Sample code for 30+ languages & platforms
Classic ASP

RSA Sign using a Private Key on a USB Token or Smartcard

See more Apple Keychain Examples

Create an RSA signature using a private key stored on a USB token or smartcard.

Note: On MacOS and iOS, this example requires Chilkat v10.1.2 or later when the Apple Keychain is used as the underlying means to do the signing.

Chilkat Classic ASP Downloads

Classic ASP
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<%
success = 0

' Assuming the smartcard/USB token is installed with the correct drivers from the manufacturer,
' this code can work on multiple platforms including Windows, MacOS, Linux, and iOS.

' Chilkat automatically detects and determines the way in which the HSM is used,
' which can be by PKCS11, Apple Keychain, Microsoft CNG / Crypto API, or ScMinidriver.

set cert = Server.CreateObject("Chilkat.Cert")

' Set the token/smartcard PIN prior to loading.
cert.SmartCardPin = "123456"

' Specify the certificate by its common name.
success = cert.LoadFromSmartcard("cn=chilkat-rsa-2048")
If (success = 0) Then
    Response.Write "<pre>" & Server.HTMLEncode( cert.LastErrorText) & "</pre>"
    Response.End
End If

Response.Write "<pre>" & Server.HTMLEncode( "Signing with cert: " & cert.SubjectCN) & "</pre>"

' Create data to be hashed and signed.
set bd = Server.CreateObject("Chilkat.BinData")

For i = 0 To 100
    success = bd.AppendEncoded("000102030405060708090A0B0C0D0E0F","hex")
Next

set rsa = Server.CreateObject("Chilkat.Rsa")

' Use the certificate's private key for signing.
success = rsa.SetX509Cert(cert,1)
If (success = 0) Then
    Response.Write "<pre>" & Server.HTMLEncode( rsa.LastErrorText) & "</pre>"
    Response.End
End If

' Sign the SHA-256 hash of the contents of bd.
set bdSig = Server.CreateObject("Chilkat.BinData")
success = rsa.SignBd(bd,"sha256",bdSig)
If (success = 0) Then
    Response.Write "<pre>" & Server.HTMLEncode( rsa.LastErrorText) & "</pre>"
    Response.End
End If

' The RSA signature is equal in length to the size of the RSA key.
Response.Write "<pre>" & Server.HTMLEncode( "Output signature size in bits = " & bdSig.NumBytes * 8) & "</pre>"

' We can save the signature for later verification..
success = bdSig.WriteFile("rsaSignatures/test1.sig")

' See the example to verify the RSA signature:
' Verfies an RSA Signature

%>
</body>
</html>