(Tcl) RSA Hash Binary Data and Sign (and Verify)

Demonstrates how to sign the hash of binary data. Also demonstrates how to verify the RSA signature.

Note: This example uses methods introduced in Chilkat v9.5.0.77.

Chilkat Tcl Extension Downloads Chilkat Tcl Extension Downloads

load ./chilkat.dll

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

# Load an RSA private key for signing.
set privKey [new_CkPrivateKey]

set success [CkPrivateKey_LoadEncryptedPemFile $privKey "qa_data/pem/rsa_passwd.pem" "passwd"]
if {$success != 1} then {
    puts [CkPrivateKey_lastErrorText $privKey]
    delete_CkPrivateKey $privKey
    exit
}

set rsa [new_CkRsa]

CkRsa_ImportPrivateKeyObj $rsa $privKey

# We have some binary data (in hex) to sign
set originalData "0102030405060708090A"
set bdData [new_CkBinData]

CkBinData_AppendEncoded $bdData $originalData "hex"

# Hash (SHA-256) and sign the hash:
set bdSignature [new_CkBinData]

set success [CkRsa_SignBd $rsa $bdData "sha256" $bdSignature]
if {$success != 1} then {
    puts [CkRsa_lastErrorText $rsa]
    delete_CkPrivateKey $privKey
    delete_CkRsa $rsa
    delete_CkBinData $bdData
    delete_CkBinData $bdSignature
    exit
}

# Show the RSA signature in base64
puts [CkBinData_getEncoded $bdSignature base64]

# ------------------------------------------
# Get the public key from the private key
# pubKey is a CkPublicKey
set pubKey [CkPrivateKey_GetPublicKey $privKey]

# Verify the signature..
set rsa2 [new_CkRsa]

CkRsa_ImportPublicKeyObj $rsa2 $pubKey

set bVerified [CkRsa_VerifyBd $rsa2 $bdData "sha256" $bdSignature]
puts "signature verified: $bVerified"

delete_CkPublicKey $pubKey


delete_CkPrivateKey $privKey
delete_CkRsa $rsa
delete_CkBinData $bdData
delete_CkBinData $bdSignature
delete_CkRsa $rsa2