|
Chilkat • HOME • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi DLL • Go • Java • Node.js • Objective-C • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(Tcl) RSA Decrypt using Private Key on Smartcard or USB Token via Apple KeychainSee more Apple Keychain ExamplesRSA decryption using a certificate's private key located on a hardware token or smartcard via the Apple Keychain.Note: This example requires Chilkat v10.1.2 or greater.
load ./chilkat.dll # Beforehand, we generated a 256-bit AES key, RSA encrypted, and saved to a file as in this example: # Generate a Random 256-bit AES Key and RSA Encrypt # The RSA public key used to encrypt in the above example was obtained from the Apple Keychain # like this: # Export a Public Key from USB Token or Smartcard using the Apple Keychain # This example will load the encrypted data and will RSA decrypt using the # private key of a certificate on a USB token (or smart card) via the Keychain. # You can list the Keychain certificates on hardware tokens using the following example: # Apple Keychain - List Certs on Smartcards and USB Tokens # Get the RSA encrypted data to be decrypted. set bd [new_CkBinData] # In all Chilkat methods expecting a path, you can pass either absolute or relative paths. set success [CkBinData_LoadFile $bd "rsaEncrypted/myAes.key"] if {$success == 0} then { puts "Failed to load the encrypted AES key." delete_CkBinData $bd exit } # Load the certificate having the private key from the Apple Keychain # On MacOS and iOS, the LoadByCommonName function will search the Apple Keychain for the matching certificate. set cert [new_CkCert] # To potentially prevent the PIN dialog from being displayed, # we'll need to provide the USB token (or smart card) PIN # Note: It might not be possible to prevent the PIN dialog from being displayed # CkCert_put_SmartCardPin $cert "123456" set success [CkCert_LoadByCommonName $cert "Test 2048 bit RSA"] if {$success == 0} then { puts [CkCert_lastErrorText $cert] delete_CkBinData $bd delete_CkCert $cert exit } set rsa [new_CkRsa] # Specify we wish to use the certificate's private key for decryption. set success [CkRsa_SetX509Cert $rsa $cert 1] if {$success == 0} then { puts [CkRsa_lastErrorText $rsa] delete_CkBinData $bd delete_CkCert $cert delete_CkRsa $rsa exit } # RSA Decrypt CkRsa_put_VerboseLogging $rsa 1 set success [CkRsa_DecryptBd $rsa $bd 1] if {$success == 0} then { puts [CkRsa_lastErrorText $rsa] delete_CkBinData $bd delete_CkCert $cert delete_CkRsa $rsa exit } # The contents of bd are now decrypted. puts "Num bytes after decryption: [CkBinData_get_NumBytes $bd]" # Some additional notes: # # If using a Yubikey token, the certificate must be installed in the Key Management slot. # The Digital Signature slot is for RSA keys to be used for signing, # and the Key Management slot is for RSA keys to be used for decrypting. # |
||||
© 2000-2025 Chilkat Software, Inc. All Rights Reserved.
