Rsa Tcl Reference Documentation

Rsa

RSA encryption component / library. Encrypt and decrypt byte arrays and strings. Generate public/private key pairs from 384 to 4096 bits in length. Import and export RSA keys. Import keys from SNK files. Input/output in raw binary, base64, hex encoding, quoted-printable, URL-encoding, etc.

Object Creation

set myRsa [new CkRsa]

Properties

Charset (string)

# ckStr is a CkString
CkRsa_get_Charset $myRsa $ckStr
set strVal [CkRsa_get_charset $myRsa]
CkRsa_put_Charset $myRsa $strVal

This property only applies when encrypting, decrypting, signing, or verifying signatures for strings. When encrypting strings, the input string is first converted to this charset before encrypting.

When decrypting, the decrypted data is interpreted as a string with this charset encoding and converted to the appropriate return. For example, ActiveX's returning strings always return Unicode (2 bytes/char). Java strings are utf-8. Chilkat C++ strings are ANSI or utf-8. .NET strings are Unicode.

When signing string data, the input string is first converted to this charset before being hashed and signed. When verifying the signature for string data, the input string is first converted to this charset before the verification process begins.

Charset Considerations when RSA Encrypting Strings

DebugLogFilePath (string)

# ckStr is a CkString
CkRsa_get_DebugLogFilePath $myRsa $ckStr
set strVal [CkRsa_get_debugLogFilePath $myRsa]
CkRsa_put_DebugLogFilePath $myRsa $strVal

If set to a file path, causes each Chilkat method or property call to automatically append it's LastErrorText to the specified log file. The information is appended such that if a hang or crash occurs, it is possible to see the context in which the problem occurred, as well as a history of all Chilkat calls up to the point of the problem. The VerboseLogging property can be set to provide more detailed information.

This property is typically used for debugging the rare cases where a Chilkat method call hangs or generates an exception that halts program execution (i.e. crashes). A hang or crash should generally never happen. The typical causes of a hang are:

  1. a timeout related property was set to 0 to explicitly indicate that an infinite timeout is desired,
  2. the hang is actually a hang within an event callback (i.e. it is a hang within the application code), or
  3. there is an internal problem (bug) in the Chilkat code that causes the hang.

EncodingMode (string)

# ckStr is a CkString
CkRsa_get_EncodingMode $myRsa $ckStr
set strVal [CkRsa_get_encodingMode $myRsa]
CkRsa_put_EncodingMode $myRsa $strVal

Encoding mode to be used in methods ending in "ENC", such as EncryptStringENC. Valid EncodingModes are "base64", "hex", "url", or "quoted-printable" (or "qp"). Encryption methods ending in "ENC" will return encrypted data as a string encoded according to this property's value. Decryption methods ending in "ENC" accept an encoded string as specified by this property. The string is first decoded and then decrypted. The default value is "base64".

This property also applies to the "ENC" methods for creating and verifying digital signatures.

Base64url Encoding

LastErrorHtml (string)

# ckStr is a CkString
CkRsa_get_LastErrorHtml $myRsa $ckStr
set strVal [CkRsa_get_lastErrorHtml $myRsa]

Provides information in HTML format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.

LastErrorText (string)

# ckStr is a CkString
CkRsa_get_LastErrorText $myRsa $ckStr
set strVal [CkRsa_get_lastErrorText $myRsa]

Provides information in plain-text format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.

Concept of LastErrorText

LastErrorText Standard Information

LastErrorXml (string)

# ckStr is a CkString
CkRsa_get_LastErrorXml $myRsa $ckStr
set strVal [CkRsa_get_lastErrorXml $myRsa]

Provides information in XML format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.

LastMethodSuccess (boolean 1/0)

set boolVal [CkRsa_get_LastMethodSuccess $myRsa]
CkRsa_put_LastMethodSuccess $myRsa $boolVal

Introduced in version 9.5.0.52

Indicate whether the last method call succeeded or failed. A value of 1 indicates success, a value of 0 indicates failure. This property is automatically set for method calls. It is not modified by property accesses. The property is automatically set to indicate success for the following types of method calls:

  • Any method that returns a string.
  • Any method returning a Chilkat object, binary bytes, or a date/time.
  • Any method returning a standard boolean status value where success = 1 and failure = 0.
  • Any method returning an integer where failure is defined by a return value less than zero.

