Sample code for 30+ languages & platforms
Tcl

ScMinidriver - Load Certificate from Smart Card or USB Token by Index

See more ScMinidriver Examples

Demonstrates how to load a certificate located on a smart card or USB token by key container index.

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
set scmd [new_CkScMinidriver]

# Reader names (smart card readers or USB tokens) can be discovered
# via List Readers or Find Smart Cards
set readerName "SCM Microsystems Inc. SCR33x USB Smart Card Reader 0"
set success [CkScMinidriver_AcquireContext $scmd $readerName]
if {$success == 0} then {
    puts [CkScMinidriver_lastErrorText $scmd]
    delete_CkScMinidriver $scmd
    exit
}

# If successful, the name of the currently inserted smart card is available:
puts "Card name: [CkScMinidriver_cardName $scmd]"

# If desired, perform regular PIN authentication with the smartcard.
# For more details about smart card PIN authentication, see the Smart Card PIN Authentication Example
set retval [CkScMinidriver_PinAuthenticate $scmd "user" "000000"]
if {$retval != 0} then {
    puts "PIN Authentication failed."
}

set cert [new_CkCert]

# We can pass a specific key container index, or -1 to locate the 1st non-empty container containing a certificate and private key.
set keyContainerIndex -1
# keySpec can be "kex" or "sig" to indicate the key-exchange or signature position within the container.
# keySpec can also be "any" to accept either position, with preference given to the "sig" position if both are occupied.
set keySpec "any"
set success [CkScMinidriver_GetCert $scmd $keyContainerIndex $keySpec $cert]
if {$success == 0} then {
    puts "Failed to load the certificate."
} else {
    puts "Successfully loaded the cert object from the smart card / USB token."

    # Note: When successful, the cert object is internally linked to the ScMinidriver object's authenticated session.
    # The cert object can now be used to sign or do other cryptographic operations that occur on the smart card / USB token.
    # If your application calls PinDeauthenticate or DeleteContext, the cert will no longer be able to sign on the smart card
    # because the smart card ScMinidriver session will no longer be authenticated or deleted.
}

# ...
# ...
# ...

# When finished with operations that required authentication, you may if you wish, deauthenticate the session.
set success [CkScMinidriver_PinDeauthenticate $scmd "user"]
if {$success == 0} then {
    puts [CkScMinidriver_lastErrorText $scmd]
}

# Delete the context when finished with the card.
set success [CkScMinidriver_DeleteContext $scmd]
if {$success == 0} then {
    puts [CkScMinidriver_lastErrorText $scmd]
}


delete_CkScMinidriver $scmd
delete_CkCert $cert