Rsa C Library Reference
Rsa
RSA encryption C library / library. Encrypt and decrypt byte arrays and strings. Generate public/private key pairs from 384 to 4096 bits in length. Import and export RSA keys. Import keys from SNK files. Input/output in raw binary, base64, hex encoding, quoted-printable, URL-encoding, etc.
Create/Dispose
HCkRsa CkRsa_Create(void);
Creates an instance of the CkRsa object and returns a handle (i.e. a "void *" pointer). The handle is passed in the 1st argument for the functions listed on this page.
void CkRsa_Dispose(HCkRsa handle);
Objects created by calling CkRsa_Create must be freed by calling this method. A memory leak occurs if a handle is not disposed by calling this function.
C "Properties"
void CkRsa_getCharset(HCkRsa cHandle, HCkString retval);
void CkRsa_putCharset(HCkRsa cHandle, const char *newVal);
This property only applies when encrypting, decrypting, signing, or verifying signatures for strings. When encrypting strings, the input string is first converted to this charset before encrypting.
When decrypting, the decrypted data is interpreted as a string with this charset encoding and converted to the appropriate return. For example, ActiveX's returning strings always return Unicode (2 bytes/char). Java strings are utf-8. Chilkat C++ strings are ANSI or utf-8. .NET strings are Unicode.
When signing string data, the input string is first converted to this charset before being hashed and signed. When verifying the signature for string data, the input string is first converted to this charset before the verification process begins.
void CkRsa_getEncodingMode(HCkRsa cHandle, HCkString retval);
void CkRsa_putEncodingMode(HCkRsa cHandle, const char *newVal);
Encoding mode to be used in methods ending in "ENC", such as EncryptStringENC. Valid EncodingModes are "base64", "hex", "url", or "quoted-printable" (or "qp"). Encryption methods ending in "ENC" will return encrypted data as a string encoded according to this property's value. Decryption methods ending in "ENC" accept an encoded string as specified by this property. The string is first decoded and then decrypted. The default value is "base64".
This property also applies to the "ENC" methods for creating and verifying digital signatures.
void CkRsa_getLastErrorHtml(HCkRsa cHandle, HCkString retval);
Error information in HTML format for the last method called.
void CkRsa_getLastErrorText(HCkRsa cHandle, HCkString retval);
Error information in plain-text format for the last method called.
void CkRsa_getLastErrorXml(HCkRsa cHandle, HCkString retval);
Error information in XML format for the last method called.
BOOL CkRsa_getLittleEndian(HCkRsa cHandle);
void CkRsa_putLittleEndian(HCkRsa cHandle, BOOL newVal);
The default value is true, which means that signatures and encrypted output will be created using the little-endian byte ordering, which is what Microsoft's Crypto API produces. To produce big-endian output, set the property equal to false. Chilkat RSA is capable of reading and verifying either little-endian or big-endian signatures, regardless of this setting. When decrypting, this property's value must match the byte ordering used when encrypting.
long CkRsa_getNumBits(HCkRsa cHandle);
The number of bits of the key generated or imported into this RSA encryption object. Keys ranging in size from 384 bits to 4096 bits can be generated by calling GenerateKey. A public or private key may be imported by calling ImportPublicKey or ImportPrivateKey. A key must be available either via GenerateKey or import before any of the encrypt/decrypt methods may be called.
BOOL CkRsa_getOaepPadding(HCkRsa cHandle);
void CkRsa_putOaepPadding(HCkRsa cHandle, BOOL newVal);
Controls whether Optimal Asymmetric Encryption Padding (OAEP) is used for the padding scheme (for encrypting/decrypting). If set to false, PKCS1 v1.5 padding is used. If set to true, PKCS1 v2.0 (OAEP) padding is used.
When creating digital signatures, this property controls whether RSA-PSS or PKCS1 v1.5 is used. If true, then the RSA-PSS signature scheme is used.
