(Tcl) ECDSA Sign Data and Get Raw R and S Values

Demonstrates getting the raw R and S value of an ECDSA signature.

Chilkat Tcl Extension Downloads Chilkat Tcl Extension Downloads

load ./chilkat.dll

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

# To create an ECDSA signature, the data first needs to be hashed.  Then the hash
# is signed.

set crypt [new_CkCrypt2]

CkCrypt2_put_HashAlgorithm $crypt "SHA256"
CkCrypt2_put_Charset $crypt "utf-8"
CkCrypt2_put_EncodingMode $crypt "base64"

# Hash a string.
set hash1 [CkCrypt2_hashStringENC $crypt "The quick brown fox jumps over the lazy dog"]
puts "hash1 = $hash1"

# -----------------------------------------------------------
# An ECDSA private key is used for signing.  The public key is for signature verification.
# Load our ECC private key.
# Our private key file contains this:

# 	// -----BEGIN PRIVATE KEY-----
# 	MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg3J8q/24D1sEKGdP9
# 	72MGYElLGpw/a56Y3t6pfON3uhShRANCAATlSmoizyhAwoYZAOuFBATl07/1RR54
# 	a1Dzfm16grxJe666AGKR+bSs24hk7TEpaeCTvT8YOOM3l+xKFg7zq6Q9
# 	-----END PRIVATE KEY-----

set privKey [new_CkPrivateKey]

set success [CkPrivateKey_LoadPemFile $privKey "qa_data/ecc/secp256r1-key-pkcs8.pem"]
if {$success != 1} then {
    puts [CkPrivateKey_lastErrorText $privKey]
    delete_CkCrypt2 $crypt
    delete_CkPrivateKey $privKey
    exit
}

# Sign the hash..
set prng [new_CkPrng]

set ecdsa [new_CkEcc]

set ecdsaSigBase64 [CkEcc_signHashENC $ecdsa $hash1 "base64" $privKey $prng]
if {[CkEcc_get_LastMethodSuccess $ecdsa] != 1} then {
    puts [CkEcc_lastErrorText $ecdsa]
    delete_CkCrypt2 $crypt
    delete_CkPrivateKey $privKey
    delete_CkPrng $prng
    delete_CkEcc $ecdsa
    exit
}

# The ECDSA signature is ASN.1 that contains a sequence of 2 large integers (r and s)
# For example:
# SEQUENCE (2 elem)
#   INTEGER (255 bit) 792134D9B4AD82D5431ED03835A88E2596EB35E5B13054BD9B05A0069281ACC9
#   INTEGER (255 bit) 481E758CC1E3CBF825537EC3D9A2CA627E5FAD1137BBEA65DF38658DCB0A9ED5

puts "Base64 ECDSA signature = $ecdsaSigBase64"

# If the raw R and S values are needed, here's how to get them:
set asn [new_CkAsn]

set success [CkAsn_LoadEncoded $asn $ecdsaSigBase64 "base64"]
if {$success == 0} then {
    puts [CkAsn_lastErrorText $asn]
    delete_CkCrypt2 $crypt
    delete_CkPrivateKey $privKey
    delete_CkPrng $prng
    delete_CkEcc $ecdsa
    delete_CkAsn $asn
    exit
}

# The R and X will be in hexidecimal in the XML.
set xml [new_CkXml]

CkXml_LoadXml $xml [CkAsn_asnToXml $asn]
puts [CkXml_getXml $xml]

# The XML looks like this:
# <sequence>
# <int>792134D9B4AD82D5431ED03835A88E2596EB35E5B13054BD9B05A0069281ACC9</int>
# <int>481E758CC1E3CBF825537EC3D9A2CA627E5FAD1137BBEA65DF38658DCB0A9ED5</int>
# </sequence>

# Copy raw R and S hex values into a Chilkat BinData object.
set bd [new_CkBinData]

set r [CkXml_getChildContent $xml "int[0]"]
set s [CkXml_getChildContent $xml "int[1]"]
CkBinData_AppendEncoded $bd $r "hex"
CkBinData_AppendEncoded $bd $s "hex"

puts "Number of bytes in bd: [CkBinData_get_NumBytes $bd]"

delete_CkCrypt2 $crypt
delete_CkPrivateKey $privKey
delete_CkPrng $prng
delete_CkEcc $ecdsa
delete_CkAsn $asn
delete_CkXml $xml
delete_CkBinData $bd