Perl
Perl
Yubikey RSA Encrypt/Decrypt
See more RSA Examples
Demonstrates how to do RSA decryption using a private key stored on a Yubikey (or other USB token or smartcard).Note: RSA encryption uses the public key, which is freely exportable and does not need to occur on the token/smartcard.
Chilkat Perl Downloads
use chilkat();
$success = 0;
# This example assumes you have a certificate with private key on the Yubikey token.
# When doing simple RSA encryption/decryption, we don't actually need the certificate,
# but we'll be using the private key associated with the certificate.
#
# The sensitive/secret material that needs to be kept private is the private key.
# The certificate itself and the public key can be freely shared.
#
# We're going to encrypt and decrypt 32-bytes of data.
$bd = chilkat::CkBinData->new();
$success = $bd->AppendEncoded("000102030405060708090A0B0C0D0E0F","hex");
$success = $bd->AppendEncoded("000102030405060708090A0B0C0D0E0F","hex");
# Let's get the desired cert.
# For this example, a self-signed certificate with a 2048-bit RSA key was generated in slot 9A.
$cert = chilkat::CkCert->new();
# Force Chilkat to use PKCS11 over ScMinidriver (if on Windows) and Apple Keychain (if on MacOS)
$cert->put_UncommonOptions("NoScMinidriver,NoAppleKeychain");
$cert->put_SmartCardPin("123456");
$success = $cert->LoadFromSmartcard("cn=chilkat_test_2048");
if ($success == 0) {
print $cert->lastErrorText() . "\r\n";
exit;
}
# RSA encrypt using the public key.
$rsa = chilkat::CkRsa->new();
# Provide the RSA object with the certificate on the Yubkey.
$success = $rsa->SetX509Cert($cert,1);
if ($success == 0) {
print $rsa->lastErrorText() . "\r\n";
exit;
}
# RSA encrypt using the public key.
$usePrivateKey = 0;
$success = $rsa->EncryptBd($bd,$usePrivateKey);
if ($success == 0) {
print $rsa->lastErrorText() . "\r\n";
exit;
}
print "RSA Encrypted Output in Hex:" . "\r\n";
print $bd->getEncoded("hex") . "\r\n";
# Now let's decrypt, using the private key on the Yubikey.
$usePrivateKey = 1;
$success = $rsa->DecryptBd($bd,$usePrivateKey);
if ($success == 0) {
print $rsa->lastErrorText() . "\r\n";
exit;
}
print "RSA Decrypted Output in Hex:" . "\r\n";
print $bd->getEncoded("hex") . "\r\n";