|
Chilkat • HOME • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi DLL • Go • Java • Node.js • Objective-C • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(Tcl) PKCS11 Generate Secret Key (such as AES)See more PKCS11 ExamplesGenerates a symmetric secret key such as AES on the HSM.Note: This example requires Chilkat v9.5.0.96 or later.
load ./chilkat.dll # This example requires the Chilkat API to have been previously unlocked. # See Global Unlock Sample for sample code. # Note: Chilkat's PKCS11 implementation runs on Windows, Linux, Mac OS X, and other supported operating systems. set pkcs11 [new_CkPkcs11] # Use the PKCS11 driver (.dll, .so, .dylib) for your particular HSM. # (The format of the path will change with the operating system. Obviously, "C:/" is not used on non-Windows systems. CkPkcs11_put_SharedLibPath $pkcs11 "C:/Program Files (x86)/Gemalto/IDGo 800 PKCS#11/IDPrimePKCS1164.dll" # Establish a logged-on session. set pin "0000" set userType 1 set success [CkPkcs11_QuickSession $pkcs11 $userType $pin] if {$success == 0} then { puts [CkPkcs11_lastErrorText $pkcs11] delete_CkPkcs11 $pkcs11 exit } # Let's generate a 256-bit AES key on the token, which will exist for the duration of this session. # Symmetric keys, such as AES keys, are typically created (or imported) and used during a single session. # Other possible values for keyType are "AES XTS", "Blowfish", "Twofish", "ChaCha20", and others. # In virtually all cases, you'll want to create an AES key. set keyType "AES" # Specify attributes and abilities (how this key can be used) by providing a JSON template. set json [new_CkJsonObject] # The key can be extracted or wrapped. CkJsonObject_UpdateBool $json "extractable" 1 # Allow the key to be used for encryption, decryption, wrapping other keys, and unwrapping other keys. CkJsonObject_UpdateBool $json "encrypt" 1 CkJsonObject_UpdateBool $json "decrypt" 1 CkJsonObject_UpdateBool $json "wrap" 1 CkJsonObject_UpdateBool $json "unwrap" 1 # Indicate a 256-bit AES key is to be generated by setting the value_len attribute equal to the key size in bytes. # (32 bytes * 8 bits/byte = 256 bits) CkJsonObject_UpdateInt $json "value_len" 32 set keyHandle [CkPkcs11_GenSecretKey $pkcs11 $keyType $json] if {$keyHandle == 0} then { puts [CkPkcs11_lastErrorText $pkcs11] puts "Failed to generate an AES key." } else { puts "key handle = $keyHandle" puts "Success." } CkPkcs11_Logout $pkcs11 CkPkcs11_CloseSession $pkcs11 delete_CkPkcs11 $pkcs11 delete_CkJsonObject $json |
||||
© 2000-2025 Chilkat Software, Inc. All Rights Reserved.