Sample code for 30+ languages & platforms
PHP ActiveX

RSA Sign using a Private Key on a USB Token or Smartcard

See more Apple Keychain Examples

Create an RSA signature using a private key stored on a USB token or smartcard.

Note: On MacOS and iOS, this example requires Chilkat v10.1.2 or later when the Apple Keychain is used as the underlying means to do the signing.

Chilkat PHP ActiveX Downloads

PHP ActiveX
<?php

$success = 0;

// Assuming the smartcard/USB token is installed with the correct drivers from the manufacturer,
// this code can work on multiple platforms including Windows, MacOS, Linux, and iOS.

// Chilkat automatically detects and determines the way in which the HSM is used,
// which can be by PKCS11, Apple Keychain, Microsoft CNG / Crypto API, or ScMinidriver.

$cert = new COM("Chilkat.Cert");

// Set the token/smartcard PIN prior to loading.
$cert->SmartCardPin = '123456';

// Specify the certificate by its common name.
$success = $cert->LoadFromSmartcard('cn=chilkat-rsa-2048');
if ($success == 0) {
    print $cert->LastErrorText . "\n";
    exit;
}

print 'Signing with cert: ' . $cert->SubjectCN . "\n";

// Create data to be hashed and signed.
$bd = new COM("Chilkat.BinData");

for ($i = 0; $i <= 100; $i++) {
    $bd->AppendEncoded('000102030405060708090A0B0C0D0E0F','hex');
}

$rsa = new COM("Chilkat.Rsa");

// Use the certificate's private key for signing.
$success = $rsa->SetX509Cert($cert,1);
if ($success == 0) {
    print $rsa->LastErrorText . "\n";
    exit;
}

// Sign the SHA-256 hash of the contents of bd.
$bdSig = new COM("Chilkat.BinData");
$success = $rsa->SignBd($bd,'sha256',$bdSig);
if ($success == 0) {
    print $rsa->LastErrorText . "\n";
    exit;
}

// The RSA signature is equal in length to the size of the RSA key.
print 'Output signature size in bits = ' . ($bdSig->NumBytes * 8) . "\n";

// We can save the signature for later verification..
$bdSig->WriteFile('rsaSignatures/test1.sig');

// See the example to verify the RSA signature:
// Verfies an RSA Signature

?>