|
Chilkat • HOME • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi DLL • Go • Java • Node.js • Objective-C • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(PureBasic) Import an SSH Key to an HSM using PKCS11See more PKCS11 ExamplesDemonstrates how to import an SSH private key to an HSM (smartcard or token).Note: This example requires Chilkat v9.5.0.96 or later.
IncludeFile "CkPkcs11.pb" IncludeFile "CkJsonObject.pb" IncludeFile "CkSshKey.pb" Procedure ChilkatExample() ; This example requires the Chilkat API to have been previously unlocked. ; See Global Unlock Sample for sample code. ; Note: Chilkat's PKCS11 implementation runs on Windows, Linux, Mac OS X, and other supported operating systems. pkcs11.i = CkPkcs11::ckCreate() If pkcs11.i = 0 Debug "Failed to create object." ProcedureReturn EndIf ; Use the PKCS11 driver (.dll, .so, .dylib) for your particular HSM. ; For example: CkPkcs11::setCkSharedLibPath(pkcs11, "C:/Program Files (x86)/Gemalto/IDGo 800 PKCS#11/IDPrimePKCS11.dll") ; Use your HSM's PIN. pin.s = "0000" ; Normal user = 1 userType.i = 1 ; Establish a logged-on user session with the HSM. success.i = CkPkcs11::ckQuickSession(pkcs11,userType,pin) If success = 0 Debug CkPkcs11::ckLastErrorText(pkcs11) CkPkcs11::ckDispose(pkcs11) ProcedureReturn EndIf ; Create a PKCS11 template for importing the SSH key. jsonTemplate.i = CkJsonObject::ckCreate() If jsonTemplate.i = 0 Debug "Failed to create object." ProcedureReturn EndIf ; Indicate the key is to be stored on the token (i.e. it is not a session-only key) CkJsonObject::ckUpdateBool(jsonTemplate,"token",1) ; The key should have the ability to sign CkJsonObject::ckUpdateBool(jsonTemplate,"sign",1) ; Let's provide a few attributes to help us find the this key at a later time. ; See SSH Public-Key Authentication using an HSM ; The ID is byte data, so it should be base64 or hex. ; Specify "id" if passing base64 data, "id_hex" for hexidecimal, or "id_ascii" for directly copying the ascii bytes of the string. ; You can provide any ID of your choice. It is optional. CkJsonObject::ckUpdateString(jsonTemplate,"id_hex","0A0B0C0D01020304") ; Optionally specify a label. CkJsonObject::ckUpdateString(jsonTemplate,"label","MySshKey") ; Load the SSH key to be imported to the HSM (smartcard or token) sshKey.i = CkSshKey::ckCreate() If sshKey.i = 0 Debug "Failed to create object." ProcedureReturn EndIf CkSshKey::setCkPassword(sshKey, "password_of_the_encrypted_ppk_file") ppkContents.s = CkSshKey::ckLoadText(sshKey,"c:/my_ssh_keys/someSshKey.ppk") success = CkSshKey::ckFromPuttyPrivateKey(sshKey,ppkContents) If success = 0 Debug CkSshKey::ckLastErrorText(sshKey) CkPkcs11::ckDispose(pkcs11) CkJsonObject::ckDispose(jsonTemplate) CkSshKey::ckDispose(sshKey) ProcedureReturn EndIf ; Import the SSH private key onto the HSM. ; The PKCS11 handle to the imported private key is returned. ; A 0 is returned on failure. privKeyHandle.i = CkPkcs11::ckImportSshKey(pkcs11,sshKey,jsonTemplate) If privKeyHandle = 0 Debug CkPkcs11::ckLastErrorText(pkcs11) CkPkcs11::ckDispose(pkcs11) CkJsonObject::ckDispose(jsonTemplate) CkSshKey::ckDispose(sshKey) ProcedureReturn EndIf ; The private key handle is only valid during the PKCS11 session. ; If you wish to use the private key in another PKCS11 session, ; you'll first need to find it. See SSH Public-Key Authentication using a Smartcard Debug "private key handle: " + Str(privKeyHandle) Debug "Successfully imported the SSH key onto the HSM." CkPkcs11::ckLogout(pkcs11) CkPkcs11::ckCloseSession(pkcs11) CkPkcs11::ckDispose(pkcs11) CkJsonObject::ckDispose(jsonTemplate) CkSshKey::ckDispose(sshKey) ProcedureReturn EndProcedure |
||||
© 2000-2025 Chilkat Software, Inc. All Rights Reserved.