Tcl
Tcl
PKCS11 Find Private Key by Label
See more PKCS11 Examples
Demonstrates how to find a private key based on a user-specified label.Note: This example requires Chilkat v9.5.0.96 or later.
Chilkat Tcl Downloads
load ./chilkat.dll
set success 0
# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
# Note: Chilkat's PKCS11 implementation runs on Windows, Linux, Mac OS X, and other supported operating systems.
set pkcs11 [new_CkPkcs11]
# Use the PKCS11 driver (.dll, .so, .dylib) for your particular HSM.
# For example:
CkPkcs11_put_SharedLibPath $pkcs11 "C:/Program Files (x86)/Gemalto/IDGo 800 PKCS#11/IDPrimePKCS11.dll"
# Use your HSM's PIN.
set pin "0000"
# Normal user = 1
set userType 1
# Establish a logged-on user session with the HSM.
set success [CkPkcs11_QuickSession $pkcs11 $userType $pin]
if {$success == 0} then {
puts [CkPkcs11_lastErrorText $pkcs11]
delete_CkPkcs11 $pkcs11
exit
}
# Provide a template to find a PKCS11 object.
set jsonTemplate [new_CkJsonObject]
# Find an RSA private key with the label "MySshKey".
# Here's an example of how the key was originally imported:
# PKCS11 Import SSH Key
CkJsonObject_UpdateString $jsonTemplate "class" "private_key"
CkJsonObject_UpdateString $jsonTemplate "key_type" "rsa"
CkJsonObject_UpdateString $jsonTemplate "label" "MySshKey"
set privKeyHandle [CkPkcs11_FindObject $pkcs11 $jsonTemplate]
if {$privKeyHandle == 0} then {
puts [CkPkcs11_lastErrorText $pkcs11]
delete_CkPkcs11 $pkcs11
delete_CkJsonObject $jsonTemplate
exit
}
# The private key handle is only valid during the PKCS11 session.
# If you wish to use the private key in another PKCS11 session,
# you'll first need to find it. See:
puts "private key handle: $privKeyHandle"
# Do whatever you wish with the private key handle...
# ...
# ...
CkPkcs11_Logout $pkcs11
CkPkcs11_CloseSession $pkcs11
delete_CkPkcs11 $pkcs11
delete_CkJsonObject $jsonTemplate