Pascal (Lazarus/Delphi)
Pascal (Lazarus/Delphi)
Yubikey RSA Encrypt/Decrypt
See more RSA Examples
Demonstrates how to do RSA decryption using a private key stored on a Yubikey (or other USB token or smartcard).Note: RSA encryption uses the public key, which is freely exportable and does not need to occur on the token/smartcard.
Chilkat Pascal (Lazarus/Delphi) Downloads
program ChilkatDemo;
// Demonstrates using the Chilkat Pascal wrapper via the C bridge DLL.
// Builds as a console application under Lazarus (FPC) or Delphi.
{$IFDEF FPC}
{$MODE DELPHI}
{$ENDIF}
{$APPTYPE CONSOLE}
uses
{$IFDEF UNIX}
cthreads,
{$ENDIF}
SysUtils,
CkDllLoader,
Chilkat.BinData,
Chilkat.Rsa,
Chilkat.Cert;
// ---------------------------------------------------------------------------
procedure RunDemo;
var
success: Boolean;
bd: TBinData;
cert: TCert;
rsa: TRsa;
usePrivateKey: Boolean;
begin
success := False;
// This example assumes you have a certificate with private key on the Yubikey token.
// When doing simple RSA encryption/decryption, we don't actually need the certificate,
// but we'll be using the private key associated with the certificate.
//
// The sensitive/secret material that needs to be kept private is the private key.
// The certificate itself and the public key can be freely shared.
//
// We're going to encrypt and decrypt 32-bytes of data.
bd := TBinData.Create;
success := bd.AppendEncoded('000102030405060708090A0B0C0D0E0F','hex');
success := bd.AppendEncoded('000102030405060708090A0B0C0D0E0F','hex');
// Let's get the desired cert.
// For this example, a self-signed certificate with a 2048-bit RSA key was generated in slot 9A.
cert := TCert.Create;
// Force Chilkat to use PKCS11 over ScMinidriver (if on Windows) and Apple Keychain (if on MacOS)
cert.UncommonOptions := 'NoScMinidriver,NoAppleKeychain';
cert.SmartCardPin := '123456';
success := cert.LoadFromSmartcard('cn=chilkat_test_2048');
if (success = False) then
begin
WriteLn(cert.LastErrorText);
Exit;
end;
// RSA encrypt using the public key.
rsa := TRsa.Create;
// Provide the RSA object with the certificate on the Yubkey.
success := rsa.SetX509Cert(cert,True);
if (success = False) then
begin
WriteLn(rsa.LastErrorText);
Exit;
end;
// RSA encrypt using the public key.
usePrivateKey := False;
success := rsa.EncryptBd(bd,usePrivateKey);
if (success = False) then
begin
WriteLn(rsa.LastErrorText);
Exit;
end;
WriteLn('RSA Encrypted Output in Hex:');
WriteLn(bd.GetEncoded('hex'));
// Now let's decrypt, using the private key on the Yubikey.
usePrivateKey := True;
success := rsa.DecryptBd(bd,usePrivateKey);
if (success = False) then
begin
WriteLn(rsa.LastErrorText);
Exit;
end;
WriteLn('RSA Decrypted Output in Hex:');
WriteLn(bd.GetEncoded('hex'));
bd.Free;
cert.Free;
rsa.Free;
end;
// ---------------------------------------------------------------------------
begin
try
RunDemo;
except
on E: Exception do
WriteLn('Unhandled exception: ', E.ClassName, ': ', E.Message);
end;
WriteLn;
{$IFDEF MSWINDOWS}
WriteLn('Press Enter to exit...');
ReadLn;
{$ENDIF}
end.