(Tcl) RSA Encrypt Randomly Generated AES Key

Demonstrates how to RSA encrypt a randomly generated AES key.

Chilkat Tcl Extension Downloads Chilkat Tcl Extension Downloads

load ./chilkat.dll

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

# First generate a 256-bit AES key (32 bytes).
set prng [new_CkPrng]

set bdAesKey [new_CkBinData]

set success [CkPrng_GenRandomBd $prng 32 $bdAesKey]

# Use a public key from a certificate for RSA encryption.
set cert [new_CkCert]

set success [CkCert_LoadFromFile $cert "qa_data/pem/mf_public_rsa.pem"]
if {$success == 0} then {
    puts [CkCert_lastErrorText $cert]
    delete_CkPrng $prng
    delete_CkBinData $bdAesKey
    delete_CkCert $cert
    exit
}

# pubKey is a CkPublicKey
set pubKey [CkCert_ExportPublicKey $cert]
if {[CkCert_get_LastMethodSuccess $cert] != 1} then {
    puts [CkCert_lastErrorText $cert]
    delete_CkPrng $prng
    delete_CkBinData $bdAesKey
    delete_CkCert $cert
    exit
}

set rsa [new_CkRsa]

set success [CkRsa_ImportPublicKeyObj $rsa $pubKey]
if {$success == 0} then {
    puts [CkRsa_lastErrorText $rsa]
    delete_CkPrng $prng
    delete_CkBinData $bdAesKey
    delete_CkCert $cert
    delete_CkRsa $rsa
    exit
}

delete_CkPublicKey $pubKey

# RSA encrypt our 32-byte AES key.
# The contents of bdAesKey are replaced with result of the RSA encryption.
set success [CkRsa_EncryptBd $rsa $bdAesKey 0]
if {$success == 0} then {
    puts [CkRsa_lastErrorText $rsa]
    delete_CkPrng $prng
    delete_CkBinData $bdAesKey
    delete_CkCert $cert
    delete_CkRsa $rsa
    exit
}

# Return the result as a base64 string
set encryptedAesKey [CkBinData_getEncoded $bdAesKey "base64"]

puts "encrypted AES key = $encryptedAesKey"

delete_CkPrng $prng
delete_CkBinData $bdAesKey
delete_CkCert $cert
delete_CkRsa $rsa