Tcl
Tcl
ECDSA Sign and Verify Data using Different Hash Algorithms
See more ECC Examples
Demonstrates how to create ECDSA signatures on data using different hash algorithms.Note: This example requires Chilkat v9.5.0.85 or greater because the SignBd and VerifyBd methods were added in v9.5.0.85.
Chilkat Tcl Downloads
load ./chilkat.dll
set success 0
# This example assumes the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
# First load an ECDSA private key to be used for signing.
set privKey [new_CkPrivateKey]
set success [CkPrivateKey_LoadEncryptedPemFile $privKey "qa_data/ecc/secp256r1-key-pkcs8-secret.pem" "secret"]
if {$success == 0} then {
puts [CkPrivateKey_lastErrorText $privKey]
delete_CkPrivateKey $privKey
exit
}
# Load some data to be signed.
set bd [new_CkBinData]
set success [CkBinData_LoadFile $bd "qa_data/hamlet.xml"]
if {$success == 0} then {
puts "Failed to load file to be hashed."
delete_CkPrivateKey $privKey
delete_CkBinData $bd
exit
}
set ecdsa [new_CkEcc]
set prng [new_CkPrng]
# Sign the sha256 hash of the data. Return the ECDSA signature in the base64 encoding.
puts "ECDSA signing the sha256 hash of the data..."
set sig [CkEcc_signBd $ecdsa $bd "sha256" "base64" $privKey $prng]
puts "sig = $sig"
# Verify the signature against the original data.
# (We must use the same hash algorithm that was used when signing.)
# Load the public key that corresponds to the private key used for signing.
set pubKey [new_CkPublicKey]
set success [CkPublicKey_LoadFromFile $pubKey "qa_data/ecc/secp256r1-pub.pem"]
if {$success == 0} then {
puts [CkPublicKey_lastErrorText $pubKey]
delete_CkPrivateKey $privKey
delete_CkBinData $bd
delete_CkEcc $ecdsa
delete_CkPrng $prng
delete_CkPublicKey $pubKey
exit
}
set ecc2 [new_CkEcc]
set result [CkEcc_VerifyBd $ecc2 $bd "sha256" $sig "base64" $pubKey]
if {$result != 1} then {
puts [CkEcc_lastErrorText $ecc2]
delete_CkPrivateKey $privKey
delete_CkBinData $bd
delete_CkEcc $ecdsa
delete_CkPrng $prng
delete_CkPublicKey $pubKey
delete_CkEcc $ecc2
exit
}
puts "Verified!"
# ----------------------------------------------------------------------------------------
# Let's do the same thing, but with sha384 hashing...
puts "--------------------------------------------"
puts "ECDSA signing the sha384 hash of the data..."
set sig [CkEcc_signBd $ecdsa $bd "sha384" "base64" $privKey $prng]
puts "sig = $sig"
set result [CkEcc_VerifyBd $ecc2 $bd "sha384" $sig "base64" $pubKey]
if {$result != 1} then {
puts [CkEcc_lastErrorText $ecc2]
delete_CkPrivateKey $privKey
delete_CkBinData $bd
delete_CkEcc $ecdsa
delete_CkPrng $prng
delete_CkPublicKey $pubKey
delete_CkEcc $ecc2
exit
}
puts "Verified!"
delete_CkPrivateKey $privKey
delete_CkBinData $bd
delete_CkEcc $ecdsa
delete_CkPrng $prng
delete_CkPublicKey $pubKey
delete_CkEcc $ecc2