Note: Methods that do not fit the above requirements will always set this property equal to 1. For example, a method that returns no value (such as a "void" in C++) will technically always succeed.

LittleEndian (boolean 1/0)

set boolVal [CkRsa_get_LittleEndian $myRsa]
CkRsa_put_LittleEndian $myRsa $boolVal

The default value is 0, which means that signatures and encrypted output will be created using the big endian byte ordering. A value of 1 will produce little-endian output, which is what Microsoft's Crypto API produces.

Important: Prior to v9.5.0.49, this property behaved the opposite as it should for encryption. When updating from an older version of Chilkat to v9.5.0.49 or greater, the following change is required:

  • If the application did NOT explicity set the LittleEndian property, then no change is required for encryption/decryption. If signatures were being created or verified, then explicitly set this property to 1.
  • If the application explicitly set this property, then reverse the setting ONLY if doing encryption/decryption. No changes are required if doing signature creation/verification.

NoUnpad (boolean 1/0)

set boolVal [CkRsa_get_NoUnpad $myRsa]
CkRsa_put_NoUnpad $myRsa $boolVal

If 1, skips unpadding when decrypting. The default is 0. This property value is typically left unchanged.

NumBits (integer)

set intVal [CkRsa_get_NumBits $myRsa]

The number of bits of the key generated or imported into this RSA encryption object. Keys ranging in size from 384 bits to 4096 bits can be generated by calling GenerateKey. A public or private key may be imported by calling ImportPublicKey or ImportPrivateKey. A key must be available either via GenerateKey or import before any of the encrypt/decrypt methods may be called.

OaepHash (string)

# ckStr is a CkString
CkRsa_get_OaepHash $myRsa $ckStr
set strVal [CkRsa_get_oaepHash $myRsa]
CkRsa_put_OaepHash $myRsa $strVal

Introduced in version 9.5.0.48

Selects the hash algorithm for use within OAEP padding. The valid choices are "sha1", "sha256", "sha384", "sha512", "md2", "md5", "haval", "ripemd128", "ripemd160","ripemd256", or "ripemd320". The default is "sha1".

OaepMgfHash (string)

# ckStr is a CkString
CkRsa_get_OaepMgfHash $myRsa $ckStr
set strVal [CkRsa_get_oaepMgfHash $myRsa]
CkRsa_put_OaepMgfHash $myRsa $strVal

Introduced in version 9.5.0.71

Selects the MGF (mask generation) hash algorithm for use within OAEP padding. The valid choices are "sha1", "sha256", "sha384", "sha512", "md2", "md5", "haval", "ripemd128", "ripemd160","ripemd256", or "ripemd320". The default is "sha1".

OaepPadding (boolean 1/0)

set boolVal [CkRsa_get_OaepPadding $myRsa]
CkRsa_put_OaepPadding $myRsa $boolVal

Controls whether Optimal Asymmetric Encryption Padding (OAEP) is used for the padding scheme (for encrypting/decrypting). If set to 0, PKCS1 v1.5 padding is used. If set to 1, PKCS1 v2.0 (OAEP) padding is used.

Important: The OAEP padding algorithm uses randomly generated bytes. Therefore, the RSA result will be different each time, even if all of the other inputs are identical. For example, if you RSA encrypt or sign the same data using the same key 100 times, the output will appear different each time, but they are all valid.

When creating digital signatures, this property controls whether RSA-PSS or PKCS1 v1.5 is used. If 1, then the RSA-PSS signature scheme is used. The default value of this property is 0.

RSA OAEP Padding

Utf8 (boolean 1/0)

set boolVal [CkRsa_get_Utf8 $myRsa]
CkRsa_put_Utf8 $myRsa $boolVal

When set to 1, all "const char *" arguments are interpreted as utf-8 strings. If set to 0 (the default), then "const char *" arguments are interpreted as ANSI strings. Also, when set to 1, and Chilkat method returning a "const char *" is returning the utf-8 representation. If set to 0, all "const char *" return values are ANSI strings.

