(Tcl) RSA Sign String using Private Key of Certificate Type A3 (smart card / token)

Demonstrates RSA signing a string using the private key of a certificate type A3 (smart card, token).

Note: This is a Windows-only example.

Chilkat Tcl Extension Downloads Chilkat Tcl Extension Downloads

load ./chilkat.dll

# First get the A3 certificate that was installed on the Windows system.
set certStore [new_CkCertStore]

set thumbprint "12c1dd8015f3f03f7b1fa619dc24e2493ca8b4b2"

# This is specific to Windows because it is opening the Windows Current-User certificate store.
set bReadOnly 1
set success [CkCertStore_OpenCurrentUserStore $certStore $bReadOnly]
if {$success != 1} then {
    puts [CkCertStore_lastErrorText $certStore]
    delete_CkCertStore $certStore
    exit
}

# Find the certificate with the desired thumbprint
# (There are many ways to locate a certificate.  This example chooses to find by thumbprint.)
# cert is a CkCert
set cert [CkCertStore_FindCertBySha1Thumbprint $certStore $thumbprint]
if {[CkCertStore_get_LastMethodSuccess $certStore] != 1} then {
    puts "Failed to find the certificate."
    delete_CkCertStore $certStore
    exit
}

puts "Found: [CkCert_subjectCN $cert]"

set rsa [new_CkRsa]

# Provide the cert's private key
set bUsePrivateKey 1
set success [CkRsa_SetX509Cert $rsa $cert $bUsePrivateKey]
delete_CkCert $cert

if {$success != 1} then {
    puts [CkRsa_lastErrorText $rsa]
    delete_CkCertStore $certStore
    delete_CkRsa $rsa
    exit
}

# Return the RSA signature in base64 encoded form.
CkRsa_put_EncodingMode $rsa "base64"

# Sign the utf-8 byte representation of the string.
CkRsa_put_Charset $rsa "utf-8"

# You can also choose other hash algorithms, such as SHA-1.
set sigBase64 [CkRsa_signStringENC $rsa "text to sign" "SHA-256"]
if {[CkRsa_get_LastMethodSuccess $rsa] != 1} then {
    puts [CkRsa_lastErrorText $rsa]
    delete_CkCertStore $certStore
    delete_CkRsa $rsa
    exit
}

puts "Base64 signature: $sigBase64"

delete_CkCertStore $certStore
delete_CkRsa $rsa