Sample code for 30+ languages & platforms
Tcl

DSA R,S Signature Values

See more DSA Examples

Creates a DSA signature. Gets r,s values from the signature. Re-creates the DSA signature ASN.1 from the r,s values. Then verifies the signature using the re-created ASN.1 DSA signature.

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

set crypt [new_CkCrypt2]

CkCrypt2_put_EncodingMode $crypt "hex"
CkCrypt2_put_HashAlgorithm $crypt "sha-1"

set hashStr [CkCrypt2_hashFileENC $crypt "qa_data/hamlet.xml"]
puts "hash to sign: $hashStr"

set dsa [new_CkDsa]

set pemPrivateKey [CkDsa_loadText $dsa "qa_data/dsa/dsaPrivKey2.pem"]
set success [CkDsa_FromPem $dsa $pemPrivateKey]
if {$success == 0} then {
    puts [CkDsa_lastErrorText $dsa]
    delete_CkCrypt2 $crypt
    delete_CkDsa $dsa
    exit
}

# Load the hash to be signed into the DSA object:
set success [CkDsa_SetEncodedHash $dsa "hex" $hashStr]
if {$success == 0} then {
    puts [CkDsa_lastErrorText $dsa]
    delete_CkCrypt2 $crypt
    delete_CkDsa $dsa
    exit
}

# Sign the hash.
set success [CkDsa_SignHash $dsa]
if {$success == 0} then {
    puts [CkDsa_lastErrorText $dsa]
    delete_CkCrypt2 $crypt
    delete_CkDsa $dsa
    exit
}

# Get the ASN.1 signature.
set asnSig [CkDsa_getEncodedSignature $dsa "base64"]
puts "Signature: $asnSig"

# Examine the details of the ASN.1 signature.
# We want to get the r,s values as hex strings..
set asn [new_CkAsn]

set success [CkAsn_LoadEncoded $asn $asnSig "base64"]
if {$success == 0} then {
    puts [CkAsn_lastErrorText $asn]
    delete_CkCrypt2 $crypt
    delete_CkDsa $dsa
    delete_CkAsn $asn
    exit
}

# Get the ASN.1 as XML.
set xml [new_CkXml]

set success [CkXml_LoadXml $xml [CkAsn_asnToXml $asn]]
puts "Signature as XML: "
puts [CkXml_getXml $xml]

# Sample XML shown here.
# The r and s values are the two hex strings in the XML.

# <?xml version="1.0" encoding="utf-8"?>
# <sequence>
#     <int>2C187F3AB6E47A66497B86CE97BB39E2133810F5</int>
#     <int>588E53D3F7B69636B48FD7175E99A3961BD7D775</int>
# </sequence>

# Pretend we're starting with r,s
set r "2C187F3AB6E47A66497B86CE97BB39E2133810F5"
set s "588E53D3F7B69636B48FD7175E99A3961BD7D775"

# Build the XML that will be converted to ASN.1
CkXml_Clear $xml
CkXml_put_Tag $xml "sequence"
CkXml_NewChild2 $xml "int" $r
CkXml_NewChild2 $xml "int" $s

# Convert the XML to ASN.1
set success [CkAsn_LoadAsnXml $asn [CkXml_getXml $xml]]

# Emit the signature as DER encoded ASN.1 (base64)
set asnSig [CkAsn_getEncodedDer $asn "base64"]

# --------------------------------------------------------------------
# Verify the signature using the asnSig we built from the r,s values
# --------------------------------------------------------------------

set dsa2 [new_CkDsa]

# Load the DSA public key to be used for verification:

set pemPublicKey [CkDsa_loadText $dsa2 "qa_data/dsa/dsaPubKey2.pem"]
set success [CkDsa_FromPublicPem $dsa2 $pemPublicKey]
if {$success == 0} then {
    puts [CkDsa_lastErrorText $dsa2]
    delete_CkCrypt2 $crypt
    delete_CkDsa $dsa
    delete_CkAsn $asn
    delete_CkXml $xml
    delete_CkDsa $dsa2
    exit
}

# Load the hash to be verified.
set success [CkDsa_SetEncodedHash $dsa2 "hex" $hashStr]
if {$success == 0} then {
    puts [CkDsa_lastErrorText $dsa2]
    delete_CkCrypt2 $crypt
    delete_CkDsa $dsa
    delete_CkAsn $asn
    delete_CkXml $xml
    delete_CkDsa $dsa2
    exit
}

# Load the ASN.1 signature:
set success [CkDsa_SetEncodedSignature $dsa2 "base64" $asnSig]
if {$success == 0} then {
    puts [CkDsa_lastErrorText $dsa2]
    delete_CkCrypt2 $crypt
    delete_CkDsa $dsa
    delete_CkAsn $asn
    delete_CkXml $xml
    delete_CkDsa $dsa2
    exit
}

# Verify:
set success [CkDsa_Verify $dsa2]
if {$success == 0} then {
    puts [CkDsa_lastErrorText $dsa2]
} else {
    puts "DSA Signature Verified!"
}


delete_CkCrypt2 $crypt
delete_CkDsa $dsa
delete_CkAsn $asn
delete_CkXml $xml
delete_CkDsa $dsa2