Chilkat HOME .NET Core C# Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi ActiveX Delphi DLL Go Java Lianja Mono C# Node.js Objective-C PHP ActiveX PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(PHP Extension) Import an SSH Key to an HSM using PKCS11See more PKCS11 ExamplesDemonstrates how to import an SSH private key to an HSM (smartcard or token). Note: This example requires Chilkat v9.5.0.96 or later.
<?php // The version number (9_5_0) should match version of the Chilkat extension used, omitting the micro-version number. // For example, if using Chilkat v9.5.0.48, then include as shown here: include("chilkat_9_5_0.php"); // This example requires the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. // Note: Chilkat's PKCS11 implementation runs on Windows, Linux, Mac OS X, and other supported operating systems. $pkcs11 = new CkPkcs11(); // Use the PKCS11 driver (.dll, .so, .dylib) for your particular HSM. // For example: $pkcs11->put_SharedLibPath('C:/Program Files (x86)/Gemalto/IDGo 800 PKCS#11/IDPrimePKCS11.dll'); // Use your HSM's PIN. $pin = '0000'; // Normal user = 1 $userType = 1; // Establish a logged-on user session with the HSM. $success = $pkcs11->QuickSession($userType,$pin); if ($success == false) { print $pkcs11->lastErrorText() . "\n"; exit; } // Create a PKCS11 template for importing the SSH key. $jsonTemplate = new CkJsonObject(); // Indicate the key is to be stored on the token (i.e. it is not a session-only key) $jsonTemplate->UpdateBool('token',true); // The key should have the ability to sign $jsonTemplate->UpdateBool('sign',true); // Let's provide a few attributes to help us find the this key at a later time. // See SSH Public-Key Authentication using an HSM // The ID is byte data, so it should be base64 or hex. // Specify "id" if passing base64 data, "id_hex" for hexidecimal, or "id_ascii" for directly copying the ascii bytes of the string. // You can provide any ID of your choice. It is optional. $jsonTemplate->UpdateString('id_hex','0A0B0C0D01020304'); // Optionally specify a label. $jsonTemplate->UpdateString('label','MySshKey'); // Load the SSH key to be imported to the HSM (smartcard or token) $sshKey = new CkSshKey(); $sshKey->put_Password('password_of_the_encrypted_ppk_file'); $ppkContents = $sshKey->loadText('c:/my_ssh_keys/someSshKey.ppk'); $success = $sshKey->FromPuttyPrivateKey($ppkContents); if ($success == false) { print $sshKey->lastErrorText() . "\n"; exit; } // Import the SSH private key onto the HSM. // The PKCS11 handle to the imported private key is returned. // A 0 is returned on failure. $privKeyHandle = $pkcs11->ImportSshKey($sshKey,$jsonTemplate); if ($privKeyHandle == 0) { print $pkcs11->lastErrorText() . "\n"; exit; } // The private key handle is only valid during the PKCS11 session. // If you wish to use the private key in another PKCS11 session, // you'll first need to find it. See SSH Public-Key Authentication using a Smartcard print 'private key handle: ' . $privKeyHandle . "\n"; print 'Successfully imported the SSH key onto the HSM.' . "\n"; $pkcs11->Logout(); $pkcs11->CloseSession(); ?> |
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.