Sample code for 30+ languages & platforms
Pascal (Lazarus/Delphi)

SSH HSM Public Key Authentication

See more uncategorized Examples

Demonstrates how to authenticate with an SSH server using public key authentication using an HSM (USB token or smartcard).

Chilkat Pascal (Lazarus/Delphi) Downloads

Pascal (Lazarus/Delphi)
program ChilkatDemo;

// Demonstrates using the Chilkat Pascal wrapper via the C bridge DLL.
// Builds as a console application under Lazarus (FPC) or Delphi.

{$IFDEF FPC}
  {$MODE DELPHI}
{$ENDIF}
{$APPTYPE CONSOLE}

uses
  {$IFDEF UNIX}
  cthreads,
  {$ENDIF}
  SysUtils,
  CkDllLoader,
  Chilkat.SshKey,
  Chilkat.Pkcs11,
  Chilkat.Ssh,
  Chilkat.JsonObject;

// ---------------------------------------------------------------------------

procedure RunDemo;
var
  success: Boolean;
  pkcs11: TPkcs11;
  pin: string;
  userType: Integer;
  json: TJsonObject;
  priv_handle: LongWord;
  pub_handle: LongWord;
  key: TSshKey;
  keyType: string;
  ssh: TSsh;

begin
  success := False;

  //  This example assumes the Chilkat API to have been previously unlocked.
  //  See Global Unlock Sample for sample code.

  //  Note: Chilkat's PKCS11 implementation runs on Windows, Linux, MacOs, and other supported operating systems.

  pkcs11 := TPkcs11.Create;

  //  This would be a path to a .dylib on MacOS, or a path to a .so shared lib on Linux.
  pkcs11.SharedLibPath := 'C:/Program Files (x86)/Gemalto/IDGo 800 PKCS#11/IDPrimePKCS1164.dll';
  pin := '0000';
  userType := 1;

  //  Establish a PKCS11 logged-on session using the driver (.so, .dylib, or .dll) as specified in the SharedLibPath above.
  success := pkcs11.QuickSession(userType,pin);
  if (success = False) then
    begin
      WriteLn(pkcs11.LastErrorText);
      Exit;
    end;

  //  Set PKCS11 attributes to find our desired private key object.
  json := TJsonObject.Create;
  json.UpdateString('class','private_key');
  json.UpdateString('label','MySshKey');

  //  Get the PKCS11 handle to the private key located on the HSM.
  priv_handle := pkcs11.FindObject(json);

  //  Get the PKCS11 handle to the corresponding public key located on the HSM.
  json.UpdateString('class','public_key');

  pub_handle := pkcs11.FindObject(json);

  key := TSshKey.Create;
  //  The key type can be "rsa" or "ec"
  keyType := 'rsa';
  success := key.UsePkcs11(pkcs11,priv_handle,pub_handle,keyType);
  if (success = False) then
    begin
      WriteLn(key.LastErrorText);
      Exit;
    end;

  ssh := TSsh.Create;

  success := ssh.Connect('example.com',22);
  if (success <> True) then
    begin
      WriteLn(ssh.LastErrorText);
      Exit;
    end;

  //  Authenticate with the SSH server using the login and
  //  HSM private key.  (The corresponding public key should've 
  //  been installed on the SSH server beforehand.)
  success := ssh.AuthenticatePk('myLogin',key);
  if (success <> True) then
    begin
      WriteLn(ssh.LastErrorText);
      Exit;
    end;

  WriteLn('Public-Key Authentication Successful!');


  pkcs11.Free;
  json.Free;
  key.Free;
  ssh.Free;

end;

// ---------------------------------------------------------------------------

begin

  try
    RunDemo;
  except
    on E: Exception do
      WriteLn('Unhandled exception: ', E.ClassName, ': ', E.Message);
  end;

  WriteLn;
  {$IFDEF MSWINDOWS}
  WriteLn('Press Enter to exit...');
  ReadLn;
  {$ENDIF}
end.