(Tcl) PKCS11 Find Private Key by Label

See more PKCS11 Examples

Demonstrates how to find a private key based on a user-specified label.

Note: This example requires Chilkat v9.5.0.96 or later.

Chilkat Tcl Extension Downloads Chilkat Tcl Extension Downloads

load ./chilkat.dll

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

# Note: Chilkat's PKCS11 implementation runs on Windows, Linux, Mac OS X, and other supported operating systems.

set pkcs11 [new_CkPkcs11]

# Use the PKCS11 driver (.dll, .so, .dylib) for your particular HSM.
# For example:
CkPkcs11_put_SharedLibPath $pkcs11 "C:/Program Files (x86)/Gemalto/IDGo 800 PKCS#11/IDPrimePKCS11.dll"

# Use your HSM's PIN.
set pin "0000"

# Normal user = 1
set userType 1

# Establish a logged-on user session with the HSM.
set success [CkPkcs11_QuickSession $pkcs11 $userType $pin]
if {$success == 0} then {
    puts [CkPkcs11_lastErrorText $pkcs11]
    delete_CkPkcs11 $pkcs11
    exit
}

# Provide a template to find a PKCS11 object.
set jsonTemplate [new_CkJsonObject]

# Find an RSA private key with the label "MySshKey".
# Here's an example of how the key was originally imported: 
# PKCS11 Import SSH Key
CkJsonObject_UpdateString $jsonTemplate "class" "private_key"
CkJsonObject_UpdateString $jsonTemplate "key_type" "rsa"
CkJsonObject_UpdateString $jsonTemplate "label" "MySshKey"

set privKeyHandle [CkPkcs11_FindObject $pkcs11 $jsonTemplate]
if {$privKeyHandle == 0} then {
    puts [CkPkcs11_lastErrorText $pkcs11]
    delete_CkPkcs11 $pkcs11
    delete_CkJsonObject $jsonTemplate
    exit
}

# The private key handle is only valid during the PKCS11 session.
# If you wish to use the private key in another PKCS11 session,
# you'll first need to find it.  See:  
puts "private key handle: $privKeyHandle"

# Do whatever you wish with the private key handle...
# ...
# ...

CkPkcs11_Logout $pkcs11
CkPkcs11_CloseSession $pkcs11

delete_CkPkcs11 $pkcs11
delete_CkJsonObject $jsonTemplate