Sample code for 30+ languages & platforms
Pascal (Lazarus/Delphi)

RSA Sign using a Private Key on a USB Token or Smartcard

See more Apple Keychain Examples

Create an RSA signature using a private key stored on a USB token or smartcard.

Note: On MacOS and iOS, this example requires Chilkat v10.1.2 or later when the Apple Keychain is used as the underlying means to do the signing.

Chilkat Pascal (Lazarus/Delphi) Downloads

Pascal (Lazarus/Delphi)
program ChilkatDemo;

// Demonstrates using the Chilkat Pascal wrapper via the C bridge DLL.
// Builds as a console application under Lazarus (FPC) or Delphi.

{$IFDEF FPC}
  {$MODE DELPHI}
{$ENDIF}
{$APPTYPE CONSOLE}

uses
  {$IFDEF UNIX}
  cthreads,
  {$ENDIF}
  SysUtils,
  CkDllLoader,
  Chilkat.BinData,
  Chilkat.Rsa,
  Chilkat.Cert;

// ---------------------------------------------------------------------------

procedure RunDemo;
var
  success: Boolean;
  cert: TCert;
  bd: TBinData;
  i: Integer;
  rsa: TRsa;
  bdSig: TBinData;

begin
  success := False;

  //  Assuming the smartcard/USB token is installed with the correct drivers from the manufacturer,
  //  this code can work on multiple platforms including Windows, MacOS, Linux, and iOS.

  //  Chilkat automatically detects and determines the way in which the HSM is used,
  //  which can be by PKCS11, Apple Keychain, Microsoft CNG / Crypto API, or ScMinidriver.

  cert := TCert.Create;

  //  Set the token/smartcard PIN prior to loading.
  cert.SmartCardPin := '123456';

  //  Specify the certificate by its common name.
  success := cert.LoadFromSmartcard('cn=chilkat-rsa-2048');
  if (success = False) then
    begin
      WriteLn(cert.LastErrorText);
      Exit;
    end;

  WriteLn('Signing with cert: ' + cert.SubjectCN);

  //  Create data to be hashed and signed.
  bd := TBinData.Create;

  for i := 0 to 100 do
    begin
      bd.AppendEncoded('000102030405060708090A0B0C0D0E0F','hex');
    end;

  rsa := TRsa.Create;

  //  Use the certificate's private key for signing.
  success := rsa.SetX509Cert(cert,True);
  if (success = False) then
    begin
      WriteLn(rsa.LastErrorText);
      Exit;
    end;

  //  Sign the SHA-256 hash of the contents of bd.
  bdSig := TBinData.Create;
  success := rsa.SignBd(bd,'sha256',bdSig);
  if (success = False) then
    begin
      WriteLn(rsa.LastErrorText);
      Exit;
    end;

  //  The RSA signature is equal in length to the size of the RSA key.
  WriteLn('Output signature size in bits = ' + bdSig.NumBytes * 8);

  //  We can save the signature for later verification..
  bdSig.WriteFile('rsaSignatures/test1.sig');

  //  See the example to verify the RSA signature:
  //  Verfies an RSA Signature


  cert.Free;
  bd.Free;
  rsa.Free;
  bdSig.Free;

end;

// ---------------------------------------------------------------------------

begin

  try
    RunDemo;
  except
    on E: Exception do
      WriteLn('Unhandled exception: ', E.ClassName, ': ', E.Message);
  end;

  WriteLn;
  {$IFDEF MSWINDOWS}
  WriteLn('Press Enter to exit...');
  ReadLn;
  {$ENDIF}
end.