Chilkat HOME .NET Core C# Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi ActiveX Delphi DLL Go Java Lianja Mono C# Node.js Objective-C PHP ActiveX PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(Unicode C) Import an SSH Key to an HSM using PKCS11See more PKCS11 ExamplesDemonstrates how to import an SSH private key to an HSM (smartcard or token). Note: This example requires Chilkat v9.5.0.96 or later.
#include <C_CkPkcs11W.h> #include <C_CkJsonObjectW.h> #include <C_CkSshKeyW.h> void ChilkatSample(void) { HCkPkcs11W pkcs11; const wchar_t *pin; int userType; BOOL success; HCkJsonObjectW jsonTemplate; HCkSshKeyW sshKey; const wchar_t *ppkContents; unsigned long privKeyHandle; // This example requires the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. // Note: Chilkat's PKCS11 implementation runs on Windows, Linux, Mac OS X, and other supported operating systems. pkcs11 = CkPkcs11W_Create(); // Use the PKCS11 driver (.dll, .so, .dylib) for your particular HSM. // For example: CkPkcs11W_putSharedLibPath(pkcs11,L"C:/Program Files (x86)/Gemalto/IDGo 800 PKCS#11/IDPrimePKCS11.dll"); // Use your HSM's PIN. pin = L"0000"; // Normal user = 1 userType = 1; // Establish a logged-on user session with the HSM. success = CkPkcs11W_QuickSession(pkcs11,userType,pin); if (success == FALSE) { wprintf(L"%s\n",CkPkcs11W_lastErrorText(pkcs11)); CkPkcs11W_Dispose(pkcs11); return; } // Create a PKCS11 template for importing the SSH key. jsonTemplate = CkJsonObjectW_Create(); // Indicate the key is to be stored on the token (i.e. it is not a session-only key) CkJsonObjectW_UpdateBool(jsonTemplate,L"token",TRUE); // The key should have the ability to sign CkJsonObjectW_UpdateBool(jsonTemplate,L"sign",TRUE); // Let's provide a few attributes to help us find the this key at a later time. // See SSH Public-Key Authentication using an HSM // The ID is byte data, so it should be base64 or hex. // Specify "id" if passing base64 data, "id_hex" for hexidecimal, or "id_ascii" for directly copying the ascii bytes of the string. // You can provide any ID of your choice. It is optional. CkJsonObjectW_UpdateString(jsonTemplate,L"id_hex",L"0A0B0C0D01020304"); // Optionally specify a label. CkJsonObjectW_UpdateString(jsonTemplate,L"label",L"MySshKey"); // Load the SSH key to be imported to the HSM (smartcard or token) sshKey = CkSshKeyW_Create(); CkSshKeyW_putPassword(sshKey,L"password_of_the_encrypted_ppk_file"); ppkContents = CkSshKeyW_loadText(sshKey,L"c:/my_ssh_keys/someSshKey.ppk"); success = CkSshKeyW_FromPuttyPrivateKey(sshKey,ppkContents); if (success == FALSE) { wprintf(L"%s\n",CkSshKeyW_lastErrorText(sshKey)); CkPkcs11W_Dispose(pkcs11); CkJsonObjectW_Dispose(jsonTemplate); CkSshKeyW_Dispose(sshKey); return; } // Import the SSH private key onto the HSM. // The PKCS11 handle to the imported private key is returned. // A 0 is returned on failure. privKeyHandle = CkPkcs11W_ImportSshKey(pkcs11,sshKey,jsonTemplate); if (privKeyHandle == 0) { wprintf(L"%s\n",CkPkcs11W_lastErrorText(pkcs11)); CkPkcs11W_Dispose(pkcs11); CkJsonObjectW_Dispose(jsonTemplate); CkSshKeyW_Dispose(sshKey); return; } // The private key handle is only valid during the PKCS11 session. // If you wish to use the private key in another PKCS11 session, // you'll first need to find it. See SSH Public-Key Authentication using a Smartcard wprintf(L"private key handle: %u\n",privKeyHandle); wprintf(L"Successfully imported the SSH key onto the HSM.\n"); CkPkcs11W_Logout(pkcs11); CkPkcs11W_CloseSession(pkcs11); CkPkcs11W_Dispose(pkcs11); CkJsonObjectW_Dispose(jsonTemplate); CkSshKeyW_Dispose(sshKey); } |
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.