Sample code for 30+ languages & platforms
Tcl

ECDSA Sign and Verify Data using Different Hash Algorithms

See more ECC Examples

Demonstrates how to create ECDSA signatures on data using different hash algorithms.

Note: This example requires Chilkat v9.5.0.85 or greater because the SignBd and VerifyBd methods were added in v9.5.0.85.

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# This example assumes the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

# First load an ECDSA private key to be used for signing.
set privKey [new_CkPrivateKey]

set success [CkPrivateKey_LoadEncryptedPemFile $privKey "qa_data/ecc/secp256r1-key-pkcs8-secret.pem" "secret"]
if {$success == 0} then {
    puts [CkPrivateKey_lastErrorText $privKey]
    delete_CkPrivateKey $privKey
    exit
}

# Load some data to be signed.
set bd [new_CkBinData]

set success [CkBinData_LoadFile $bd "qa_data/hamlet.xml"]
if {$success == 0} then {
    puts "Failed to load file to be hashed."
    delete_CkPrivateKey $privKey
    delete_CkBinData $bd
    exit
}

set ecdsa [new_CkEcc]

set prng [new_CkPrng]

# Sign the sha256 hash of the data.  Return the ECDSA signature in the base64 encoding.
puts "ECDSA signing the sha256 hash of the data..."
set sig [CkEcc_signBd $ecdsa $bd "sha256" "base64" $privKey $prng]
puts "sig = $sig"

# Verify the signature against the original data.
# (We must use the same hash algorithm that was used when signing.)

# Load the public key that corresponds to the private key used for signing.
set pubKey [new_CkPublicKey]

set success [CkPublicKey_LoadFromFile $pubKey "qa_data/ecc/secp256r1-pub.pem"]
if {$success == 0} then {
    puts [CkPublicKey_lastErrorText $pubKey]
    delete_CkPrivateKey $privKey
    delete_CkBinData $bd
    delete_CkEcc $ecdsa
    delete_CkPrng $prng
    delete_CkPublicKey $pubKey
    exit
}

set ecc2 [new_CkEcc]

set result [CkEcc_VerifyBd $ecc2 $bd "sha256" $sig "base64" $pubKey]
if {$result != 1} then {
    puts [CkEcc_lastErrorText $ecc2]
    delete_CkPrivateKey $privKey
    delete_CkBinData $bd
    delete_CkEcc $ecdsa
    delete_CkPrng $prng
    delete_CkPublicKey $pubKey
    delete_CkEcc $ecc2
    exit
}

puts "Verified!"

# ----------------------------------------------------------------------------------------
# Let's do the same thing, but with sha384 hashing...

puts "--------------------------------------------"
puts "ECDSA signing the sha384 hash of the data..."

set sig [CkEcc_signBd $ecdsa $bd "sha384" "base64" $privKey $prng]
puts "sig = $sig"

set result [CkEcc_VerifyBd $ecc2 $bd "sha384" $sig "base64" $pubKey]
if {$result != 1} then {
    puts [CkEcc_lastErrorText $ecc2]
    delete_CkPrivateKey $privKey
    delete_CkBinData $bd
    delete_CkEcc $ecdsa
    delete_CkPrng $prng
    delete_CkPublicKey $pubKey
    delete_CkEcc $ecc2
    exit
}

puts "Verified!"

delete_CkPrivateKey $privKey
delete_CkBinData $bd
delete_CkEcc $ecdsa
delete_CkPrng $prng
delete_CkPublicKey $pubKey
delete_CkEcc $ecc2