VerboseLogging (boolean 1/0)

set boolVal [CkRsa_get_VerboseLogging $myRsa]
CkRsa_put_VerboseLogging $myRsa $boolVal

If set to 1, then the contents of LastErrorText (or LastErrorXml, or LastErrorHtml) may contain more verbose information. The default value is 0. Verbose logging should only be used for debugging. The potentially large quantity of logged information may adversely affect peformance.

Version (string)

# ckStr is a CkString
CkRsa_get_Version $myRsa $ckStr
set strVal [CkRsa_get_version $myRsa]

Version of the component/library, such as "9.5.0.63"

Methods

# inData is a CkByteData
# usePrivateKey is a boolean
# outData is a CkByteData (output)
set status [CkRsa_DecryptBytes $inData $usePrivateKey $outData]

Decrypts byte data using the RSA encryption algorithm. usePrivateKey should be set to 1 if the private key is to be used for decrypting. Otherwise it should be set to 0 if the public key is to be used for decrypting.

Important: If trying to match OpenSSL results, set the LittleEndian property = 0.

Returns 1 for success, 0 for failure.

# str is a string
# bUsePrivateKey is a boolean
# outData is a CkByteData (output)
set status [CkRsa_DecryptBytesENC $str $bUsePrivateKey $outData]

Same as DecryptBytes, except the input is an encoded string. The encoding is specified by the EncodingMode property, which can have values such as "base64", "hex", "quoted-printable", "url", etc.

Important: If trying to match OpenSSL results, set the LittleEndian property = 0.

Returns 1 for success, 0 for failure.

# binarySig is a CkByteData
# usePrivateKey is a boolean
# outStr is a CkString (output)
set status [CkRsa_DecryptString $binarySig $usePrivateKey $outStr]
set retStr [CkRsa_decryptString $myRsa $binarySig $usePrivateKey]

Decrypts encrypted string data and returns an unencrypted string. usePrivateKey should be set to 1 if the private key is to be used for decrypting. Otherwise it should be set to 0 if the public key is to be used. The Charset property controls how the component interprets the decrypted string. Depending on the programming language, strings are returned to the application as Unicode, utf-8, or ANSI. Internal to DecryptString, the decrypted string is automatically converted from the charset specified by the Charset property to the encoding required by the calling programming language.

Important: If trying to match OpenSSL results, set the LittleEndian property = 0.

Returns 1 for success, 0 for failure.

# encodedSig is a string
# usePrivateKey is a boolean
# outStr is a CkString (output)
set status [CkRsa_DecryptStringENC $encodedSig $usePrivateKey $outStr]
set retStr [CkRsa_decryptStringENC $myRsa $encodedSig $usePrivateKey]

Same as DecryptString, except the input is an encoded string. The encoding is specified by the EncodingMode property, which can have values such as "base64", "hex", "quoted-printable", "url", etc.

Important: If trying to match OpenSSL results, set the LittleEndian property = 0.

Returns 1 for success, 0 for failure.

RSA Encrypt and Decrypt Strings

RSA Encryption -- Same Key Different Results

RSA Encrypting Symmetric Secret Key

RSA Encrypt/Decrypt AES Key

# binaryData is a CkByteData
# usePrivateKey is a boolean
# outData is a CkByteData (output)
set status [CkRsa_EncryptBytes $binaryData $usePrivateKey $outData]

Encrypts byte data using the RSA encryption algorithm. usePrivateKey should be set to 1 if the private key is to be used for encrypting. Otherwise it should be set to 0 if the public key is to be used for encrypting.

Important: If trying to match OpenSSL results, set the LittleEndian property = 0.

Returns 1 for success, 0 for failure.

# data is a CkByteData
# bUsePrivateKey is a boolean
# outStr is a CkString (output)
set status [CkRsa_EncryptBytesENC $data $bUsePrivateKey $outStr]
set retStr [CkRsa_encryptBytesENC $myRsa $data $bUsePrivateKey]

Same as EncryptBytes, except the output is an encoded string. The encoding is specified by the EncodingMode property, which can have values such as "base64", "hex", "quoted-printable", "url", etc.

Important: If trying to match OpenSSL results, set the LittleEndian property = 0.

Returns 1 for success, 0 for failure.

