Sample code for 30+ languages & platforms
Tcl

PKCS11 Import an Existing RSA Public Key onto the HSM

See more PKCS11 Examples

Demonstrates how to import an existing RSA Public Key onto a smart card or token.

Note: This example requires Chilkat v9.5.0.96 or later.

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

# Note: Chilkat's PKCS11 implementation runs on Windows, Linux, Mac OS X, and other supported operating systems.

set pkcs11 [new_CkPkcs11]

# Use the PKCS11 driver (.dll, .so, .dylib) for your particular HSM.
# (The format of the path will change with the operating system.  Obviously, "C:/" is not used on non-Windows systems.
CkPkcs11_put_SharedLibPath $pkcs11 "C:/Program Files (x86)/Gemalto/IDGo 800 PKCS#11/IDPrimePKCS1164.dll"

# Establish a logged-on session.
set pin "0000"
set userType 1
set success [CkPkcs11_QuickSession $pkcs11 $userType $pin]
if {$success == 0} then {
    puts [CkPkcs11_lastErrorText $pkcs11]
    delete_CkPkcs11 $pkcs11
    exit
}

# Generate a new 2048-bit RSA key.
set rsa [new_CkRsa]

set privKey [new_CkPrivateKey]

set success [CkRsa_GenKey $rsa 2048 $privKey]
if {$success == 0} then {
    puts [CkRsa_lastErrorText $rsa]
    delete_CkPkcs11 $pkcs11
    delete_CkRsa $rsa
    delete_CkPrivateKey $privKey
    exit
}

# Get the public key information as XML, so we can access the modulus and exponent.
set xml [new_CkXml]

set pubKey [new_CkPublicKey]

CkPrivateKey_ToPublicKey $privKey $pubKey
CkXml_LoadXml $xml [CkPublicKey_getXml $pubKey]

set attrs [new_CkJsonObject]

# Specify the type of object, and the type of key.
CkJsonObject_UpdateString $attrs "class" "CKO_PUBLIC_KEY"
CkJsonObject_UpdateString $attrs "key_type" "CKK_RSA"
# Add an optional label if desired.
CkJsonObject_UpdateString $attrs "label" "RSA Public Key 1"
# Allow the key to be use for verify, wrapping, and encryption operations.
CkJsonObject_UpdateBool $attrs "verify" 1
CkJsonObject_UpdateBool $attrs "wrap" 1
CkJsonObject_UpdateBool $attrs "encrypt" 1

# Make this a session-only public key.
# To store the public key on the token so that it persists after the PKCS11 session, set token = 1.
CkJsonObject_UpdateBool $attrs "token" 0

# Provide the RSA public key material
CkJsonObject_UpdateString $attrs "modulus" [CkXml_getChildContent $xml "Modulus"]
CkJsonObject_UpdateString $attrs "public_exponent" [CkXml_getChildContent $xml "Exponent"]

# Create the RSA public key.
# Returns the PKCS11 object handle of the created key.
set objHandle [CkPkcs11_CreatePkcs11Object $pkcs11 $attrs]
if {$objHandle == 0} then {
    puts [CkPkcs11_lastErrorText $pkcs11]
    puts "Failed."
} else {
    puts "PKCS11 object handle = $objHandle"
    puts "Successfully imported an RSA key.."
}

CkPkcs11_Logout $pkcs11
CkPkcs11_CloseSession $pkcs11

delete_CkPkcs11 $pkcs11
delete_CkRsa $rsa
delete_CkPrivateKey $privKey
delete_CkXml $xml
delete_CkPublicKey $pubKey
delete_CkJsonObject $attrs