Tcl
Tcl
DSA Signature Create and Verify
See more DSA Examples
Shows how to create a DSA (DSS) signature for the contents of a file. The first step is to create an SHA-1 hash of the file contents. The hash is signed using the Digital Signature Algorithm and the signature bytes are retrieved as a hex-encoded string.The 2nd part of the example loads the signature and verifies it against the hash.
Chilkat Tcl Downloads
load ./chilkat.dll
set success 0
# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
set crypt [new_CkCrypt2]
CkCrypt2_put_EncodingMode $crypt "hex"
CkCrypt2_put_HashAlgorithm $crypt "sha-1"
# Return the SHA-1 hash of a file. The file may be any size.
# The Chilkat Crypt component will stream the file when
# computing the hash, keeping the memory usage constant
# and reasonable.
# The 20-byte SHA-1 hash is returned as a hex-encoded string.
set hashStr [CkCrypt2_hashFileENC $crypt "hamlet.xml"]
set dsa [new_CkDsa]
# Load a DSA private key from a PEM file. Chilkat DSA
# provides the ability to load and save DSA public and private
# keys from encrypted or non-encrypted PEM or DER.
# The LoadText method is for convenience only. You may
# use any means to load the contents of a PEM file into
# a string.
set pemPrivateKey [CkDsa_loadText $dsa "dsa_priv.pem"]
set success [CkDsa_FromPem $dsa $pemPrivateKey]
if {$success != 1} then {
puts [CkDsa_lastErrorText $dsa]
delete_CkCrypt2 $crypt
delete_CkDsa $dsa
exit
}
# You may optionally verify the key to ensure that it is a valid
# DSA key.
set success [CkDsa_VerifyKey $dsa]
if {$success != 1} then {
puts [CkDsa_lastErrorText $dsa]
delete_CkCrypt2 $crypt
delete_CkDsa $dsa
exit
}
# Load the hash to be signed into the DSA object:
set success [CkDsa_SetEncodedHash $dsa "hex" $hashStr]
if {$success != 1} then {
puts [CkDsa_lastErrorText $dsa]
delete_CkCrypt2 $crypt
delete_CkDsa $dsa
exit
}
# Now that the DSA object contains both the private key and hash,
# it is ready to create the signature:
set success [CkDsa_SignHash $dsa]
if {$success != 1} then {
puts [CkDsa_lastErrorText $dsa]
delete_CkCrypt2 $crypt
delete_CkDsa $dsa
exit
}
# If SignHash is successful, the DSA object contains the
# signature. It may be accessed as a hex or base64 encoded
# string. (It is also possible to access directly in byte array form via
# the "Signature" property.)
set hexSig [CkDsa_getEncodedSignature $dsa "hex"]
puts "Signature:"
puts "$hexSig"
# -----------------------------------------------------------
# Step 2: Verify the DSA Signature
# -----------------------------------------------------------
set dsa2 [new_CkDsa]
# Load the DSA public key to be used for verification:
set pemPublicKey [CkDsa_loadText $dsa2 "dsa_pub.pem"]
set success [CkDsa_FromPublicPem $dsa2 $pemPublicKey]
if {$success != 1} then {
puts [CkDsa_lastErrorText $dsa2]
delete_CkCrypt2 $crypt
delete_CkDsa $dsa
delete_CkDsa $dsa2
exit
}
# Load the hash to be verified against the signature.
set success [CkDsa_SetEncodedHash $dsa2 "hex" $hashStr]
if {$success != 1} then {
puts [CkDsa_lastErrorText $dsa2]
delete_CkCrypt2 $crypt
delete_CkDsa $dsa
delete_CkDsa $dsa2
exit
}
# Load the signature:
set success [CkDsa_SetEncodedSignature $dsa2 "hex" $hexSig]
if {$success != 1} then {
puts [CkDsa_lastErrorText $dsa2]
delete_CkCrypt2 $crypt
delete_CkDsa $dsa
delete_CkDsa $dsa2
exit
}
# Verify:
set success [CkDsa_Verify $dsa2]
if {$success != 1} then {
puts [CkDsa_lastErrorText $dsa2]
} else {
puts "DSA Signature Verified!"
}
delete_CkCrypt2 $crypt
delete_CkDsa $dsa
delete_CkDsa $dsa2