BOOL CkRsa_getUtf8(HCkRsa cHandle);
void CkRsa_putUtf8(HCkRsa cHandle, BOOL newVal);
When set to true, all "const char *" arguments are expected to be utf-8 strings. If set to false, the "const char *" arguments are expected to be ANSI strings.
void CkRsa_getVersion(HCkRsa cHandle, HCkString retval);
Returns the version of the component as a string, such as "2.0.0".
C "Methods"
BOOL CkRsa_DecryptBytes(HCkRsa cHandle, HCkByteData bData, BOOL bUsePrivateKey, HCkByteData out);
Decrypts byte data using the RSA encryption algorithm. usePrivateKey should be set to true if the private key is to be used for decrypting. Otherwise it should be set to false if the public key is to be used for decrypting.
Important: If trying to match OpenSSL results, set the LittleEndian property = false.
BOOL CkRsa_DecryptBytesENC(HCkRsa cHandle, const char *str, BOOL bUsePrivateKey, HCkByteData out);
Same as DecryptBytes, except the input is an encoded string. The encoding is specified by the EncodingMode property, which can have values such as "base64", "hex", "quoted-printable", "url", etc.
Important: If trying to match OpenSSL results, set the LittleEndian property = false.
BOOL CkRsa_DecryptString(HCkRsa cHandle, HCkByteData bData, BOOL bUsePrivateKey, HCkString out);
Decrypts encrypted string data and returns an unencrypted string. usePrivateKey should be set to true if the private key is to be used for decrypting. Otherwise it should be set to false if the public key is to be used. The Charset property controls how the component interprets the decrypted string. Depending on the programming language, strings are returned to the application as Unicode, utf-8, or ANSI. Internal to DecryptString, the decrypted string is automatically converted from the charset specified by the Charset property to the encoding required by the calling programming language.
Important: If trying to match OpenSSL results, set the LittleEndian property = false.
BOOL CkRsa_DecryptStringENC(HCkRsa cHandle, const char *str, BOOL bUsePrivateKey, HCkString out);
Same as DecryptString, except the input is an encoded string. The encoding is specified by the EncodingMode property, which can have values such as "base64", "hex", "quoted-printable", "url", etc.
Important: If trying to match OpenSSL results, set the LittleEndian property = false.
BOOL CkRsa_EncryptBytes(HCkRsa cHandle, HCkByteData bData, BOOL bUsePrivateKey, HCkByteData out);
Encrypts byte data using the RSA encryption algorithm. usePrivateKey should be set to true if the private key is to be used for encrypting. Otherwise it should be set to false if the public key is to be used for encrypting.
Important: If trying to match OpenSSL results, set the LittleEndian property = false.
BOOL CkRsa_EncryptBytesENC(HCkRsa cHandle, HCkByteData bData, BOOL bUsePrivateKey, HCkString out);
Same as EncryptBytes, except the output is an encoded string. The encoding is specified by the EncodingMode property, which can have values such as "base64", "hex", "quoted-printable", "url", etc.
Important: If trying to match OpenSSL results, set the LittleEndian property = false.
BOOL CkRsa_EncryptString(HCkRsa cHandle, const char *str, BOOL bUsePrivateKey, HCkByteData out);
Encrypts a string using the RSA encryption algorithm. usePrivateKey should be set to true if the private key is to be used for encrypting. Otherwise it should be set to false if the public key is to be used for encrypting. The string is first converted (if necessary) to the character encoding specified by the Charset property before encrypting. The encrypted bytes are returned.
Important: If trying to match OpenSSL results, set the LittleEndian property = false.
BOOL CkRsa_EncryptStringENC(HCkRsa cHandle, const char *str, BOOL bUsePrivateKey, HCkString out);
Same as EncryptString, except the output is an encoded string. The encoding is specified by the EncodingMode property, which can have values such as "base64", "hex", "quoted-printable", "url", etc.
Important: If trying to match OpenSSL results, set the LittleEndian property = false.
