Sample code for 30+ languages & platforms
Unicode C

Yubikey RSA Encrypt/Decrypt

See more RSA Examples

Demonstrates how to do RSA decryption using a private key stored on a Yubikey (or other USB token or smartcard).

Note: RSA encryption uses the public key, which is freely exportable and does not need to occur on the token/smartcard.

Chilkat Unicode C Downloads

Unicode C
#include <C_CkBinDataW.h>
#include <C_CkCertW.h>
#include <C_CkRsaW.h>

void ChilkatSample(void)
    {
    BOOL success;
    HCkBinDataW bd;
    HCkCertW cert;
    HCkRsaW rsa;
    BOOL usePrivateKey;

    success = FALSE;

    // This example assumes you have a certificate with private key on the Yubikey token.
    // When doing simple RSA encryption/decryption, we don't actually need the certificate,
    // but we'll be using the private key associated with the certificate.
    // 
    // The sensitive/secret material that needs to be kept private is the private key.
    // The certificate itself and the public key can be freely shared.
    // 

    // We're going to encrypt and decrypt 32-bytes of data.
    bd = CkBinDataW_Create();
    success = CkBinDataW_AppendEncoded(bd,L"000102030405060708090A0B0C0D0E0F",L"hex");
    success = CkBinDataW_AppendEncoded(bd,L"000102030405060708090A0B0C0D0E0F",L"hex");

    // Let's get the desired cert.
    // For this example, a self-signed certificate with a 2048-bit RSA key was generated in slot 9A.
    cert = CkCertW_Create();

    // Force Chilkat to use PKCS11 over ScMinidriver (if on Windows) and Apple Keychain (if on MacOS)
    CkCertW_putUncommonOptions(cert,L"NoScMinidriver,NoAppleKeychain");

    CkCertW_putSmartCardPin(cert,L"123456");

    success = CkCertW_LoadFromSmartcard(cert,L"cn=chilkat_test_2048");
    if (success == FALSE) {
        wprintf(L"%s\n",CkCertW_lastErrorText(cert));
        CkBinDataW_Dispose(bd);
        CkCertW_Dispose(cert);
        return;
    }

    // RSA encrypt using the public key.
    rsa = CkRsaW_Create();

    // Provide the RSA object with the certificate on the Yubkey.
    success = CkRsaW_SetX509Cert(rsa,cert,TRUE);
    if (success == FALSE) {
        wprintf(L"%s\n",CkRsaW_lastErrorText(rsa));
        CkBinDataW_Dispose(bd);
        CkCertW_Dispose(cert);
        CkRsaW_Dispose(rsa);
        return;
    }

    // RSA encrypt using the public key.
    usePrivateKey = FALSE;
    success = CkRsaW_EncryptBd(rsa,bd,usePrivateKey);
    if (success == FALSE) {
        wprintf(L"%s\n",CkRsaW_lastErrorText(rsa));
        CkBinDataW_Dispose(bd);
        CkCertW_Dispose(cert);
        CkRsaW_Dispose(rsa);
        return;
    }

    wprintf(L"RSA Encrypted Output in Hex:\n");
    wprintf(L"%s\n",CkBinDataW_getEncoded(bd,L"hex"));

    // Now let's decrypt, using the private key on the Yubikey.
    usePrivateKey = TRUE;
    success = CkRsaW_DecryptBd(rsa,bd,usePrivateKey);
    if (success == FALSE) {
        wprintf(L"%s\n",CkRsaW_lastErrorText(rsa));
        CkBinDataW_Dispose(bd);
        CkCertW_Dispose(cert);
        CkRsaW_Dispose(rsa);
        return;
    }

    wprintf(L"RSA Decrypted Output in Hex:\n");
    wprintf(L"%s\n",CkBinDataW_getEncoded(bd,L"hex"));


    CkBinDataW_Dispose(bd);
    CkCertW_Dispose(cert);
    CkRsaW_Dispose(rsa);

    }