RSA Encrypt with SHA-256 hash function and SHA-1 mask function

# stringToEncrypt is a string
# usePrivateKey is a boolean
# outData is a CkByteData (output)
set status [CkRsa_EncryptString $stringToEncrypt $usePrivateKey $outData]

Encrypts a string using the RSA encryption algorithm. usePrivateKey should be set to 1 if the private key is to be used for encrypting. Otherwise it should be set to 0 if the public key is to be used for encrypting. The string is first converted (if necessary) to the character encoding specified by the Charset property before encrypting. The encrypted bytes are returned.

Important: If trying to match OpenSSL results, set the LittleEndian property = 0.

Returns 1 for success, 0 for failure.

Encrypt with Chilkat, Decrypt with OpenSSL

# str is a string
# bUsePrivateKey is a boolean
# outStr is a CkString (output)
set status [CkRsa_EncryptStringENC $str $bUsePrivateKey $outStr]
set retStr [CkRsa_encryptStringENC $myRsa $str $bUsePrivateKey]

Same as EncryptString, except the output is an encoded string. The encoding is specified by the EncodingMode property, which can have values such as "base64", "hex", "quoted-printable", "url", etc.

Important: If trying to match OpenSSL results, set the LittleEndian property = 0.

Returns 1 for success, 0 for failure.

RSA Encrypt and Decrypt Strings

RSA Encryption -- Same Key Different Results

RSA Encrypting Symmetric Secret Key

RSA Encrypt/Decrypt AES Key

# outStr is a CkString (output)
set status [CkRsa_ExportPrivateKey $outStr]
set retStr [CkRsa_exportPrivateKey $myRsa]

Exports the private-key of an RSA key pair to XML format. This is typically called after generating a new RSA key via the GenerateKey method.

Returns 1 for success, 0 for failure.

# returns a CkPrivateKey
set ret_privateKey [CkRsa_ExportPrivateKeyObj]

Introduced in version 9.5.0.40

Exports the private-key to a private key object. This is typically called after generating a new RSA key via the GenerateKey method. Once the private key object is obtained, it may be saved in a variety of different formats.

Returns NULL on failure

Generate RSA Key and Export to PKCS1 / PKCS8

# outStr is a CkString (output)
set status [CkRsa_ExportPublicKey $outStr]
set retStr [CkRsa_exportPublicKey $myRsa]

Exports the public-key of an RSA key pair to XML format. This is typically called after generating a new RSA key via the GenerateKey method.

Returns 1 for success, 0 for failure.

# returns a CkPublicKey
set ret_publicKey [CkRsa_ExportPublicKeyObj]

Introduced in version 9.5.0.40

Exports the public key to a public key object. Once the public key object is obtained, it may be saved in a variety of different formats.

Returns NULL on failure

Generate RSA Key and Export to PKCS1 / PKCS8

# numBits is an integer
set status [CkRsa_GenerateKey $numBits]

Generates a new RSA public/private key pair. The number of bits can range from 512 to 8192. Typical key lengths are 1024, 2048, or 4096 bits. After successful generation, the public/private parts of the key can be exported to XML via the ExportPrivateKey and ExportPublicKey methods.

Note: Prior to version 9.5.0.49, the max key size was 4096 bits. Generating an 8192-bit RSA key takes a considerable amount of time and CPU processing power. There are no event callbacks or progress monitoring for RSA key generation. Calling this will block the thread until it returns.

Returns 1 for success, 0 for failure.

Generate RSA Public/Private Key

# xmlKey is a string
set status [CkRsa_ImportPrivateKey $xmlKey]

Imports a private key from XML format. After successful import, the private key can be used to encrypt or decrypt. A private key (by definition) contains both private and public parts. This is because the public key consist of modulus and exponent. The private key consists of modulus, exponent, P, Q, DP, DQ, InverseQ, and D using base64 representation:

<RSAKeyValue>
  <Modulus>...</Modulus>
  <Exponent>...</Exponent>
  <P>...</P>
  <Q>...</Q>
  <DP>...</DP>
  <DQ>...</DQ>
  <InverseQ>...</InverseQ>
  <D>...</D>
</RSAKeyValue>

Important: The Rsa object can contain either a private key or a public key, but not both. Importing a private key overwrites the existing key regardless of whether the type of key is public or private.