BOOL CkRsa_ExportPrivateKey(HCkRsa cHandle, HCkString strXml);
Exports the private-key of an RSA key pair to XML format. This is typically called after generating a new RSA key via the GenerateKey method.
BOOL CkRsa_ExportPublicKey(HCkRsa cHandle, HCkString strXml);
Exports the public-key of an RSA key pair to XML format. This is typically called after generating a new RSA key via the GenerateKey method.
BOOL CkRsa_GenerateKey(HCkRsa cHandle, int numBits);
Generates a new RSA public/private key pair. The number of bits can range from 384 to 4096. Typical key lengths are 1024 or 2048 bits. After successful generation, the public/private parts of the key can be exported to XML via the ExportPrivateKey and ExportPublicKey methods. Returns TRUE for success, FALSE for failure.
BOOL CkRsa_ImportPrivateKey(HCkRsa cHandle, const char *strXml);
Imports a private key from XML format. After successful import, the private key can be used to encrypt or decrypt. A private key (by definition) contains both private and public parts. This is because the public key consist of modulus and exponent. The private key consists of modulus, exponent, P, Q, DP, DQ, InverseQ, and D:
<RSAKeyValue>
<Modulus>...</Modulus>
<Exponent>...</Exponent>
<P>...</P>
<Q>...</Q>
<DP>...</DP>
<DQ>...</DQ>
<InverseQ>...</InverseQ>
<D>...</D>
</RSAKeyValue>
Important: The Rsa object can contain either a private key or a public key, but not both. Importing a private key overwrites the existing key regardless of whether the type of key is public or private. Returns TRUE for success, FALSE for failure.
BOOL CkRsa_ImportPublicKey(HCkRsa cHandle, const char *strXml);
Imports a public key from XML format. After successful import, the public key can be used to encrypt or decrypt.
Note: Importing a public key overwrites the key that is currently contained in this object - even if it's a private key.
A public key consists of modulus and exponent:
<RSAKeyValue>
<Modulus>...</Modulus>
<Exponent>...</Exponent>
</RSAKeyValue>
Important: The Rsa object can contain either a private key or a public key, but not both. Importing a private key overwrites the existing key regardless of whether the type of key is public or private. Returns TRUE for success, FALSE for failure.
BOOL CkRsa_OpenSslSignBytes(HCkRsa cHandle, HCkByteData data, HCkByteData outBytes);
Duplicates OpenSSL's rsautl utility for creating RSA signatures. Input data consists of binary bytes, and returns the signature bytes.
BOOL CkRsa_OpenSslSignBytesENC(HCkRsa cHandle, HCkByteData data, HCkString outStr);
Duplicates OpenSSL's rsautl utility for creating RSA signatures. Input data consists of binary bytes, and returns the signature as a string encoded according to the EncodingMode property (base64, hex, etc.).
BOOL CkRsa_OpenSslSignString(HCkRsa cHandle, const char *str, HCkByteData outBytes);
Duplicates OpenSSL's rsautl utility for creating RSA signatures. Input data is a string, and returns the signature bytes.
BOOL CkRsa_OpenSslSignStringENC(HCkRsa cHandle, const char *str, HCkString outStr);
Duplicates OpenSSL's rsautl utility for creating RSA signatures. Input data is a string, and returns the signature as a string encoded according to the EncodingMode property (base64, hex, etc.).
BOOL CkRsa_OpenSslVerifyBytes(HCkRsa cHandle, HCkByteData signature, HCkByteData outBytes);
Duplicates OpenSSL's rsautl utility for verifying RSA signatures and recovering the original data. Input data consists of the raw signature bytes and returns the original bytes.
BOOL CkRsa_OpenSslVerifyBytesENC(HCkRsa cHandle, const char *str, HCkByteData outBytes);
Duplicates OpenSSL's rsautl utility for verifying RSA signatures and recovering the original data. Input data is a signature string encoded according to the EncodingMode property (base64, hex, etc.). Returns the original bytes.
