Tcl
Tcl
Verify the RSA Signature of a SHA256 Hash
See more RSA Examples
Demonstrates how to verify an RSA signature of a SHA256 hash.Chilkat Tcl Downloads
load ./chilkat.dll
set success 0
# This example assumes the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
# Let's say you have a file containing the 32-bytes of a SHA256 hash,
# and a file that is an RSA signature of those 32 bytes.
# Here's how you verify using the RSA public key found in a PEM.
set pubKey [new_CkPublicKey]
set success [CkPublicKey_LoadFromFile $pubKey "rsaPubKey.pem"]
if {$success == 0} then {
puts [CkPublicKey_lastErrorText $pubKey]
delete_CkPublicKey $pubKey
exit
}
set rsa [new_CkRsa]
# Get the public key.
set success [CkRsa_UsePublicKey $rsa $pubKey]
if {$success == 0} then {
puts [CkRsa_lastErrorText $rsa]
delete_CkPublicKey $pubKey
delete_CkRsa $rsa
exit
}
# Get the 32-byte SHA256 hash.
set bdHash [new_CkBinData]
set success [CkBinData_LoadFile $bdHash "myHash.sha256"]
if {$success == 0} then {
puts "Failed to load SHA256 hash."
delete_CkPublicKey $pubKey
delete_CkRsa $rsa
delete_CkBinData $bdHash
exit
}
# Get the RSA signature to be validated.
set bdSig [new_CkBinData]
set success [CkBinData_LoadFile $bdSig "mySig.sig"]
if {$success == 0} then {
puts "Failed to load RSA signature."
delete_CkPublicKey $pubKey
delete_CkRsa $rsa
delete_CkBinData $bdHash
delete_CkBinData $bdSig
exit
}
# Verify the signature against the SHA256 hash.
set enc "base64"
CkRsa_put_EncodingMode $rsa $enc
set success [CkRsa_VerifyHashENC $rsa [CkBinData_getEncoded $bdHash $enc] "sha256" [CkBinData_getEncoded $bdSig $enc]]
if {$success == 0} then {
puts [CkRsa_lastErrorText $rsa]
delete_CkPublicKey $pubKey
delete_CkRsa $rsa
delete_CkBinData $bdHash
delete_CkBinData $bdSig
exit
}
puts "Signature validated."
delete_CkPublicKey $pubKey
delete_CkRsa $rsa
delete_CkBinData $bdHash
delete_CkBinData $bdSig