Tcl
Tcl
PKCS11 Import an Existing RSA Public Key onto the HSM
See more PKCS11 Examples
Demonstrates how to import an existing RSA Public Key onto a smart card or token.Note: This example requires Chilkat v9.5.0.96 or later.
Chilkat Tcl Downloads
load ./chilkat.dll
set success 0
# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
# Note: Chilkat's PKCS11 implementation runs on Windows, Linux, Mac OS X, and other supported operating systems.
set pkcs11 [new_CkPkcs11]
# Use the PKCS11 driver (.dll, .so, .dylib) for your particular HSM.
# (The format of the path will change with the operating system. Obviously, "C:/" is not used on non-Windows systems.
CkPkcs11_put_SharedLibPath $pkcs11 "C:/Program Files (x86)/Gemalto/IDGo 800 PKCS#11/IDPrimePKCS1164.dll"
# Establish a logged-on session.
set pin "0000"
set userType 1
set success [CkPkcs11_QuickSession $pkcs11 $userType $pin]
if {$success == 0} then {
puts [CkPkcs11_lastErrorText $pkcs11]
delete_CkPkcs11 $pkcs11
exit
}
# Generate a new 2048-bit RSA key.
set rsa [new_CkRsa]
set privKey [new_CkPrivateKey]
set success [CkRsa_GenKey $rsa 2048 $privKey]
if {$success == 0} then {
puts [CkRsa_lastErrorText $rsa]
delete_CkPkcs11 $pkcs11
delete_CkRsa $rsa
delete_CkPrivateKey $privKey
exit
}
# Get the public key information as XML, so we can access the modulus and exponent.
set xml [new_CkXml]
set pubKey [new_CkPublicKey]
CkPrivateKey_ToPublicKey $privKey $pubKey
CkXml_LoadXml $xml [CkPublicKey_getXml $pubKey]
set attrs [new_CkJsonObject]
# Specify the type of object, and the type of key.
CkJsonObject_UpdateString $attrs "class" "CKO_PUBLIC_KEY"
CkJsonObject_UpdateString $attrs "key_type" "CKK_RSA"
# Add an optional label if desired.
CkJsonObject_UpdateString $attrs "label" "RSA Public Key 1"
# Allow the key to be use for verify, wrapping, and encryption operations.
CkJsonObject_UpdateBool $attrs "verify" 1
CkJsonObject_UpdateBool $attrs "wrap" 1
CkJsonObject_UpdateBool $attrs "encrypt" 1
# Make this a session-only public key.
# To store the public key on the token so that it persists after the PKCS11 session, set token = 1.
CkJsonObject_UpdateBool $attrs "token" 0
# Provide the RSA public key material
CkJsonObject_UpdateString $attrs "modulus" [CkXml_getChildContent $xml "Modulus"]
CkJsonObject_UpdateString $attrs "public_exponent" [CkXml_getChildContent $xml "Exponent"]
# Create the RSA public key.
# Returns the PKCS11 object handle of the created key.
set objHandle [CkPkcs11_CreatePkcs11Object $pkcs11 $attrs]
if {$objHandle == 0} then {
puts [CkPkcs11_lastErrorText $pkcs11]
puts "Failed."
} else {
puts "PKCS11 object handle = $objHandle"
puts "Successfully imported an RSA key.."
}
CkPkcs11_Logout $pkcs11
CkPkcs11_CloseSession $pkcs11
delete_CkPkcs11 $pkcs11
delete_CkRsa $rsa
delete_CkPrivateKey $privKey
delete_CkXml $xml
delete_CkPublicKey $pubKey
delete_CkJsonObject $attrs