PureBasic
PureBasic
PKCS11 Import an Existing RSA Public Key onto the HSM
See more PKCS11 Examples
Demonstrates how to import an existing RSA Public Key onto a smart card or token.Note: This example requires Chilkat v9.5.0.96 or later.
Chilkat PureBasic Downloads
IncludeFile "CkPublicKey.pb"
IncludeFile "CkJsonObject.pb"
IncludeFile "CkPkcs11.pb"
IncludeFile "CkPrivateKey.pb"
IncludeFile "CkXml.pb"
IncludeFile "CkRsa.pb"
Procedure ChilkatExample()
success.i = 0
; This example requires the Chilkat API to have been previously unlocked.
; See Global Unlock Sample for sample code.
; Note: Chilkat's PKCS11 implementation runs on Windows, Linux, Mac OS X, and other supported operating systems.
pkcs11.i = CkPkcs11::ckCreate()
If pkcs11.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
; Use the PKCS11 driver (.dll, .so, .dylib) for your particular HSM.
; (The format of the path will change with the operating system. Obviously, "C:/" is not used on non-Windows systems.
CkPkcs11::setCkSharedLibPath(pkcs11, "C:/Program Files (x86)/Gemalto/IDGo 800 PKCS#11/IDPrimePKCS1164.dll")
; Establish a logged-on session.
pin.s = "0000"
userType.i = 1
success = CkPkcs11::ckQuickSession(pkcs11,userType,pin)
If success = 0
Debug CkPkcs11::ckLastErrorText(pkcs11)
CkPkcs11::ckDispose(pkcs11)
ProcedureReturn
EndIf
; Generate a new 2048-bit RSA key.
rsa.i = CkRsa::ckCreate()
If rsa.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
privKey.i = CkPrivateKey::ckCreate()
If privKey.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
success = CkRsa::ckGenKey(rsa,2048,privKey)
If success = 0
Debug CkRsa::ckLastErrorText(rsa)
CkPkcs11::ckDispose(pkcs11)
CkRsa::ckDispose(rsa)
CkPrivateKey::ckDispose(privKey)
ProcedureReturn
EndIf
; Get the public key information as XML, so we can access the modulus and exponent.
xml.i = CkXml::ckCreate()
If xml.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
pubKey.i = CkPublicKey::ckCreate()
If pubKey.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
CkPrivateKey::ckToPublicKey(privKey,pubKey)
CkXml::ckLoadXml(xml,CkPublicKey::ckGetXml(pubKey))
attrs.i = CkJsonObject::ckCreate()
If attrs.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
; Specify the type of object, and the type of key.
CkJsonObject::ckUpdateString(attrs,"class","CKO_PUBLIC_KEY")
CkJsonObject::ckUpdateString(attrs,"key_type","CKK_RSA")
; Add an optional label if desired.
CkJsonObject::ckUpdateString(attrs,"label","RSA Public Key 1")
; Allow the key to be use for verify, wrapping, and encryption operations.
CkJsonObject::ckUpdateBool(attrs,"verify",1)
CkJsonObject::ckUpdateBool(attrs,"wrap",1)
CkJsonObject::ckUpdateBool(attrs,"encrypt",1)
; Make this a session-only public key.
; To store the public key on the token so that it persists after the PKCS11 session, set token = 1.
CkJsonObject::ckUpdateBool(attrs,"token",0)
; Provide the RSA public key material
CkJsonObject::ckUpdateString(attrs,"modulus",CkXml::ckGetChildContent(xml,"Modulus"))
CkJsonObject::ckUpdateString(attrs,"public_exponent",CkXml::ckGetChildContent(xml,"Exponent"))
; Create the RSA public key.
; Returns the PKCS11 object handle of the created key.
objHandle.i = CkPkcs11::ckCreatePkcs11Object(pkcs11,attrs)
If objHandle = 0
Debug CkPkcs11::ckLastErrorText(pkcs11)
Debug "Failed."
Else
Debug "PKCS11 object handle = " + Str(objHandle)
Debug "Successfully imported an RSA key.."
EndIf
CkPkcs11::ckLogout(pkcs11)
CkPkcs11::ckCloseSession(pkcs11)
CkPkcs11::ckDispose(pkcs11)
CkRsa::ckDispose(rsa)
CkPrivateKey::ckDispose(privKey)
CkXml::ckDispose(xml)
CkPublicKey::ckDispose(pubKey)
CkJsonObject::ckDispose(attrs)
ProcedureReturn
EndProcedure