(JavaScript) SSH HSM Public Key Authentication
Demonstrates how to authenticate with an SSH server using public key authentication using an HSM (USB token or smartcard).
var success = false;
// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// Note: Chilkat's PKCS11 implementation runs on Windows, Linux, MacOs, and other supported operating systems.
var pkcs11 = new CkPkcs11();
// This would be a path to a .dylib on MacOS, or a path to a .so shared lib on Linux.
pkcs11.SharedLibPath = "C:/Program Files (x86)/Gemalto/IDGo 800 PKCS#11/IDPrimePKCS1164.dll";
var pin = "0000";
var userType = 1;
// Establish a PKCS11 logged-on session using the driver (.so, .dylib, or .dll) as specified in the SharedLibPath above.
success = pkcs11.QuickSession(userType,pin);
if (success == false) {
console.log(pkcs11.LastErrorText);
return;
}
// Set PKCS11 attributes to find our desired private key object.
var json = new CkJsonObject();
json.UpdateString("class","private_key");
json.UpdateString("label","MySshKey");
// Get the PKCS11 handle to the private key located on the HSM.
var priv_handle = pkcs11.FindObject(json);
// Get the PKCS11 handle to the corresponding public key located on the HSM.
json.UpdateString("class","public_key");
var pub_handle = pkcs11.FindObject(json);
var key = new CkSshKey();
// The key type can be "rsa" or "ec"
var keyType = "rsa";
success = key.UsePkcs11(pkcs11,priv_handle,pub_handle,keyType);
if (success == false) {
console.log(key.LastErrorText);
return;
}
var ssh = new CkSsh();
success = ssh.Connect("example.com",22);
if (success !== true) {
console.log(ssh.LastErrorText);
return;
}
// Authenticate with the SSH server using the login and
// HSM private key. (The corresponding public key should've
// been installed on the SSH server beforehand.)
success = ssh.AuthenticatePk("myLogin",key);
if (success !== true) {
console.log(ssh.LastErrorText);
return;
}
console.log("Public-Key Authentication Successful!");
|