Returns 1 for success, 0 for failure.

RSA Signature with Certificate's Private Key from PFX

Load PEM Public/Private Key into RSA Object

# key is a CkPrivateKey
set status [CkRsa_ImportPrivateKeyObj $key]

Introduced in version 9.5.0.40

Imports a private key from a private key object. The imported private key is used in methods that sign or decrypt.

Returns 1 for success, 0 for failure.

RSA Sign Using Private Key from .pfx/.p12 to Base64 Signature

# xmlKey is a string
set status [CkRsa_ImportPublicKey $xmlKey]

Imports a public key from XML format. After successful import, the public key can be used to encrypt or decrypt.

Note: Importing a public key overwrites the key that is currently contained in this object - even if it's a private key.

A public key consists of modulus and exponent using base64 representation:

<RSAKeyValue>
  <Modulus>...</Modulus>
  <Exponent>...</Exponent>
</RSAKeyValue>

Important: The Rsa object can contain either a private key or a public key, but not both. Importing a private key overwrites the existing key regardless of whether the type of key is public or private.

Returns 1 for success, 0 for failure.

RSA Encrypt with Modulus and Exponent

RSA Signature/Verify with .key and .cer

Load PEM Public/Private Key into RSA Object

# key is a CkPublicKey
set status [CkRsa_ImportPublicKeyObj $key]

Introduced in version 9.5.0.40

Imports a public key from a public key object. The imported public key is used in methods that encrypt data or verify signatures.

Returns 1 for success, 0 for failure.

Encrypt with Chilkat, Decrypt with OpenSSL

# data is a CkByteData
# outBytes is a CkByteData (output)
set status [CkRsa_OpenSslSignBytes $data $outData]

Duplicates OpenSSL's rsautl utility for creating RSA signatures. Input data consists of binary bytes, and returns the signature bytes.

Returns 1 for success, 0 for failure.

Duplicating OpenSSL rsautl (creating RSA signatures)

# data is a CkByteData
# outStr is a CkString (output)
set status [CkRsa_OpenSslSignBytesENC $data $outStr]
set retStr [CkRsa_openSslSignBytesENC $myRsa $data]

Duplicates OpenSSL's rsautl utility for creating RSA signatures. Input data consists of binary bytes, and returns the signature as a string encoded according to the EncodingMode property (base64, hex, etc.).

Returns 1 for success, 0 for failure.

# str is a string
# outBytes is a CkByteData (output)
set status [CkRsa_OpenSslSignString $str $outData]

Duplicates OpenSSL's rsautl utility for creating RSA signatures. Input data is a string, and returns the signature bytes.

Returns 1 for success, 0 for failure.

# str is a string
# outStr is a CkString (output)
set status [CkRsa_OpenSslSignStringENC $str $outStr]
set retStr [CkRsa_openSslSignStringENC $myRsa $str]

Duplicates OpenSSL's rsautl utility for creating RSA signatures. Input data is a string, and returns the signature as a string encoded according to the EncodingMode property (base64, hex, etc.).

Returns 1 for success, 0 for failure.

Duplicating OpenSSL rsautl (creating RSA signatures)

# signature is a CkByteData
# outBytes is a CkByteData (output)
set status [CkRsa_OpenSslVerifyBytes $signature $outData]

Duplicates OpenSSL's rsautl utility for verifying RSA signatures and recovering the original data. Input data consists of the raw signature bytes and returns the original bytes.

Returns 1 for success, 0 for failure.

Duplicating OpenSSL rsautl (creating RSA signatures)

# str is a string
# outBytes is a CkByteData (output)
set status [CkRsa_OpenSslVerifyBytesENC $str $outData]

Duplicates OpenSSL's rsautl utility for verifying RSA signatures and recovering the original data. Input data is a signature string encoded according to the EncodingMode property (base64, hex, etc.). Returns the original bytes.

Returns 1 for success, 0 for failure.

# data is a CkByteData
# outStr is a CkString (output)
set status [CkRsa_OpenSslVerifyString $data $outStr]
set retStr [CkRsa_openSslVerifyString $myRsa $data]

Duplicates OpenSSL's rsautl utility for verifying RSA signatures and recovering the original data. Input data consists of the raw signature bytes and returns the original string.