BOOL CkRsa_OpenSslVerifyString(HCkRsa cHandle, HCkByteData data, HCkString outStr);
Duplicates OpenSSL's rsautl utility for verifying RSA signatures and recovering the original data. Input data consists of the raw signature bytes and returns the original string.
BOOL CkRsa_OpenSslVerifyStringENC(HCkRsa cHandle, const char *str, HCkString outStr);
Duplicates OpenSSL's rsautl utility for verifying RSA signatures and recovering the original data. Input data is a signature string encoded according to the EncodingMode property (base64, hex, etc.). Returns the original string.
BOOL CkRsa_SaveLastError(HCkRsa cHandle, const char *filename);
Saves the last error information to an XML formatted file.
BOOL CkRsa_SignBytes(HCkRsa cHandle, HCkByteData bData, const char *hashAlg, HCkByteData out);
Creates an RSA digital signature by hashing binaryData and then signing the hash. The hash algorithm is specified by hashAlgorithm, which may be "SHA-1", "MD5", "MD2", "SHA-256", "SHA-384", or "SHA-512". The recommended hash algorithm is "SHA-1".
Important: If trying to match OpenSSL results, set the LittleEndian property = false.
A private key is required to create a digital signature.
An error is indicated when a byte array of 0 length is returned.
BOOL CkRsa_SignBytesENC(HCkRsa cHandle, HCkByteData bData, const char *hashAlg, HCkString out);
Creates an RSA digital signature by hashing binaryData and then signing the hash. The hash algorithm is specified by hashAlgorithm, which may be "SHA-1", "MD5", "MD2", "SHA-256", "SHA-384", or "SHA-512". The recommended hash algorithm is "SHA-1". The digital signature is returned as an encoded string, where the encoding is specified by the EncodingMode property.
Important: If trying to match OpenSSL results, set the LittleEndian property = false.
A private key is required to create a digital signature.
An error is indicated when null reference is returned.
BOOL CkRsa_SignString(HCkRsa cHandle, const char *str, const char *hashAlg, HCkByteData out);
Creates an RSA digital signature by hashing strToBeHashed and then signing the hash. The hash algorithm is specified by hashAlgorithm, which may be "SHA-1", "MD5", "MD2", "SHA-256", "SHA-384", or "SHA-512". The recommended hash algorithm is "SHA-1".
Important: If trying to match OpenSSL results, set the LittleEndian property = false.
A private key is required to create a digital signature.
An error is indicated when a byte array of 0 length is returned.
BOOL CkRsa_SignStringENC(HCkRsa cHandle, const char *str, const char *hashAlg, HCkString out);
Creates an RSA digital signature by hashing strToBeHashed and then signing the hash. The hash algorithm is specified by hashAlgorithm, which may be "SHA-1", "MD5", "MD2", "SHA-256", "SHA-384", or "SHA-512". The recommended hash algorithm is "SHA-1". The digital signature is returned as an encoded string, where the encoding is specified by the EncodingMode property.
Important: If trying to match OpenSSL results, set the LittleEndian property = false.
A private key is required to create a digital signature.
An error is indicated when null reference is returned.
BOOL CkRsa_SnkToXml(HCkRsa cHandle, const char *filename, HCkString strXml);
Imports a .snk file to an XML document that can be imported via the ImportPrivateKey method. Returns TRUE for success, FALSE for failure.
BOOL CkRsa_UnlockComponent(HCkRsa cHandle, const char *unlockCode);
Unlocks the component. This must be called once prior to calling any other method. Returns TRUE for success, FALSE for failure.
BOOL CkRsa_VerifyBytes(HCkRsa cHandle, HCkByteData bData, const char *hashAlg, HCkByteData sigData);
Verifies an RSA digital signature. Returns true if the signature is valid for the originalData. The hashAlgorithm may be "SHA-1", "MD5", "MD2", "SHA-256", "SHA-384", or "SHA-512". The recommended hash algorithm is "SHA-1".
