(Tcl) PKCS7 Sign Text using RSA 2048, SHA256, Base64 Output

Demonstrates how to sign text using 2048-bit RSA with SHA256, producing PKCS#7 output in Base64. The certificate w/ private key used for signing is loaded from a .p12/.pfx file.

Chilkat Tcl Extension Downloads Chilkat Tcl Extension Downloads

load ./chilkat.dll

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

set cert [new_CkCert]

# Load the cert and private key.  Whatever the private key happens to be,
# such as RSA or ECC, then Chilkat will use it.  If the private key is 
# a 2048-bit RSA key, then that's what will be used..
set success [CkCert_LoadPfxFile $cert "qa_data/pfx/myCertAndKey.p12" "password"]
if {$success != 1} then {
    puts [CkCert_lastErrorText $cert]
    delete_CkCert $cert
    exit
}

set crypt [new_CkCrypt2]

set success [CkCrypt2_SetSigningCert $crypt $cert]
if {$success != 1} then {
    puts [CkCrypt2_lastErrorText $crypt]
    delete_CkCert $cert
    delete_CkCrypt2 $crypt
    exit
}

# Use SHA-256
CkCrypt2_put_HashAlgorithm $crypt "sha256"

# Hash the utf-8 byte representation of the string
CkCrypt2_put_Charset $crypt "utf-8"

# Return the result in base64
CkCrypt2_put_EncodingMode $crypt "base64"

# Sign some text..
set textToSign "This is the text to be hashed and signed."
set sigBase64 [CkCrypt2_opaqueSignStringENC $crypt $textToSign]
if {[CkCrypt2_get_LastMethodSuccess $crypt] != 1} then {
    puts [CkCrypt2_lastErrorText $crypt]
    delete_CkCert $cert
    delete_CkCrypt2 $crypt
    exit
}

puts "$sigBase64"

# The result:
# MIIS2wYJKoZIhvcNAQc ... zGeeY4Oxg==

delete_CkCert $cert
delete_CkCrypt2 $crypt