(C) ECDSA Sign and Verify Data using Different Hash Algorithms

Demonstrates how to create ECDSA signatures on data using different hash algorithms.

Note: This example requires Chilkat v9.5.0.85 or greater because the SignBd and VerifyBd methods were added in v9.5.0.85.

Chilkat C/C++ Library Downloads
MS Visual C/C++ C++ Builder Linux C/C++ Alpine Linux C/C++	MacOS C/C++ iOS C/C++ Android C/C++ MinGW C/C++

#include <C_CkPrivateKey.h>
#include <C_CkBinData.h>
#include <C_CkEcc.h>
#include <C_CkPrng.h>
#include <C_CkPublicKey.h>

void ChilkatSample(void)
    {
    HCkPrivateKey privKey;
    BOOL success;
    HCkBinData bd;
    HCkEcc ecdsa;
    HCkPrng prng;
    const char *sig;
    HCkPublicKey pubKey;
    HCkEcc ecc2;
    int result;

    // This example assumes the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // First load an ECDSA private key to be used for signing.
    privKey = CkPrivateKey_Create();
    success = CkPrivateKey_LoadEncryptedPemFile(privKey,"qa_data/ecc/secp256r1-key-pkcs8-secret.pem","secret");
    if (success == FALSE) {
        printf("%s\n",CkPrivateKey_lastErrorText(privKey));
        CkPrivateKey_Dispose(privKey);
        return;
    }

    // Load some data to be signed.
    bd = CkBinData_Create();
    success = CkBinData_LoadFile(bd,"qa_data/hamlet.xml");
    if (success == FALSE) {
        printf("Failed to load file to be hashed.\n");
        CkPrivateKey_Dispose(privKey);
        CkBinData_Dispose(bd);
        return;
    }

    ecdsa = CkEcc_Create();
    prng = CkPrng_Create();

    // Sign the sha256 hash of the data.  Return the ECDSA signature in the base64 encoding.
    printf("ECDSA signing the sha256 hash of the data...\n");
    sig = CkEcc_signBd(ecdsa,bd,"sha256","base64",privKey,prng);
    printf("sig = %s\n",sig);

    // Verify the signature against the original data.
    // (We must use the same hash algorithm that was used when signing.)

    // Load the public key that corresponds to the private key used for signing.
    pubKey = CkPublicKey_Create();
    success = CkPublicKey_LoadFromFile(pubKey,"qa_data/ecc/secp256r1-pub.pem");
    if (success == FALSE) {
        printf("%s\n",CkPublicKey_lastErrorText(pubKey));
        CkPrivateKey_Dispose(privKey);
        CkBinData_Dispose(bd);
        CkEcc_Dispose(ecdsa);
        CkPrng_Dispose(prng);
        CkPublicKey_Dispose(pubKey);
        return;
    }

    ecc2 = CkEcc_Create();
    result = CkEcc_VerifyBd(ecc2,bd,"sha256",sig,"base64",pubKey);
    if (result != 1) {
        printf("%s\n",CkEcc_lastErrorText(ecc2));
        CkPrivateKey_Dispose(privKey);
        CkBinData_Dispose(bd);
        CkEcc_Dispose(ecdsa);
        CkPrng_Dispose(prng);
        CkPublicKey_Dispose(pubKey);
        CkEcc_Dispose(ecc2);
        return;
    }

    printf("Verified!\n");

    // ----------------------------------------------------------------------------------------
    // Let's do the same thing, but with sha384 hashing...

    printf("--------------------------------------------\n");
    printf("ECDSA signing the sha384 hash of the data...\n");

    sig = CkEcc_signBd(ecdsa,bd,"sha384","base64",privKey,prng);
    printf("sig = %s\n",sig);

    result = CkEcc_VerifyBd(ecc2,bd,"sha384",sig,"base64",pubKey);
    if (result != 1) {
        printf("%s\n",CkEcc_lastErrorText(ecc2));
        CkPrivateKey_Dispose(privKey);
        CkBinData_Dispose(bd);
        CkEcc_Dispose(ecdsa);
        CkPrng_Dispose(prng);
        CkPublicKey_Dispose(pubKey);
        CkEcc_Dispose(ecc2);
        return;
    }

    printf("Verified!\n");


    CkPrivateKey_Dispose(privKey);
    CkBinData_Dispose(bd);
    CkEcc_Dispose(ecdsa);
    CkPrng_Dispose(prng);
    CkPublicKey_Dispose(pubKey);
    CkEcc_Dispose(ecc2);

    }