Sample code for 30+ languages & platforms
Pascal (Lazarus/Delphi)

Use a Smart Card Certificate + Private Key for SSL/TLS Authentication

See more ScMinidriver Examples

Demonstrates how to use a certificate + private key located on a smart card for the TLS client certificate in an HTTPS request.

Note: This example only works on Windows. ScMinidriver is a Windows-specific smart card and USB token minidriver that enables smart card authentication and cryptographic operations within Windows operating systems.

Chilkat Pascal (Lazarus/Delphi) Downloads

Pascal (Lazarus/Delphi)
program ChilkatDemo;

// Demonstrates using the Chilkat Pascal wrapper via the C bridge DLL.
// Builds as a console application under Lazarus (FPC) or Delphi.

{$IFDEF FPC}
  {$MODE DELPHI}
{$ENDIF}
{$APPTYPE CONSOLE}

uses
  {$IFDEF UNIX}
  cthreads,
  {$ENDIF}
  SysUtils,
  CkDllLoader,
  Chilkat.Http,
  Chilkat.Cert,
  Chilkat.ScMinidriver;

// ---------------------------------------------------------------------------

procedure RunDemo;
var
  success: Boolean;
  scmd: TScMinidriver;
  readerName: string;
  retval: Integer;
  certPart: string;
  partValue: string;
  cert: TCert;
  http: THttp;
  responseBody: string;

begin
  success := False;

  //  This example requires the Chilkat API to have been previously unlocked.
  //  See Global Unlock Sample for sample code.

  scmd := TScMinidriver.Create;

  //  Reader names (smart card readers or USB tokens) can be discovered
  //  via List Readers or Find Smart Cards
  readerName := 'SCM Microsystems Inc. SCR33x USB Smart Card Reader 0';
  success := scmd.AcquireContext(readerName);
  if (success = False) then
    begin
      WriteLn(scmd.LastErrorText);
      Exit;
    end;

  //  If successful, the name of the currently inserted smart card is available:
  WriteLn('Card name: ' + scmd.CardName);

  //  If desired, perform regular PIN authentication with the smartcard.
  //  For more details about smart card PIN authentication, see the Smart Card PIN Authentication Example
  retval := scmd.PinAuthenticate('user','000000');
  if (retval <> 0) then
    begin
      WriteLn('PIN Authentication failed.');
    end;

  //  You can find a cerficate using any of the following certificate parts:
  //  "subjectDN" -- The full distinguished name of the cert.
  //  "subjectDN_withTags" -- Same as above, but in a format that includes the subject part tags, such as the "CN=" in "CN=something"
  //  "subjectCN" -- The common name part (CN) of the certificate's subject.
  //  "serial" -- The certificate serial number.
  //  "serial:issuerCN" -- The certificate serial number + the issuer's common name, delimited with a colon char.
  //  These are the same certificate parts that can be retrieved by listing certificates on the smart card (or USB token).
  //  See List Certificates on Smart Card Example
  certPart := 'subjectCN';
  partValue := 'BadSSL Client Certificate';

  //  If the certificate is found, it is loaded into the cert object.
  //  Note: We imported this certificate from a .p12/.pfx using this Example to Import a .pfx/.p12 onto a Smart Card
  cert := TCert.Create;
  success := scmd.FindCert(certPart,partValue,cert);
  if (success = False) then
    begin
      WriteLn('Failed to find the certificate.');
      scmd.DeleteContext();
      Exit;
    end;

  WriteLn('Successfully loaded the cert object from the smart card / USB token.');

  //  Note: When successful, the cert object is internally linked to the ScMinidriver object's authenticated session.
  //  The cert object can now be used to sign or do other cryptographic operations that occur on the smart card / USB token.
  //  If your application calls PinDeauthenticate or DeleteContext, the cert will no longer be able to sign on the smart card
  //  because the smart card ScMinidriver session will no longer be authenticated or deleted.

  //  ------------------------------------------------------------------------------------------------------------

  //  Send an HTTPS request to https://client.badssl.com
  //  https://client.badssl.com (part of the badssl.com service) lets you test authentication using client SSL certificates. 
  //  The client certificate can be downloaded from https://badssl.com/download/.
  //  This server returns 200 OK if the correct client certificate is provided, and 400 Bad Request otherwise.

  http := THttp.Create;

  //  Provide the client certificate (linked internally to our authenticated smartcard session)
  success := http.SetSslClientCert(cert);
  if (success = False) then
    begin
      WriteLn(http.LastErrorText);
      scmd.DeleteContext();
      Exit;
    end;

  responseBody := http.QuickGetStr('https://client.badssl.com/');
  if (http.LastMethodSuccess = False) then
    begin
      WriteLn(http.LastErrorText);
      scmd.DeleteContext();
      Exit;
    end;

  WriteLn('Response status code: ' + http.LastStatus);
  WriteLn('Response body: ');
  WriteLn(responseBody);

  //  ------------------------------------------------------------------------------------------------------------
  //  Cleanup our ScMinidriver session...

  //  When finished with operations that required authentication, you may if you wish, deauthenticate the session.
  success := scmd.PinDeauthenticate('user');
  if (success = False) then
    begin
      WriteLn(scmd.LastErrorText);
    end;

  //  Delete the context when finished with the card.
  success := scmd.DeleteContext();
  if (success = False) then
    begin
      WriteLn(scmd.LastErrorText);
    end;


  scmd.Free;
  cert.Free;
  http.Free;

end;

// ---------------------------------------------------------------------------

begin

  try
    RunDemo;
  except
    on E: Exception do
      WriteLn('Unhandled exception: ', E.ClassName, ': ', E.Message);
  end;

  WriteLn;
  {$IFDEF MSWINDOWS}
  WriteLn('Press Enter to exit...');
  ReadLn;
  {$ENDIF}
end.