BOOL CkRsa_VerifyBytesENC(HCkRsa cHandle, HCkByteData bData, const char *hashAlg, const char *encodedSig);
Verifies an RSA digital signature. Returns true if the signature is valid for the originalData. The hashAlgorithm may be "SHA-1", "MD5", "MD2", "SHA-256", "SHA-384", or "SHA-512". The recommended hash algorithm is "SHA-1".
The encodedSig is a digital signature encoded according to the EncodingMode property (i.e. base64, hex, etc.).
BOOL CkRsa_VerifyPrivateKey(HCkRsa cHandle, const char *xml);
To be documented soon. Returns TRUE for success, FALSE for failure.
BOOL CkRsa_VerifyString(HCkRsa cHandle, const char *str, const char *hashAlg, HCkByteData sigData);
Verifies an RSA digital signature. Returns true if the signature is valid for the originalString. The hashAlgorithm may be "SHA-1", "MD5", "MD2", "SHA-256", "SHA-384", or "SHA-512". The recommended hash algorithm is "SHA-1".
BOOL CkRsa_VerifyStringENC(HCkRsa cHandle, const char *str, const char *hashAlg, const char *sig);
Verifies an RSA digital signature. Returns true if the signature is valid for the originalString. The hashAlgorithm may be "SHA-1", "MD5", "MD2", "SHA-256", "SHA-384", or "SHA-512". The recommended hash algorithm is "SHA-1".
The encodedSig is a digital signature encoded according to the EncodingMode property (i.e. base64, hex, etc.).
const char *CkRsa_charset(HCkRsa cHandle);
This property only applies when encrypting, decrypting, signing, or verifying signatures for strings. When encrypting strings, the input string is first converted to this charset before encrypting.
When decrypting, the decrypted data is interpreted as a string with this charset encoding and converted to the appropriate return. For example, ActiveX's returning strings always return Unicode (2 bytes/char). Java strings are utf-8. Chilkat C++ strings are ANSI or utf-8. .NET strings are Unicode.
When signing string data, the input string is first converted to this charset before being hashed and signed. When verifying the signature for string data, the input string is first converted to this charset before the verification process begins.
const char *CkRsa_decryptString(HCkRsa cHandle, const char *bytes, int numBytes, BOOL bUsePrivateKey);
Decrypts encrypted string data and returns an unencrypted string. usePrivateKey should be set to true if the private key is to be used for decrypting. Otherwise it should be set to false if the public key is to be used. The Charset property controls how the component interprets the decrypted string. Depending on the programming language, strings are returned to the application as Unicode, utf-8, or ANSI. Internal to DecryptString, the decrypted string is automatically converted from the charset specified by the Charset property to the encoding required by the calling programming language.
Important: If trying to match OpenSSL results, set the LittleEndian property = false.
const char *CkRsa_decryptStringENC(HCkRsa cHandle, const char *str, BOOL bUsePrivateKey);
Same as DecryptString, except the input is an encoded string. The encoding is specified by the EncodingMode property, which can have values such as "base64", "hex", "quoted-printable", "url", etc.
Important: If trying to match OpenSSL results, set the LittleEndian property = false.
const char *CkRsa_encodingMode(HCkRsa cHandle);
Encoding mode to be used in methods ending in "ENC", such as EncryptStringENC. Valid EncodingModes are "base64", "hex", "url", or "quoted-printable" (or "qp"). Encryption methods ending in "ENC" will return encrypted data as a string encoded according to this property's value. Decryption methods ending in "ENC" accept an encoded string as specified by this property. The string is first decoded and then decrypted. The default value is "base64".
This property also applies to the "ENC" methods for creating and verifying digital signatures.
const char *CkRsa_encryptBytesENC(HCkRsa cHandle, const char *bytes, int numBytes, BOOL bUsePrivateKey);
Same as EncryptBytes, except the output is an encoded string. The encoding is specified by the EncodingMode property, which can have values such as "base64", "hex", "quoted-printable", "url", etc.
