Sample code for 30+ languages & platforms
PureBasic

Duplicate openssl rsautl -sign -in small.dat -inkey private.pem -out rsautl.sig

See more OpenSSL Examples

Demonstrates how to duplicate this OpenSSL command:
openssl rsautl -sign -in small.dat -inkey private.pem -out rsautl.sig
The small.dat file is a small file that can contain text or binary data of any type. The "openssl rsautl" command is different than "openssl dgst -sign" because it signs the input data directly with the RSA algorithm. The "openssl dgst -sign" command first digests the input data and then signs the digest.

How much data can be signed with "openssl rsautl"? The maximum size (in bytes) is the key size minus the overhead for the padding. The overhead size depends on the padding. With OAEP padding, the overhead is 42 bytes. With the default PKCSv1.5 padding, the overhead is 11 bytes.

Given a 2048-bit RSA key (256 bytes) and using PKCSv1.5 padding, the max data size that can be signed is 256 - 11 = 245 bytes.

Chilkat PureBasic Downloads

PureBasic
IncludeFile "CkBinData.pb"
IncludeFile "CkPrivateKey.pb"
IncludeFile "CkRsa.pb"

Procedure ChilkatExample()

    success.i = 0

    ; This example requires the Chilkat API to have been previously unlocked.
    ; See Global Unlock Sample for sample code.

    pkey.i = CkPrivateKey::ckCreate()
    If pkey.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    ; Load the private key from an PEM file:
    success = CkPrivateKey::ckLoadPemFile(pkey,"private.pem")
    If success = 0
        Debug CkPrivateKey::ckLastErrorText(pkey)
        CkPrivateKey::ckDispose(pkey)
        ProcedureReturn
    EndIf

    ; Load the file to be signed.
    bd.i = CkBinData::ckCreate()
    If bd.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success = CkBinData::ckLoadFile(bd,"small.dat")

    rsa.i = CkRsa::ckCreate()
    If rsa.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success = CkRsa::ckUsePrivateKey(rsa,pkey)
    If success = 0
        Debug CkRsa::ckLastErrorText(rsa)
        CkPrivateKey::ckDispose(pkey)
        CkBinData::ckDispose(bd)
        CkRsa::ckDispose(rsa)
        ProcedureReturn
    EndIf

    ; OpenSSL uses big-endian.
    CkRsa::setCkLittleEndian(rsa, 0)

    ; Sign bd.  If successful, bd will contain the RSA signature that contains the original data.
    success = CkRsa::ckSignRawBd(rsa,bd)
    If success = 0
        Debug CkRsa::ckLastErrorText(rsa)
        CkPrivateKey::ckDispose(pkey)
        CkBinData::ckDispose(bd)
        CkRsa::ckDispose(rsa)
        ProcedureReturn
    EndIf

    ; Save the binary signature to a file.
    success = CkBinData::ckWriteFile(bd,"rsautl.sig")
    If success <> 1
        Debug "Failed to save output signature file."
        CkPrivateKey::ckDispose(pkey)
        CkBinData::ckDispose(bd)
        CkRsa::ckDispose(rsa)
        ProcedureReturn
    EndIf

    Debug "Success."


    CkPrivateKey::ckDispose(pkey)
    CkBinData::ckDispose(bd)
    CkRsa::ckDispose(rsa)


    ProcedureReturn
EndProcedure