PowerShell
PowerShell
RSA Sign using a Private Key on a USB Token or Smartcard
See more Apple Keychain Examples
Create an RSA signature using a private key stored on a USB token or smartcard.Note: On MacOS and iOS, this example requires Chilkat v10.1.2 or later when the Apple Keychain is used as the underlying means to do the signing.
Chilkat PowerShell Downloads
Add-Type -Path "C:\chilkat\ChilkatDotNet47-x64\ChilkatDotNet47.dll"
$success = $false
# Assuming the smartcard/USB token is installed with the correct drivers from the manufacturer,
# this code can work on multiple platforms including Windows, MacOS, Linux, and iOS.
# Chilkat automatically detects and determines the way in which the HSM is used,
# which can be by PKCS11, Apple Keychain, Microsoft CNG / Crypto API, or ScMinidriver.
$cert = New-Object Chilkat.Cert
# Set the token/smartcard PIN prior to loading.
$cert.SmartCardPin = "123456"
# Specify the certificate by its common name.
$success = $cert.LoadFromSmartcard("cn=chilkat-rsa-2048")
if ($success -eq $false) {
$($cert.LastErrorText)
exit
}
$("Signing with cert: " + $cert.SubjectCN)
# Create data to be hashed and signed.
$bd = New-Object Chilkat.BinData
for ($i = 0; $i -le 100; $i++) {
$bd.AppendEncoded("000102030405060708090A0B0C0D0E0F","hex")
}
$rsa = New-Object Chilkat.Rsa
# Use the certificate's private key for signing.
$success = $rsa.SetX509Cert($cert,$true)
if ($success -eq $false) {
$($rsa.LastErrorText)
exit
}
# Sign the SHA-256 hash of the contents of bd.
$bdSig = New-Object Chilkat.BinData
$success = $rsa.SignBd($bd,"sha256",$bdSig)
if ($success -eq $false) {
$($rsa.LastErrorText)
exit
}
# The RSA signature is equal in length to the size of the RSA key.
$("Output signature size in bits = " + $bdSig.NumBytes * 8)
# We can save the signature for later verification..
$bdSig.WriteFile("rsaSignatures/test1.sig")
# See the example to verify the RSA signature:
# Verfies an RSA Signature