Important: If trying to match OpenSSL results, set the LittleEndian property = false.
const char *CkRsa_encryptStringENC(HCkRsa cHandle, const char *str, BOOL bUsePrivateKey);
Same as EncryptString, except the output is an encoded string. The encoding is specified by the EncodingMode property, which can have values such as "base64", "hex", "quoted-printable", "url", etc.
Important: If trying to match OpenSSL results, set the LittleEndian property = false.
const char *CkRsa_exportPrivateKey(HCkRsa cHandle);
Exports the private-key of an RSA key pair to XML format. This is typically called after generating a new RSA key via the GenerateKey method.
const char *CkRsa_exportPublicKey(HCkRsa cHandle);
Exports the public-key of an RSA key pair to XML format. This is typically called after generating a new RSA key via the GenerateKey method.
const char *CkRsa_lastErrorHtml(HCkRsa cHandle);
Error information in HTML format for the last method called.
const char *CkRsa_lastErrorText(HCkRsa cHandle);
Error information in plain-text format for the last method called.
const char *CkRsa_lastErrorXml(HCkRsa cHandle);
Error information in XML format for the last method called.
const char *CkRsa_openSslSignBytesENC(HCkRsa cHandle, HCkByteData data);
Duplicates OpenSSL's rsautl utility for creating RSA signatures. Input data consists of binary bytes, and returns the signature as a string encoded according to the EncodingMode property (base64, hex, etc.).
const char *CkRsa_openSslSignStringENC(HCkRsa cHandle, const char *str);
Duplicates OpenSSL's rsautl utility for creating RSA signatures. Input data is a string, and returns the signature as a string encoded according to the EncodingMode property (base64, hex, etc.).
const char *CkRsa_openSslVerifyString(HCkRsa cHandle, HCkByteData data);
Duplicates OpenSSL's rsautl utility for verifying RSA signatures and recovering the original data. Input data consists of the raw signature bytes and returns the original string.
const char *CkRsa_openSslVerifyStringENC(HCkRsa cHandle, const char *str);
Duplicates OpenSSL's rsautl utility for verifying RSA signatures and recovering the original data. Input data is a signature string encoded according to the EncodingMode property (base64, hex, etc.). Returns the original string.
const char *CkRsa_signBytesENC(HCkRsa cHandle, HCkByteData bData, const char *hashAlg);
Creates an RSA digital signature by hashing binaryData and then signing the hash. The hash algorithm is specified by hashAlgorithm, which may be "SHA-1", "MD5", "MD2", "SHA-256", "SHA-384", or "SHA-512". The recommended hash algorithm is "SHA-1". The digital signature is returned as an encoded string, where the encoding is specified by the EncodingMode property.
Important: If trying to match OpenSSL results, set the LittleEndian property = false.
A private key is required to create a digital signature.
An error is indicated when null reference is returned.
const char *CkRsa_signStringENC(HCkRsa cHandle, const char *str, const char *hashAlg);
Creates an RSA digital signature by hashing strToBeHashed and then signing the hash. The hash algorithm is specified by hashAlgorithm, which may be "SHA-1", "MD5", "MD2", "SHA-256", "SHA-384", or "SHA-512". The recommended hash algorithm is "SHA-1". The digital signature is returned as an encoded string, where the encoding is specified by the EncodingMode property.
Important: If trying to match OpenSSL results, set the LittleEndian property = false.
A private key is required to create a digital signature.
An error is indicated when null reference is returned.
const char *CkRsa_snkToXml(HCkRsa cHandle, const char *filename);
Imports a .snk file to an XML document that can be imported via the ImportPrivateKey method. Returns TRUE for success, FALSE for failure.
const char *CkRsa_version(HCkRsa cHandle);
Returns the version of the component as a string, such as "2.0.0".
|