Returns 1 for success, 0 for failure.

# str is a string
# outStr is a CkString (output)
set status [CkRsa_OpenSslVerifyStringENC $str $outStr]
set retStr [CkRsa_openSslVerifyStringENC $myRsa $str]

Duplicates OpenSSL's rsautl utility for verifying RSA signatures and recovering the original data. Input data is a signature string encoded according to the EncodingMode property (base64, hex, etc.). Returns the original string.

Returns 1 for success, 0 for failure.

Duplicating OpenSSL rsautl (creating RSA signatures)

# path is a string
set status [CkRsa_SaveLastError $path]

Saves the last-error information (the contents of LastErrorXml) to an XML formatted file.

Returns 1 for success, 0 for failure.

# binaryData is a CkByteData
# hashAlgorithm is a string
# outData is a CkByteData (output)
set status [CkRsa_SignBytes $binaryData $hashAlgorithm $outData]

Creates an RSA digital signature by hashing binaryData and then signing the hash. The hash algorithm is specified by hashAlgorithm, which may be "SHA-1", "MD5", "MD2", "SHA-256", "SHA-384", or "SHA-512". The recommended hash algorithm is "SHA-1".

Important: If trying to match OpenSSL results, set the LittleEndian property = 0. (The LittleEndian property should also be set to 0 to match Amazon web services, such as CloudFront.)

A private key is required to create a digital signature.

An error is indicated when a byte array of 0 length is returned.

Returns 1 for success, 0 for failure.

# binaryData is a CkByteData
# hashAlgorithm is a string
# outStr is a CkString (output)
set status [CkRsa_SignBytesENC $binaryData $hashAlgorithm $outStr]
set retStr [CkRsa_signBytesENC $myRsa $binaryData $hashAlgorithm]

Creates an RSA digital signature by hashing binaryData and then signing the hash. The hash algorithm is specified by hashAlgorithm, which may be "SHA-1", "MD5", "MD2", "SHA-256", "SHA-384", or "SHA-512". The recommended hash algorithm is "SHA-1". The digital signature is returned as an encoded string, where the encoding is specified by the EncodingMode property.

Important: If trying to match OpenSSL results, set the LittleEndian property = 0. (The LittleEndian property should also be set to 0 to match Amazon web services, such as CloudFront.)

A private key is required to create a digital signature.

An error is indicated when null reference is returned.

Returns 1 for success, 0 for failure.

# hashBytes is a CkByteData
# hashAlg is a string
# outBytes is a CkByteData (output)
set status [CkRsa_SignHash $hashBytes $hashAlg $outData]

The same as the SignBytes method, except the hash to be signed is passed directly.

Returns 1 for success, 0 for failure.

# encodedHash is a string
# hashAlg is a string
# outStr is a CkString (output)
set status [CkRsa_SignHashENC $encodedHash $hashAlg $outStr]
set retStr [CkRsa_signHashENC $myRsa $encodedHash $hashAlg]

The same as SignBytesENC except the hash is passed directly.

Returns 1 for success, 0 for failure.

# strToBeHashed is a string
# hashAlgorithm is a string
# outData is a CkByteData (output)
set status [CkRsa_SignString $strToBeHashed $hashAlgorithm $outData]

Creates an RSA digital signature by hashing strToBeHashed and then signing the hash. The hash algorithm is specified by hashAlgorithm, which may be "SHA-1", "MD5", "MD2", "SHA-256", "SHA-384", or "SHA-512". The recommended hash algorithm is "SHA-1".

Important: If trying to match OpenSSL results, set the LittleEndian property = 0. (The LittleEndian property should also be set to 0 to match Amazon web services, such as CloudFront.)

A private key is required to create a digital signature.

An error is indicated when a byte array of 0 length is returned.

Returns 1 for success, 0 for failure.

RSA SHA256 Signature using Private Key from Java Keystore

# strToBeHashed is a string
# hashAlgorithm is a string
# outStr is a CkString (output)
set status [CkRsa_SignStringENC $strToBeHashed $hashAlgorithm $outStr]
set retStr [CkRsa_signStringENC $myRsa $strToBeHashed $hashAlgorithm]

Creates an RSA digital signature by hashing strToBeHashed and then signing the hash. The hash algorithm is specified by hashAlgorithm, which may be "SHA-1", "MD5", "MD2", "SHA-256", "SHA-384", or "SHA-512". The recommended hash algorithm is "SHA-1". The digital signature is returned as an encoded string, where the encoding is specified by the EncodingMode property.

