Tcl
Tcl
DSA R,S Signature Values
See more DSA Examples
Creates a DSA signature. Gets r,s values from the signature. Re-creates the DSA signature ASN.1 from the r,s values. Then verifies the signature using the re-created ASN.1 DSA signature.Chilkat Tcl Downloads
load ./chilkat.dll
set success 0
# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
set crypt [new_CkCrypt2]
CkCrypt2_put_EncodingMode $crypt "hex"
CkCrypt2_put_HashAlgorithm $crypt "sha-1"
set hashStr [CkCrypt2_hashFileENC $crypt "qa_data/hamlet.xml"]
puts "hash to sign: $hashStr"
set dsa [new_CkDsa]
set pemPrivateKey [CkDsa_loadText $dsa "qa_data/dsa/dsaPrivKey2.pem"]
set success [CkDsa_FromPem $dsa $pemPrivateKey]
if {$success == 0} then {
puts [CkDsa_lastErrorText $dsa]
delete_CkCrypt2 $crypt
delete_CkDsa $dsa
exit
}
# Load the hash to be signed into the DSA object:
set success [CkDsa_SetEncodedHash $dsa "hex" $hashStr]
if {$success == 0} then {
puts [CkDsa_lastErrorText $dsa]
delete_CkCrypt2 $crypt
delete_CkDsa $dsa
exit
}
# Sign the hash.
set success [CkDsa_SignHash $dsa]
if {$success == 0} then {
puts [CkDsa_lastErrorText $dsa]
delete_CkCrypt2 $crypt
delete_CkDsa $dsa
exit
}
# Get the ASN.1 signature.
set asnSig [CkDsa_getEncodedSignature $dsa "base64"]
puts "Signature: $asnSig"
# Examine the details of the ASN.1 signature.
# We want to get the r,s values as hex strings..
set asn [new_CkAsn]
set success [CkAsn_LoadEncoded $asn $asnSig "base64"]
if {$success == 0} then {
puts [CkAsn_lastErrorText $asn]
delete_CkCrypt2 $crypt
delete_CkDsa $dsa
delete_CkAsn $asn
exit
}
# Get the ASN.1 as XML.
set xml [new_CkXml]
set success [CkXml_LoadXml $xml [CkAsn_asnToXml $asn]]
puts "Signature as XML: "
puts [CkXml_getXml $xml]
# Sample XML shown here.
# The r and s values are the two hex strings in the XML.
# <?xml version="1.0" encoding="utf-8"?>
# <sequence>
# <int>2C187F3AB6E47A66497B86CE97BB39E2133810F5</int>
# <int>588E53D3F7B69636B48FD7175E99A3961BD7D775</int>
# </sequence>
# Pretend we're starting with r,s
set r "2C187F3AB6E47A66497B86CE97BB39E2133810F5"
set s "588E53D3F7B69636B48FD7175E99A3961BD7D775"
# Build the XML that will be converted to ASN.1
CkXml_Clear $xml
CkXml_put_Tag $xml "sequence"
CkXml_NewChild2 $xml "int" $r
CkXml_NewChild2 $xml "int" $s
# Convert the XML to ASN.1
set success [CkAsn_LoadAsnXml $asn [CkXml_getXml $xml]]
# Emit the signature as DER encoded ASN.1 (base64)
set asnSig [CkAsn_getEncodedDer $asn "base64"]
# --------------------------------------------------------------------
# Verify the signature using the asnSig we built from the r,s values
# --------------------------------------------------------------------
set dsa2 [new_CkDsa]
# Load the DSA public key to be used for verification:
set pemPublicKey [CkDsa_loadText $dsa2 "qa_data/dsa/dsaPubKey2.pem"]
set success [CkDsa_FromPublicPem $dsa2 $pemPublicKey]
if {$success == 0} then {
puts [CkDsa_lastErrorText $dsa2]
delete_CkCrypt2 $crypt
delete_CkDsa $dsa
delete_CkAsn $asn
delete_CkXml $xml
delete_CkDsa $dsa2
exit
}
# Load the hash to be verified.
set success [CkDsa_SetEncodedHash $dsa2 "hex" $hashStr]
if {$success == 0} then {
puts [CkDsa_lastErrorText $dsa2]
delete_CkCrypt2 $crypt
delete_CkDsa $dsa
delete_CkAsn $asn
delete_CkXml $xml
delete_CkDsa $dsa2
exit
}
# Load the ASN.1 signature:
set success [CkDsa_SetEncodedSignature $dsa2 "base64" $asnSig]
if {$success == 0} then {
puts [CkDsa_lastErrorText $dsa2]
delete_CkCrypt2 $crypt
delete_CkDsa $dsa
delete_CkAsn $asn
delete_CkXml $xml
delete_CkDsa $dsa2
exit
}
# Verify:
set success [CkDsa_Verify $dsa2]
if {$success == 0} then {
puts [CkDsa_lastErrorText $dsa2]
} else {
puts "DSA Signature Verified!"
}
delete_CkCrypt2 $crypt
delete_CkDsa $dsa
delete_CkAsn $asn
delete_CkXml $xml
delete_CkDsa $dsa2