Tcl
Tcl
ECDSA Sign Data and Get Raw R and S Values
See more ECC Examples
Demonstrates getting the raw R and S value of an ECDSA signature.Chilkat Tcl Downloads
load ./chilkat.dll
set success 0
# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
# To create an ECDSA signature, the data first needs to be hashed. Then the hash
# is signed.
set crypt [new_CkCrypt2]
CkCrypt2_put_HashAlgorithm $crypt "SHA256"
CkCrypt2_put_Charset $crypt "utf-8"
CkCrypt2_put_EncodingMode $crypt "base64"
# Hash a string.
set hash1 [CkCrypt2_hashStringENC $crypt "The quick brown fox jumps over the lazy dog"]
puts "hash1 = $hash1"
# -----------------------------------------------------------
# An ECDSA private key is used for signing. The public key is for signature verification.
# Load our ECC private key.
# Our private key file contains this:
# // -----BEGIN PRIVATE KEY-----
# MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg3J8q/24D1sEKGdP9
# 72MGYElLGpw/a56Y3t6pfON3uhShRANCAATlSmoizyhAwoYZAOuFBATl07/1RR54
# a1Dzfm16grxJe666AGKR+bSs24hk7TEpaeCTvT8YOOM3l+xKFg7zq6Q9
# -----END PRIVATE KEY-----
set privKey [new_CkPrivateKey]
set success [CkPrivateKey_LoadPemFile $privKey "qa_data/ecc/secp256r1-key-pkcs8.pem"]
if {$success != 1} then {
puts [CkPrivateKey_lastErrorText $privKey]
delete_CkCrypt2 $crypt
delete_CkPrivateKey $privKey
exit
}
# Sign the hash..
set prng [new_CkPrng]
set ecdsa [new_CkEcc]
set ecdsaSigBase64 [CkEcc_signHashENC $ecdsa $hash1 "base64" $privKey $prng]
if {[CkEcc_get_LastMethodSuccess $ecdsa] != 1} then {
puts [CkEcc_lastErrorText $ecdsa]
delete_CkCrypt2 $crypt
delete_CkPrivateKey $privKey
delete_CkPrng $prng
delete_CkEcc $ecdsa
exit
}
# The ECDSA signature is ASN.1 that contains a sequence of 2 large integers (r and s)
# For example:
# SEQUENCE (2 elem)
# INTEGER (255 bit) 792134D9B4AD82D5431ED03835A88E2596EB35E5B13054BD9B05A0069281ACC9
# INTEGER (255 bit) 481E758CC1E3CBF825537EC3D9A2CA627E5FAD1137BBEA65DF38658DCB0A9ED5
puts "Base64 ECDSA signature = $ecdsaSigBase64"
# If the raw R and S values are needed, here's how to get them:
set asn [new_CkAsn]
set success [CkAsn_LoadEncoded $asn $ecdsaSigBase64 "base64"]
if {$success == 0} then {
puts [CkAsn_lastErrorText $asn]
delete_CkCrypt2 $crypt
delete_CkPrivateKey $privKey
delete_CkPrng $prng
delete_CkEcc $ecdsa
delete_CkAsn $asn
exit
}
# The R and X will be in hexidecimal in the XML.
set xml [new_CkXml]
CkXml_LoadXml $xml [CkAsn_asnToXml $asn]
puts [CkXml_getXml $xml]
# The XML looks like this:
# <sequence>
# <int>792134D9B4AD82D5431ED03835A88E2596EB35E5B13054BD9B05A0069281ACC9</int>
# <int>481E758CC1E3CBF825537EC3D9A2CA627E5FAD1137BBEA65DF38658DCB0A9ED5</int>
# </sequence>
# Copy raw R and S hex values into a Chilkat BinData object.
set bd [new_CkBinData]
set r [CkXml_getChildContent $xml "int[0]"]
set s [CkXml_getChildContent $xml "int[1]"]
CkBinData_AppendEncoded $bd $r "hex"
CkBinData_AppendEncoded $bd $s "hex"
puts "Number of bytes in bd: [CkBinData_get_NumBytes $bd]"
delete_CkCrypt2 $crypt
delete_CkPrivateKey $privKey
delete_CkPrng $prng
delete_CkEcc $ecdsa
delete_CkAsn $asn
delete_CkXml $xml
delete_CkBinData $bd