Sample code for 30+ languages & platforms
Tcl

ScMinidriver - Import a Certificate to IDPrime MD T=0 Smart Card

See more ScMinidriver Examples

Demonstrates how to import a certificate and its private key to a key container on an ID Prime MD T=0 smartcard.

Note: Requires Chilkat v9.5.0.88 or later. This example only runs on Windows because ScMinidriver is a Windows-only class.

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

set scmd [new_CkScMinidriver]

# Reader names (smart card readers or USB tokens) can be discovered
# via List Readers or Find Smart Cards
set readerName "SCM Microsystems Inc. SCR33x USB Smart Card Reader 0"
set success [CkScMinidriver_AcquireContext $scmd $readerName]
if {$success == 0} then {
    puts [CkScMinidriver_lastErrorText $scmd]
    delete_CkScMinidriver $scmd
    exit
}

# If successful, the name of the currently inserted smart card is available:
puts "Card name: [CkScMinidriver_cardName $scmd]"

# The IDPRime MD smart card has 4 different PIN roles:
# "user" -- Primary Card PIN
# "admin" -- Administrator PIN
# "3" -- Digital Signature PIN
# "4" -- Unblock only PIN (PUK)
# To import a certificate to the "IDPrime MD T=0" smart card, we must first PIN authenticate using "user", and then also PIN authenticate using "3" (the Digital Signature PIN)
set pinId "user"
# (Of course, use your PIN which may be different than "0000")
set retval [CkScMinidriver_PinAuthenticate $scmd $pinId "0000"]
if {$retval != 0} then {
    puts "PIN Authentication failed."
    CkScMinidriver_DeleteContext $scmd
    delete_CkScMinidriver $scmd
    exit
}

set cert [new_CkCert]

# Load the cert + private key from a .p12/.pfx
# We got this .p12 from https://badssl.com/download/
set password "badssl.com"
set success [CkCert_LoadPfxFile $cert "qa_data/pfx/badssl.com-client.p12" $password]
if {$success == 0} then {
    puts [CkCert_lastErrorText $cert]
    CkScMinidriver_DeleteContext $scmd
    delete_CkScMinidriver $scmd
    delete_CkCert $cert
    exit
}

# Also authenticate using "3", the digital signature PIN.
# (Of course, use your PIN which may be different than "12345678")
set retval [CkScMinidriver_PinAuthenticate $scmd "3" "12345678"]
if {$retval != 0} then {
    puts "PIN Authentication failed."
    CkScMinidriver_DeleteContext $scmd
    delete_CkScMinidriver $scmd
    delete_CkCert $cert
    exit
}

# Let's import this certificate as the "signature" key/cert in key container #6.
set containerIndex 6
set keySpec "sig"
# Note the last argument (the pin ID) is "3".  This is the required PIN ID for the IDPrime MD T=0 smart card.
set success [CkScMinidriver_ImportCert $scmd $cert $containerIndex $keySpec "3"]
if {$success == 0} then {
    puts [CkScMinidriver_lastErrorText $scmd]
} else {
    puts "Successfully imported the cert + private key onto the smart card."
}

# Delete the context when finished with the card.
set success [CkScMinidriver_DeleteContext $scmd]
if {$success == 0} then {
    puts [CkScMinidriver_lastErrorText $scmd]
}


delete_CkScMinidriver $scmd
delete_CkCert $cert