Swift
Swift
Yubikey RSA Encrypt/Decrypt
See more RSA Examples
Demonstrates how to do RSA decryption using a private key stored on a Yubikey (or other USB token or smartcard).Note: RSA encryption uses the public key, which is freely exportable and does not need to occur on the token/smartcard.
Chilkat Swift Downloads
func chilkatTest() {
var success: Bool = false
// This example assumes you have a certificate with private key on the Yubikey token.
// When doing simple RSA encryption/decryption, we don't actually need the certificate,
// but we'll be using the private key associated with the certificate.
//
// The sensitive/secret material that needs to be kept private is the private key.
// The certificate itself and the public key can be freely shared.
//
// We're going to encrypt and decrypt 32-bytes of data.
let bd = CkoBinData()!
success = bd.appendEncoded(encData: "000102030405060708090A0B0C0D0E0F", encoding: "hex")
success = bd.appendEncoded(encData: "000102030405060708090A0B0C0D0E0F", encoding: "hex")
// Let's get the desired cert.
// For this example, a self-signed certificate with a 2048-bit RSA key was generated in slot 9A.
let cert = CkoCert()!
// Force Chilkat to use PKCS11 over ScMinidriver (if on Windows) and Apple Keychain (if on MacOS)
cert.uncommonOptions = "NoScMinidriver,NoAppleKeychain"
cert.smartCardPin = "123456"
success = cert.load(fromSmartcard: "cn=chilkat_test_2048")
if success == false {
print("\(cert.lastErrorText!)")
return
}
// RSA encrypt using the public key.
let rsa = CkoRsa()!
// Provide the RSA object with the certificate on the Yubkey.
success = rsa.setX509Cert(cert: cert, usePrivateKey: true)
if success == false {
print("\(rsa.lastErrorText!)")
return
}
// RSA encrypt using the public key.
var usePrivateKey: Bool = false
success = rsa.encryptBd(bd: bd, usePrivateKey: usePrivateKey)
if success == false {
print("\(rsa.lastErrorText!)")
return
}
print("RSA Encrypted Output in Hex:")
print("\(bd.getEncoded(encoding: "hex")!)")
// Now let's decrypt, using the private key on the Yubikey.
usePrivateKey = true
success = rsa.decryptBd(bd: bd, usePrivateKey: usePrivateKey)
if success == false {
print("\(rsa.lastErrorText!)")
return
}
print("RSA Decrypted Output in Hex:")
print("\(bd.getEncoded(encoding: "hex")!)")
}