Sample code for 30+ languages & platforms
Xojo Plugin

Yubikey RSA Encrypt/Decrypt

See more RSA Examples

Demonstrates how to do RSA decryption using a private key stored on a Yubikey (or other USB token or smartcard).

Note: RSA encryption uses the public key, which is freely exportable and does not need to occur on the token/smartcard.

Chilkat Xojo Plugin Downloads

Xojo Plugin
Dim success As Boolean
success = False

// This example assumes you have a certificate with private key on the Yubikey token.
// When doing simple RSA encryption/decryption, we don't actually need the certificate,
// but we'll be using the private key associated with the certificate.
// 
// The sensitive/secret material that needs to be kept private is the private key.
// The certificate itself and the public key can be freely shared.
// 

// We're going to encrypt and decrypt 32-bytes of data.
Dim bd As New Chilkat.BinData
success = bd.AppendEncoded("000102030405060708090A0B0C0D0E0F","hex")
success = bd.AppendEncoded("000102030405060708090A0B0C0D0E0F","hex")

// Let's get the desired cert.
// For this example, a self-signed certificate with a 2048-bit RSA key was generated in slot 9A.
Dim cert As New Chilkat.Cert

// Force Chilkat to use PKCS11 over ScMinidriver (if on Windows) and Apple Keychain (if on MacOS)
cert.UncommonOptions = "NoScMinidriver,NoAppleKeychain"

cert.SmartCardPin = "123456"

success = cert.LoadFromSmartcard("cn=chilkat_test_2048")
If (success = False) Then
    System.DebugLog(cert.LastErrorText)
    Return
End If

// RSA encrypt using the public key.
Dim rsa As New Chilkat.Rsa

// Provide the RSA object with the certificate on the Yubkey.
success = rsa.SetX509Cert(cert,True)
If (success = False) Then
    System.DebugLog(rsa.LastErrorText)
    Return
End If

// RSA encrypt using the public key.
Dim usePrivateKey As Boolean
usePrivateKey = False
success = rsa.EncryptBd(bd,usePrivateKey)
If (success = False) Then
    System.DebugLog(rsa.LastErrorText)
    Return
End If

System.DebugLog("RSA Encrypted Output in Hex:")
System.DebugLog(bd.GetEncoded("hex"))

// Now let's decrypt, using the private key on the Yubikey.
usePrivateKey = True
success = rsa.DecryptBd(bd,usePrivateKey)
If (success = False) Then
    System.DebugLog(rsa.LastErrorText)
    Return
End If

System.DebugLog("RSA Decrypted Output in Hex:")
System.DebugLog(bd.GetEncoded("hex"))