Sample code for 30+ languages & platforms
Objective-C

Yubikey RSA Encrypt/Decrypt

See more RSA Examples

Demonstrates how to do RSA decryption using a private key stored on a Yubikey (or other USB token or smartcard).

Note: RSA encryption uses the public key, which is freely exportable and does not need to occur on the token/smartcard.

Chilkat Objective-C Downloads

Objective-C
#import <CkoBinData.h>
#import <CkoCert.h>
#import <CkoRsa.h>

BOOL success = NO;

// This example assumes you have a certificate with private key on the Yubikey token.
// When doing simple RSA encryption/decryption, we don't actually need the certificate,
// but we'll be using the private key associated with the certificate.
// 
// The sensitive/secret material that needs to be kept private is the private key.
// The certificate itself and the public key can be freely shared.
// 

// We're going to encrypt and decrypt 32-bytes of data.
CkoBinData *bd = [[CkoBinData alloc] init];
success = [bd AppendEncoded: @"000102030405060708090A0B0C0D0E0F" encoding: @"hex"];
success = [bd AppendEncoded: @"000102030405060708090A0B0C0D0E0F" encoding: @"hex"];

// Let's get the desired cert.
// For this example, a self-signed certificate with a 2048-bit RSA key was generated in slot 9A.
CkoCert *cert = [[CkoCert alloc] init];

// Force Chilkat to use PKCS11 over ScMinidriver (if on Windows) and Apple Keychain (if on MacOS)
cert.UncommonOptions = @"NoScMinidriver,NoAppleKeychain";

cert.SmartCardPin = @"123456";

success = [cert LoadFromSmartcard: @"cn=chilkat_test_2048"];
if (success == NO) {
    NSLog(@"%@",cert.LastErrorText);
    return;
}

// RSA encrypt using the public key.
CkoRsa *rsa = [[CkoRsa alloc] init];

// Provide the RSA object with the certificate on the Yubkey.
success = [rsa SetX509Cert: cert usePrivateKey: YES];
if (success == NO) {
    NSLog(@"%@",rsa.LastErrorText);
    return;
}

// RSA encrypt using the public key.
BOOL usePrivateKey = NO;
success = [rsa EncryptBd: bd usePrivateKey: usePrivateKey];
if (success == NO) {
    NSLog(@"%@",rsa.LastErrorText);
    return;
}

NSLog(@"%@",@"RSA Encrypted Output in Hex:");
NSLog(@"%@",[bd GetEncoded: @"hex"]);

// Now let's decrypt, using the private key on the Yubikey.
usePrivateKey = YES;
success = [rsa DecryptBd: bd usePrivateKey: usePrivateKey];
if (success == NO) {
    NSLog(@"%@",rsa.LastErrorText);
    return;
}

NSLog(@"%@",@"RSA Decrypted Output in Hex:");
NSLog(@"%@",[bd GetEncoded: @"hex"]);