(Tcl) Verfies an RSA Signature

See more Apple Keychain Examples

Verifies an RSA signature against the original data.

Chilkat Tcl Extension Downloads Chilkat Tcl Extension Downloads

load ./chilkat.dll

# The following data was signed by the following example:
# RSA Sign using a Private Key on a USB Token or Smartcard
set bd [new_CkBinData]

for {set i 0} {$i <= 100} {incr i} {
    CkBinData_AppendEncoded $bd "000102030405060708090A0B0C0D0E0F" "hex"
}

# Load the signature
set bdSig [new_CkBinData]

set success [CkBinData_LoadFile $bdSig "rsaSignatures/test1.sig"]
if {$success == 0} then {
    puts "Failed to load the RSA signature"
    delete_CkBinData $bd
    delete_CkBinData $bdSig
    exit
}

# Get the public key to be used for signature verification.
set pubKey [new_CkPublicKey]

set success [CkPublicKey_LoadFromFile $pubKey "rsaKeys/chilkat-rsa-2048.pem"]
if {$success == 0} then {
    puts [CkPublicKey_lastErrorText $pubKey]
    delete_CkBinData $bd
    delete_CkBinData $bdSig
    delete_CkPublicKey $pubKey
    exit
}

set rsa [new_CkRsa]

CkRsa_ImportPublicKeyObj $rsa $pubKey

# Verify the hash of the data against the signature.
# We pass in the original data.  Internally, the hash is generated
# and used to validate the signature.
# Validating the RSA signature means two things:  
# (1) the original data is exactly what was signed, and 
# (2) it was signed by the owner of the RSA private key.
set success [CkRsa_VerifyBd $rsa $bd "sha256" $bdSig]

if {$success == 0} then {
    puts [CkRsa_lastErrorText $rsa]
    puts "Signature invalid."
} else {
    puts "Signature valid."
}


delete_CkBinData $bd
delete_CkBinData $bdSig
delete_CkPublicKey $pubKey
delete_CkRsa $rsa