Sample code for 30+ languages & platforms
PHP Extension

RSA Sign using a Private Key on a USB Token or Smartcard

See more Apple Keychain Examples

Create an RSA signature using a private key stored on a USB token or smartcard.

Note: On MacOS and iOS, this example requires Chilkat v10.1.2 or later when the Apple Keychain is used as the underlying means to do the signing.

Chilkat PHP Extension Downloads

PHP Extension
<?php

include("chilkat.php");

$success = false;

// Assuming the smartcard/USB token is installed with the correct drivers from the manufacturer,
// this code can work on multiple platforms including Windows, MacOS, Linux, and iOS.

// Chilkat automatically detects and determines the way in which the HSM is used,
// which can be by PKCS11, Apple Keychain, Microsoft CNG / Crypto API, or ScMinidriver.

$cert = new CkCert();

// Set the token/smartcard PIN prior to loading.
$cert->put_SmartCardPin('123456');

// Specify the certificate by its common name.
$success = $cert->LoadFromSmartcard('cn=chilkat-rsa-2048');
if ($success == false) {
    print $cert->lastErrorText() . "\n";
    exit;
}

print 'Signing with cert: ' . $cert->subjectCN() . "\n";

// Create data to be hashed and signed.
$bd = new CkBinData();

for ($i = 0; $i <= 100; $i++) {
    $bd->AppendEncoded('000102030405060708090A0B0C0D0E0F','hex');
}

$rsa = new CkRsa();

// Use the certificate's private key for signing.
$success = $rsa->SetX509Cert($cert,true);
if ($success == false) {
    print $rsa->lastErrorText() . "\n";
    exit;
}

// Sign the SHA-256 hash of the contents of bd.
$bdSig = new CkBinData();
$success = $rsa->SignBd($bd,'sha256',$bdSig);
if ($success == false) {
    print $rsa->lastErrorText() . "\n";
    exit;
}

// The RSA signature is equal in length to the size of the RSA key.
print 'Output signature size in bits = ' . ($bdSig->get_NumBytes() * 8) . "\n";

// We can save the signature for later verification..
$bdSig->WriteFile('rsaSignatures/test1.sig');

// See the example to verify the RSA signature:
// Verfies an RSA Signature

?>