Sample code for 30+ languages & platforms
Java

Yubikey RSA Encrypt/Decrypt

See more RSA Examples

Demonstrates how to do RSA decryption using a private key stored on a Yubikey (or other USB token or smartcard).

Note: RSA encryption uses the public key, which is freely exportable and does not need to occur on the token/smartcard.

Chilkat Java Downloads

Java
import com.chilkatsoft.*;

public class ChilkatExample {

  static {
    try {
        System.loadLibrary("chilkat");
    } catch (UnsatisfiedLinkError e) {
      System.err.println("Native code library failed to load.\n" + e);
      System.exit(1);
    }
  }

  public static void main(String argv[])
  {
    boolean success = false;

    // This example assumes you have a certificate with private key on the Yubikey token.
    // When doing simple RSA encryption/decryption, we don't actually need the certificate,
    // but we'll be using the private key associated with the certificate.
    // 
    // The sensitive/secret material that needs to be kept private is the private key.
    // The certificate itself and the public key can be freely shared.
    // 

    // We're going to encrypt and decrypt 32-bytes of data.
    CkBinData bd = new CkBinData();
    success = bd.AppendEncoded("000102030405060708090A0B0C0D0E0F","hex");
    success = bd.AppendEncoded("000102030405060708090A0B0C0D0E0F","hex");

    // Let's get the desired cert.
    // For this example, a self-signed certificate with a 2048-bit RSA key was generated in slot 9A.
    CkCert cert = new CkCert();

    // Force Chilkat to use PKCS11 over ScMinidriver (if on Windows) and Apple Keychain (if on MacOS)
    cert.put_UncommonOptions("NoScMinidriver,NoAppleKeychain");

    cert.put_SmartCardPin("123456");

    success = cert.LoadFromSmartcard("cn=chilkat_test_2048");
    if (success == false) {
        System.out.println(cert.lastErrorText());
        return;
        }

    // RSA encrypt using the public key.
    CkRsa rsa = new CkRsa();

    // Provide the RSA object with the certificate on the Yubkey.
    success = rsa.SetX509Cert(cert,true);
    if (success == false) {
        System.out.println(rsa.lastErrorText());
        return;
        }

    // RSA encrypt using the public key.
    boolean usePrivateKey = false;
    success = rsa.EncryptBd(bd,usePrivateKey);
    if (success == false) {
        System.out.println(rsa.lastErrorText());
        return;
        }

    System.out.println("RSA Encrypted Output in Hex:");
    System.out.println(bd.getEncoded("hex"));

    // Now let's decrypt, using the private key on the Yubikey.
    usePrivateKey = true;
    success = rsa.DecryptBd(bd,usePrivateKey);
    if (success == false) {
        System.out.println(rsa.lastErrorText());
        return;
        }

    System.out.println("RSA Decrypted Output in Hex:");
    System.out.println(bd.getEncoded("hex"));
  }
}