|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(Tcl) RSASSA-PSS Sign String to Create Base64 PCKS7 SignatureSigns a string to create a PKCS7 signature in the base64 encoding. The signature algorithm is RSASSA-PSS with SHA256. Note: This example requires Chilkat v9.5.0.67 or greater.
load ./chilkat.dll # This example requires the Chilkat Crypt API to have been previously unlocked. # See Unlock Chilkat Crypt for sample code. set crypt [new_CkCrypt2] # Get a digital certificate with private key from a .pfx # (Chilkat has many different ways to provide a cert + private key for siging. # Using a PFX is just one possible option.) set pfx [new_CkPfx] set success [CkPfx_LoadPfxFile $pfx "qa_data/rsassa-pss/privatekey.pfx" "PFX_PASSWORD"] if {$success != 1} then { puts [CkPfx_lastErrorText $pfx] delete_CkCrypt2 $crypt delete_CkPfx $pfx exit } # Get the certificate to be used for signing. # (The typical case for a PFX is that it contains a cert with an associated private key, # as well as other certificates in the chain of authentication. The cert with the private # key should be in the first position at index 0.) # cert is a CkCert set cert [CkPfx_GetCert $pfx 0] if {[CkPfx_get_LastMethodSuccess $pfx] != 1} then { puts [CkPfx_lastErrorText $pfx] delete_CkCrypt2 $crypt delete_CkPfx $pfx exit } CkCrypt2_SetSigningCert $crypt $cert # Indicate that RSASSA-PSS with SHA256 should be used. CkCrypt2_put_SigningAlg $crypt "pss" CkCrypt2_put_HashAlgorithm $crypt "sha256" CkCrypt2_put_EncodingMode $crypt "base64" # Sign a string and return the base64 PKCS7 detached signature set originalText "This is a test" set pkcs7sig [CkCrypt2_signStringENC $crypt $originalText] puts "Detached Signature:" puts "$pkcs7sig" # This signature looks like this: # MIIG5wYJKoZIhvcNAQcCoIIG2DCCBtQCAQExDzANBgl .. YToLqEwTdU87ox5g7rvw== # The ASN.1 of the signature can be examined by browsing to https://lapo.it/asn1js/ , # then copy-and-paste the Base64 signature into the form and decode.. # The signature can be verified against the original data like this: set success [CkCrypt2_VerifyStringENC $crypt $originalText $pkcs7sig] puts "Signature verified: $success" set success [CkCrypt2_VerifyStringENC $crypt "Not the original text" $pkcs7sig] puts "Signature verified: $success" # Now we'll create an opaque signature (the opposite of a detached signature). # An opaque signature is a PKCS7 message that contains both the original data and # the signature. The verification process extracts the original data. set opaqueSig [CkCrypt2_opaqueSignStringENC $crypt $originalText] puts "Opaque Signature:" puts "$opaqueSig" # The ASN.1 of the signature can be examined by browsing to https://lapo.it/asn1js/ , # then copy-and-paste the Base64 signature into the form and decode.. # We can verify and extract the original data: set origTxt [CkCrypt2_opaqueVerifyStringENC $crypt $opaqueSig] if {[CkCrypt2_get_LastMethodSuccess $crypt] != 1} then { puts "Signature verification failed." puts [CkCrypt2_lastErrorText $crypt] delete_CkCert $cert delete_CkCrypt2 $crypt delete_CkPfx $pfx exit } puts "Signature verified." puts "Extracted text:$origTxt" delete_CkCert $cert delete_CkCrypt2 $crypt delete_CkPfx $pfx |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.