Sample code for 30+ languages & platforms
Tcl

RSA Signature with Certificate's Private Key from PFX

See more RSA Examples

Demonstrates how to use a certificate's private key from a PFX file to create an RSA signature.

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

# Create an instance of a certificate store object, load a PFX file,
# locate the certificate we need, and use it for signing.
# (a PFX file may contain more than one certificate.)
set certStore [new_CkCertStore]

# The 1st argument is the filename, the 2nd arg is the 
# PFX file's password:
set success [CkCertStore_LoadPfxFile $certStore "chilkat.pfx" "test"]
if {$success == 0} then {
    puts [CkCertStore_lastErrorText $certStore]
    delete_CkCertStore $certStore
    exit
}

# Find the certificate by the subject common name:
set jsonCN [new_CkJsonObject]

CkJsonObject_UpdateString $jsonCN "CN" "cert common name"

set cert [new_CkCert]

set success [CkCertStore_FindCert $certStore $jsonCN $cert]
if {$success == 0} then {
    puts [CkCertStore_lastErrorText $certStore]
    delete_CkCertStore $certStore
    delete_CkJsonObject $jsonCN
    delete_CkCert $cert
    exit
}

set privKey [new_CkPrivateKey]

set success [CkCert_GetPrivateKey $cert $privKey]
if {$success == 0} then {
    puts [CkCert_lastErrorText $cert]
    delete_CkCertStore $certStore
    delete_CkJsonObject $jsonCN
    delete_CkCert $cert
    delete_CkPrivateKey $privKey
    exit
}

set rsa [new_CkRsa]

set success [CkRsa_UsePrivateKey $rsa $privKey]
if {$success == 0} then {
    puts [CkRsa_lastErrorText $rsa]
    delete_CkCertStore $certStore
    delete_CkJsonObject $jsonCN
    delete_CkCert $cert
    delete_CkPrivateKey $privKey
    delete_CkRsa $rsa
    exit
}

# Encode the signature as a hex string
CkRsa_put_EncodingMode $rsa "hex"

set strData "This is the string to be signed."

# Sign the string using the sha-1 hash algorithm.
# Other valid choices are "sha-256", "md2" and "md5".
set hexSig [CkRsa_signStringENC $rsa $strData "sha-1"]

puts "$hexSig"

puts "Success!"

delete_CkCertStore $certStore
delete_CkJsonObject $jsonCN
delete_CkCert $cert
delete_CkPrivateKey $privKey
delete_CkRsa $rsa