Sample code for 30+ languages & platforms
Pascal (Lazarus/Delphi)

RSA Sign String using Private Key of Certificate Type A3 (smart card / token)

See more RSA Examples

Demonstrates RSA signing a string using the private key of a certificate type A3 (smart card, token).

Note: This is a Windows-only example.

Chilkat Pascal (Lazarus/Delphi) Downloads

Pascal (Lazarus/Delphi)
program ChilkatDemo;

// Demonstrates using the Chilkat Pascal wrapper via the C bridge DLL.
// Builds as a console application under Lazarus (FPC) or Delphi.

{$IFDEF FPC}
  {$MODE DELPHI}
{$ENDIF}
{$APPTYPE CONSOLE}

uses
  {$IFDEF UNIX}
  cthreads,
  {$ENDIF}
  SysUtils,
  CkDllLoader,
  Chilkat.Rsa,
  Chilkat.Cert,
  Chilkat.CertStore,
  Chilkat.JsonObject;

// ---------------------------------------------------------------------------

procedure RunDemo;
var
  success: Boolean;
  certStore: TCertStore;
  thumbprint: string;
  bReadOnly: Boolean;
  json: TJsonObject;
  cert: TCert;
  rsa: TRsa;
  bUsePrivateKey: Boolean;
  sigBase64: string;

begin
  success := False;

  //  First get the A3 certificate that was installed on the Windows system.
  certStore := TCertStore.Create;

  thumbprint := '12c1dd8015f3f03f7b1fa619dc24e2493ca8b4b2';

  //  This is specific to Windows because it is opening the Windows Current-User certificate store.
  bReadOnly := True;
  success := certStore.OpenCurrentUserStore(bReadOnly);
  if (success <> True) then
    begin
      WriteLn(certStore.LastErrorText);
      Exit;
    end;

  //  Find the certificate with the desired thumbprint
  //  (There are many ways to locate a certificate.  This example chooses to find by thumbprint.)
  json := TJsonObject.Create;
  json.UpdateString('thumbprint',thumbprint);

  cert := TCert.Create;
  success := certStore.FindCert(json,cert);
  if (success = False) then
    begin
      WriteLn('Failed to find the certificate.');
      Exit;
    end;

  WriteLn('Found: ' + cert.SubjectCN);

  rsa := TRsa.Create;

  //  Provide the cert's private key
  bUsePrivateKey := True;
  success := rsa.SetX509Cert(cert,bUsePrivateKey);
  if (success <> True) then
    begin
      WriteLn(rsa.LastErrorText);
      Exit;
    end;

  //  Return the RSA signature in base64 encoded form.
  rsa.EncodingMode := 'base64';

  //  Sign the utf-8 byte representation of the string.
  rsa.Charset := 'utf-8';

  //  You can also choose other hash algorithms, such as SHA-1.
  sigBase64 := rsa.SignStringENC('text to sign','SHA-256');
  if (rsa.LastMethodSuccess <> True) then
    begin
      WriteLn(rsa.LastErrorText);
      Exit;
    end;

  WriteLn('Base64 signature: ' + sigBase64);


  certStore.Free;
  json.Free;
  cert.Free;
  rsa.Free;

end;

// ---------------------------------------------------------------------------

begin

  try
    RunDemo;
  except
    on E: Exception do
      WriteLn('Unhandled exception: ', E.ClassName, ': ', E.Message);
  end;

  WriteLn;
  {$IFDEF MSWINDOWS}
  WriteLn('Press Enter to exit...');
  ReadLn;
  {$ENDIF}
end.