Tcl
Tcl
RSA Encrypt Randomly Generated AES Key
See more RSA Examples
Demonstrates how to RSA encrypt a randomly generated AES key.Chilkat Tcl Downloads
load ./chilkat.dll
set success 0
# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
# First generate a 256-bit AES key (32 bytes).
set prng [new_CkPrng]
set bdAesKey [new_CkBinData]
set success [CkPrng_GenRandomBd $prng 32 $bdAesKey]
# Use a public key from a certificate for RSA encryption.
set cert [new_CkCert]
set success [CkCert_LoadFromFile $cert "qa_data/pem/mf_public_rsa.pem"]
if {$success == 0} then {
puts [CkCert_lastErrorText $cert]
delete_CkPrng $prng
delete_CkBinData $bdAesKey
delete_CkCert $cert
exit
}
set pubKey [new_CkPublicKey]
CkCert_GetPublicKey $cert $pubKey
set rsa [new_CkRsa]
set success [CkRsa_UsePublicKey $rsa $pubKey]
if {$success == 0} then {
puts [CkRsa_lastErrorText $rsa]
delete_CkPrng $prng
delete_CkBinData $bdAesKey
delete_CkCert $cert
delete_CkPublicKey $pubKey
delete_CkRsa $rsa
exit
}
# RSA encrypt our 32-byte AES key.
# The contents of bdAesKey are replaced with result of the RSA encryption.
set success [CkRsa_EncryptBd $rsa $bdAesKey 0]
if {$success == 0} then {
puts [CkRsa_lastErrorText $rsa]
delete_CkPrng $prng
delete_CkBinData $bdAesKey
delete_CkCert $cert
delete_CkPublicKey $pubKey
delete_CkRsa $rsa
exit
}
# Return the result as a base64 string
set encryptedAesKey [CkBinData_getEncoded $bdAesKey "base64"]
puts "encrypted AES key = $encryptedAesKey"
delete_CkPrng $prng
delete_CkBinData $bdAesKey
delete_CkCert $cert
delete_CkPublicKey $pubKey
delete_CkRsa $rsa