(Tcl) RSA Sign Binary Data and Verify (Recover the Original Data)

Demonstrates how to RSA sign binary data and then verify/recover the original data.

Note: This example uses methods introduced in Chilkat v9.5.0.77.

Chilkat Tcl Extension Downloads Chilkat Tcl Extension Downloads

load ./chilkat.dll

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

# Load an RSA private key for signing.
set privKey [new_CkPrivateKey]

set success [CkPrivateKey_LoadEncryptedPemFile $privKey "qa_data/pem/rsa_passwd.pem" "passwd"]
if {$success != 1} then {
    puts [CkPrivateKey_lastErrorText $privKey]
    delete_CkPrivateKey $privKey
    exit
}

set rsa [new_CkRsa]

CkRsa_ImportPrivateKeyObj $rsa $privKey

# We have some binary data (in hex) to sign
set originalData "0102030405060708090A"
set bd [new_CkBinData]

CkBinData_AppendEncoded $bd $originalData "hex"

# If successful, the contents of bd are replaced with the RSA signature.
set success [CkRsa_OpenSslSignBd $rsa $bd]
if {$success != 1} then {
    puts [CkRsa_lastErrorText $rsa]
    delete_CkPrivateKey $privKey
    delete_CkRsa $rsa
    delete_CkBinData $bd
    exit
}

# Show the RSA signature in base64
puts [CkBinData_getEncoded $bd base64]

# ------------------------------------------
# Get the public key from the private key
# pubKey is a CkPublicKey
set pubKey [CkPrivateKey_GetPublicKey $privKey]

# Verify the signature and extract the original data.
set rsa2 [new_CkRsa]

CkRsa_ImportPublicKeyObj $rsa2 $pubKey

set bVerified [CkRsa_OpenSslVerifyBd $rsa2 $bd]
puts "signature verified: $bVerified"

# Show the original data:
puts "original data: [CkBinData_getEncoded $bd hex]"

delete_CkPublicKey $pubKey


delete_CkPrivateKey $privKey
delete_CkRsa $rsa
delete_CkBinData $bd
delete_CkRsa $rsa2