uncategorized Examples
Demonstrates how to authenticate with an SSH server using public key authentication using an HSM (USB token or smartcard).Chilkat Objective-C Downloads
#import <CkoPkcs11.h>
#import <NSString.h>
#import <CkoJsonObject.h>
#import <CkoSshKey.h>
#import <CkoSsh.h>
BOOL success = NO;
// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// Note: Chilkat's PKCS11 implementation runs on Windows, Linux, MacOs, and other supported operating systems.
CkoPkcs11 *pkcs11 = [[CkoPkcs11 alloc] init];
// This would be a path to a .dylib on MacOS, or a path to a .so shared lib on Linux.
pkcs11.SharedLibPath = @"C:/Program Files (x86)/Gemalto/IDGo 800 PKCS#11/IDPrimePKCS1164.dll";
NSString *pin = @"0000";
int userType = 1;
// Establish a PKCS11 logged-on session using the driver (.so, .dylib, or .dll) as specified in the SharedLibPath above.
success = [pkcs11 QuickSession: [NSNumber numberWithInt: userType] pin: pin];
if (success == NO) {
NSLog(@"%@",pkcs11.LastErrorText);
return;
}
// Set PKCS11 attributes to find our desired private key object.
CkoJsonObject *json = [[CkoJsonObject alloc] init];
[json UpdateString: @"class" value: @"private_key"];
[json UpdateString: @"label" value: @"MySshKey"];
// Get the PKCS11 handle to the private key located on the HSM.
unsigned long priv_handle = [pkcs11 FindObject: json];
// Get the PKCS11 handle to the corresponding public key located on the HSM.
[json UpdateString: @"class" value: @"public_key"];
unsigned long pub_handle = [pkcs11 FindObject: json];
CkoSshKey *key = [[CkoSshKey alloc] init];
// The key type can be "rsa" or "ec"
NSString *keyType = @"rsa";
success = [key UsePkcs11: pkcs11 privKeyHandle: priv_handle pubKeyHandle: pub_handle keyType: keyType];
if (success == NO) {
NSLog(@"%@",key.LastErrorText);
return;
}
CkoSsh *ssh = [[CkoSsh alloc] init];
success = [ssh Connect: @"example.com" port: [NSNumber numberWithInt: 22]];
if (success != YES) {
NSLog(@"%@",ssh.LastErrorText);
return;
}
// Authenticate with the SSH server using the login and
// HSM private key. (The corresponding public key should've
// been installed on the SSH server beforehand.)
success = [ssh AuthenticatePk: @"myLogin" privateKey: key];
if (success != YES) {
NSLog(@"%@",ssh.LastErrorText);
return;
}
NSLog(@"%@",@"Public-Key Authentication Successful!");