Tcl
Tcl
RSA-OAEP with SHA256 hashing
See more RSA Examples
RSA encrypt a SHA256 hash with OAEP padding.Chilkat Tcl Downloads
load ./chilkat.dll
set success 0
# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
set pubkey [new_CkPublicKey]
set sbPem [new_CkStringBuilder]
set bCrlf 1
CkStringBuilder_AppendLine $sbPem "-----BEGIN PUBLIC KEY-----" $bCrlf
CkStringBuilder_AppendLine $sbPem "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA33TqqLR3eeUmDtHS89qF" $bCrlf
CkStringBuilder_AppendLine $sbPem "3p4MP7Wfqt2Zjj3lZjLjjCGDvwr9cJNlNDiuKboODgUiT4ZdPWbOiMAfDcDzlOxA" $bCrlf
CkStringBuilder_AppendLine $sbPem "04DDnEFGAf+kDQiNSe2ZtqC7bnIc8+KSG/qOGQIVaay4Ucr6ovDkykO5Hxn7OU7s" $bCrlf
CkStringBuilder_AppendLine $sbPem "Jp9TP9H0JH8zMQA6YzijYH9LsupTerrY3U6zyihVEDXXOv08vBHk50BMFJbE9iwF" $bCrlf
CkStringBuilder_AppendLine $sbPem "wnxCsU5+UZUZYw87Uu0n4LPFS9BT8tUIvAfnRXIEWCha3KbFWmdZQZlyrFw0buUE" $bCrlf
CkStringBuilder_AppendLine $sbPem "f0YN3/Q0auBkdbDR/ES2PbgKTJdkjc/rEeM0TxvOUf7HuUNOhrtAVEN1D5uuxE1W" $bCrlf
CkStringBuilder_AppendLine $sbPem "SwIDAQAB" $bCrlf
CkStringBuilder_AppendLine $sbPem "-----END PUBLIC KEY-----" $bCrlf
# Load the public key object from the PEM.
set success [CkPublicKey_LoadFromString $pubkey [CkStringBuilder_getAsString $sbPem]]
if {$success == 0} then {
puts [CkPublicKey_lastErrorText $pubkey]
delete_CkPublicKey $pubkey
delete_CkStringBuilder $sbPem
exit
}
# Build a small string to encrypt
set json [new_CkJsonObject]
CkJsonObject_UpdateString $json "example" "123"
CkJsonObject_UpdateString $json "hello" "world"
puts [CkJsonObject_emit $json]
# This is the JSON to be RSA encrypted: {"example":"123","hello":"world"}
# IMPORTANT: RSA encryption is only used to encrypt small amounts of data.
# RSA is only able to encrypt data to a maximum amount of your key size (2048 bits = 256 bytes)
# minus padding / header data (11 bytes for PKCS#1 v1.5 padding, 42 bytes for OAEP).
# As a result it is often not possible to encrypt files with RSA directly.
# RSA is also not meant for this purpose.
#
# If you want to encrypt more data, you can use something like:
# 1) Generate a 256-bit random keystring K
# 2) Encrypt your data with AES-CBC with K
# 3) Encrypt K with RSA
# 4) Send both to the other side
set rsa [new_CkRsa]
CkRsa_put_PkcsPadding $rsa 0
CkRsa_put_OaepHash $rsa "SHA-256"
CkRsa_UsePublicKey $rsa $pubkey
CkRsa_put_EncodingMode $rsa "base64"
# Note: The OAEP padding uses random bytes in the padding, and therefore each time encryption happens,
# even using the same data and key, the result will be different -- but still valid. One should not expect
# to get the same output.
set bUsePrivateKey 0
set encryptedStr [CkRsa_encryptStringENC $rsa [CkJsonObject_emit $json] $bUsePrivateKey]
if {[CkRsa_get_LastMethodSuccess $rsa] == 0} then {
puts [CkRsa_lastErrorText $rsa]
delete_CkPublicKey $pubkey
delete_CkStringBuilder $sbPem
delete_CkJsonObject $json
delete_CkRsa $rsa
exit
}
puts "Result: $encryptedStr"
delete_CkPublicKey $pubkey
delete_CkStringBuilder $sbPem
delete_CkJsonObject $json
delete_CkRsa $rsa