Important: If trying to match OpenSSL results, set the LittleEndian property = 0. (The LittleEndian property should also be set to 0 to match Amazon web services, such as CloudFront.)

A private key is required to create a digital signature.

An error is indicated when null reference is returned.

Returns 1 for success, 0 for failure.

Example Code: Create RSA Signature with PEM Private Key

Duplicate openssl dgst -md5 -sign myKey.pem something.txt | openssl enc -base64 -A

RSA Sign Using Private Key from .pfx/.p12 to Base64 Signature

Walmart Partner API Authentication (Generate a Signature for a Request)

# filename is a string
# outStr is a CkString (output)
set status [CkRsa_SnkToXml $filename $outStr]
set retStr [CkRsa_snkToXml $myRsa $filename]

Imports a .snk file to an XML document that can be imported via the ImportPrivateKey method.

Returns 1 for success, 0 for failure.

# unlockCode is a string
set status [CkRsa_UnlockComponent $unlockCode]

Unlocks the component. This must be called once prior to calling any other method.

Returns 1 for success, 0 for failure.

Diagnosing UnlockComponent Problems

UnlockComponent LastErrorText shows exact string passed to it.

Verify UnlockComponent Success w/ Purchased Unlock Code

LastErrorText Standard Information

# originalData is a CkByteData
# hashAlgorithm is a string
# signatureBytes is a CkByteData
set retBool [CkRsa_VerifyBytes $originalData $hashAlgorithm $signatureBytes]

Verifies an RSA digital signature. Returns 1 if the signature is valid for the originalData. The hashAlgorithm may be "SHA-1", "MD5", "MD2", "SHA-256", "SHA-384", or "SHA-512". The recommended hash algorithm is "SHA-1".

# originalData is a CkByteData
# hashAlgorithm is a string
# encodedSig is a string
set retBool [CkRsa_VerifyBytesENC $originalData $hashAlgorithm $encodedSig]

Verifies an RSA digital signature. Returns 1 if the signature is valid for the originalData. The hashAlgorithm may be "SHA-1", "MD5", "MD2", "SHA-256", "SHA-384", or "SHA-512". The recommended hash algorithm is "SHA-1".

The encodedSig is a digital signature encoded according to the EncodingMode property (i.e. base64, hex, etc.).

# hashBytes is a CkByteData
# hashAlg is a string
# sigBytes is a CkByteData
set retBool [CkRsa_VerifyHash $hashBytes $hashAlg $sigBytes]

The same as VerifyBytes except the hash of the original data is passed directly.

# encodedHash is a string
# hashAlg is a string
# encodedSig is a string
set retBool [CkRsa_VerifyHashENC $encodedHash $hashAlg $encodedSig]

The same as VerifyBytesENC except the hash of the original data is passed directly.

# xml is a string
set status [CkRsa_VerifyPrivateKey $xml]

Returns 1 if the XML contains a valid RSA private key. Otherwise returns 0.

Returns 1 for success, 0 for failure.

# originalString is a string
# hashAlgorithm is a string
# binarySig is a CkByteData
set retBool [CkRsa_VerifyString $originalString $hashAlgorithm $binarySig]

Verifies an RSA digital signature. Returns 1 if the signature is valid for the originalString. The hashAlgorithm may be "SHA-1", "MD5", "MD2", "SHA-256", "SHA-384", or "SHA-512". The recommended hash algorithm is "SHA-1".

# originalString is a string
# hashAlgorithm is a string
# encodedSig is a string
set retBool [CkRsa_VerifyStringENC $originalString $hashAlgorithm $encodedSig]

Verifies an RSA digital signature. Returns 1 if the signature is valid for the originalString. The hashAlgorithm may be "SHA-1", "MD5", "MD2", "SHA-256", "SHA-384", or "SHA-512". The recommended hash algorithm is "SHA-1".

The encodedSig is a digital signature encoded according to the EncodingMode property (i.e. base64, hex, etc.).