Sample code for 30+ languages & platforms
PureBasic

RSA Sign using a Private Key on a USB Token or Smartcard

See more Apple Keychain Examples

Create an RSA signature using a private key stored on a USB token or smartcard.

Note: On MacOS and iOS, this example requires Chilkat v10.1.2 or later when the Apple Keychain is used as the underlying means to do the signing.

Chilkat PureBasic Downloads

PureBasic
IncludeFile "CkBinData.pb"
IncludeFile "CkCert.pb"
IncludeFile "CkRsa.pb"

Procedure ChilkatExample()

    success.i = 0

    ; Assuming the smartcard/USB token is installed with the correct drivers from the manufacturer,
    ; this code can work on multiple platforms including Windows, MacOS, Linux, and iOS.

    ; Chilkat automatically detects and determines the way in which the HSM is used,
    ; which can be by PKCS11, Apple Keychain, Microsoft CNG / Crypto API, or ScMinidriver.

    cert.i = CkCert::ckCreate()
    If cert.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    ; Set the token/smartcard PIN prior to loading.
    CkCert::setCkSmartCardPin(cert, "123456")

    ; Specify the certificate by its common name.
    success = CkCert::ckLoadFromSmartcard(cert,"cn=chilkat-rsa-2048")
    If success = 0
        Debug CkCert::ckLastErrorText(cert)
        CkCert::ckDispose(cert)
        ProcedureReturn
    EndIf

    Debug "Signing with cert: " + CkCert::ckSubjectCN(cert)

    ; Create data to be hashed and signed.
    bd.i = CkBinData::ckCreate()
    If bd.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    i.i
    For i = 0 To 100
        CkBinData::ckAppendEncoded(bd,"000102030405060708090A0B0C0D0E0F","hex")
    Next

    rsa.i = CkRsa::ckCreate()
    If rsa.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    ; Use the certificate's private key for signing.
    success = CkRsa::ckSetX509Cert(rsa,cert,1)
    If success = 0
        Debug CkRsa::ckLastErrorText(rsa)
        CkCert::ckDispose(cert)
        CkBinData::ckDispose(bd)
        CkRsa::ckDispose(rsa)
        ProcedureReturn
    EndIf

    ; Sign the SHA-256 hash of the contents of bd.
    bdSig.i = CkBinData::ckCreate()
    If bdSig.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success = CkRsa::ckSignBd(rsa,bd,"sha256",bdSig)
    If success = 0
        Debug CkRsa::ckLastErrorText(rsa)
        CkCert::ckDispose(cert)
        CkBinData::ckDispose(bd)
        CkRsa::ckDispose(rsa)
        CkBinData::ckDispose(bdSig)
        ProcedureReturn
    EndIf

    ; The RSA signature is equal in length to the size of the RSA key.
    Debug "Output signature size in bits = " + Str(CkBinData::ckNumBytes(bdSig) * 8)

    ; We can save the signature for later verification..
    CkBinData::ckWriteFile(bdSig,"rsaSignatures/test1.sig")

    ; See the example to verify the RSA signature:
    ; Verfies an RSA Signature


    CkCert::ckDispose(cert)
    CkBinData::ckDispose(bd)
    CkRsa::ckDispose(rsa)
    CkBinData::ckDispose(bdSig)


    ProcedureReturn
EndProcedure