Sample code for 30+ languages & platforms
Tcl

RSA-OAEP with SHA256 hashing

See more RSA Examples

RSA encrypt a SHA256 hash with OAEP padding.

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

set pubkey [new_CkPublicKey]

set sbPem [new_CkStringBuilder]

set bCrlf 1
CkStringBuilder_AppendLine $sbPem "-----BEGIN PUBLIC KEY-----" $bCrlf
CkStringBuilder_AppendLine $sbPem "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA33TqqLR3eeUmDtHS89qF" $bCrlf
CkStringBuilder_AppendLine $sbPem "3p4MP7Wfqt2Zjj3lZjLjjCGDvwr9cJNlNDiuKboODgUiT4ZdPWbOiMAfDcDzlOxA" $bCrlf
CkStringBuilder_AppendLine $sbPem "04DDnEFGAf+kDQiNSe2ZtqC7bnIc8+KSG/qOGQIVaay4Ucr6ovDkykO5Hxn7OU7s" $bCrlf
CkStringBuilder_AppendLine $sbPem "Jp9TP9H0JH8zMQA6YzijYH9LsupTerrY3U6zyihVEDXXOv08vBHk50BMFJbE9iwF" $bCrlf
CkStringBuilder_AppendLine $sbPem "wnxCsU5+UZUZYw87Uu0n4LPFS9BT8tUIvAfnRXIEWCha3KbFWmdZQZlyrFw0buUE" $bCrlf
CkStringBuilder_AppendLine $sbPem "f0YN3/Q0auBkdbDR/ES2PbgKTJdkjc/rEeM0TxvOUf7HuUNOhrtAVEN1D5uuxE1W" $bCrlf
CkStringBuilder_AppendLine $sbPem "SwIDAQAB" $bCrlf
CkStringBuilder_AppendLine $sbPem "-----END PUBLIC KEY-----" $bCrlf

# Load the public key object from the PEM. 
set success [CkPublicKey_LoadFromString $pubkey [CkStringBuilder_getAsString $sbPem]]
if {$success == 0} then {
    puts [CkPublicKey_lastErrorText $pubkey]
    delete_CkPublicKey $pubkey
    delete_CkStringBuilder $sbPem
    exit
}

# Build a small string to encrypt
set json [new_CkJsonObject]

CkJsonObject_UpdateString $json "example" "123"
CkJsonObject_UpdateString $json "hello" "world"
puts [CkJsonObject_emit $json]

# This is the JSON to be RSA encrypted:  {"example":"123","hello":"world"}

# IMPORTANT: RSA encryption is only used to encrypt small amounts of data.
# RSA is only able to encrypt data to a maximum amount of your key size (2048 bits = 256 bytes) 
# minus padding / header data (11 bytes for PKCS#1 v1.5 padding, 42 bytes for OAEP).
# As a result it is often not possible to encrypt files with RSA directly. 
# RSA is also not meant for this purpose. 
# 
# If you want to encrypt more data, you can use something like:
# 1) Generate a 256-bit random keystring K
# 2) Encrypt your data with AES-CBC with K
# 3) Encrypt K with RSA
# 4) Send both to the other side 

set rsa [new_CkRsa]

CkRsa_put_PkcsPadding $rsa 0
CkRsa_put_OaepHash $rsa "SHA-256"
CkRsa_UsePublicKey $rsa $pubkey
CkRsa_put_EncodingMode $rsa "base64"

# Note: The OAEP padding uses random bytes in the padding, and therefore each time encryption happens,
# even using the same data and key, the result will be different --  but still valid.  One should not expect
# to get the same output.
set bUsePrivateKey 0
set encryptedStr [CkRsa_encryptStringENC $rsa [CkJsonObject_emit $json] $bUsePrivateKey]
if {[CkRsa_get_LastMethodSuccess $rsa] == 0} then {
    puts [CkRsa_lastErrorText $rsa]
    delete_CkPublicKey $pubkey
    delete_CkStringBuilder $sbPem
    delete_CkJsonObject $json
    delete_CkRsa $rsa
    exit
}

puts "Result: $encryptedStr"

delete_CkPublicKey $pubkey
delete_CkStringBuilder $sbPem
delete_CkJsonObject $json
delete_CkRsa $rsa