RSA Signature/Verify with .key and .cer

Demonstrates how to use a .key file (private key) and digital certificate (.cer, public key) to create and verify an RSA signature.

Downloads:

MS Windows Visual C/C++ Libraries

Linux/CentOS C/C++ Libraries

MAC OS X C/C++ Libraries

Solaris C/C++ Libraries

C++ Builder Libraries

// Needs #include <CkPrivateKey.h>
// Needs #include <CkRsa.h>
// Needs #include <CkCert.h>
// Needs #include <CkPublicKey.h>

    CkString strOut;

    CkPrivateKey privKey;

    bool success;

    //  Load the private key from an RSA .key file:
    success = privKey.LoadPemFile("privateKey.key");
    if (success != true) {
        strOut.append(privKey.lastErrorText());
        strOut.append("\r\n");
        SetDlgItemText(IDC_EDIT1,strOut.getUnicode());
        return;
    }

    const char * privKeyXml;
    //  Get the private key in XML format:
    privKeyXml = privKey.getXml();

    CkRsa rsa;

    //  Any string argument automatically begins the 30-day trial.

    success = rsa.UnlockComponent("30-day trial");
    if (success != true) {
        strOut.append(rsa.lastErrorText());
        strOut.append("\r\n");
        SetDlgItemText(IDC_EDIT1,strOut.getUnicode());
        return;
    }

    //  Import the private key into the RSA component:
    success = rsa.ImportPrivateKey(privKeyXml);
    if (success != true) {
        strOut.append(rsa.lastErrorText());
        strOut.append("\r\n");
        SetDlgItemText(IDC_EDIT1,strOut.getUnicode());
        return;
    }

    //  Create the signature as a hex string:
    rsa.put_EncodingMode("hex");

    //  If some other non-Chilkat application or web service is going to be verifying
    //  the signature, it is important to match the byte-ordering.
    //  The LittleEndian property may be set to true
    //  for little-endian byte ordering,
    //  or false  for big-endian byte ordering.
    //  Microsoft apps typically use little-endian, while
    //  OpenSSL and other services (such as Amazon CloudFront)
    //  use big-endian.
    rsa.put_LittleEndian(false);

    const char * strData;
    strData = "This is the string to be signed.";

    //  Sign the string using the sha-1 hash algorithm.
    //  Other valid choices are "md2", "sha256", "sha384",
    //  "sha512", and "md5".
    const char * hexSig;
    hexSig = rsa.signStringENC(strData,"sha-1");

    strOut.append(hexSig);
    strOut.append("\r\n");

    //  Load a digital certificate from a .cer file:
    CkCert cert;

    success = cert.LoadFromFile("myCert.cer");
    if (success != true) {
        strOut.append(cert.lastErrorText());
        strOut.append("\r\n");
        SetDlgItemText(IDC_EDIT1,strOut.getUnicode());
        return;
    }

    CkPublicKey *pubKey = 0;

    pubKey = cert.ExportPublicKey();

    //  Now verify using a separate instance of the RSA object:
    CkRsa rsa2;

    //  Import the public key into the RSA object:
    success = rsa2.ImportPublicKey(pubKey->getXml());
    if (success != true) {
        strOut.append(rsa2.lastErrorText());
        strOut.append("\r\n");
        SetDlgItemText(IDC_EDIT1,strOut.getUnicode());
        return;
    }

    delete pubKey;

    //  The signature is a hex string, so make sure the EncodingMode is correct:
    rsa2.put_EncodingMode("hex");

    //  Verify the signature:
    success = rsa2.VerifyStringENC(strData,"sha-1",hexSig);
    if (success != true) {
        strOut.append(rsa2.lastErrorText());
        strOut.append("\r\n");
        SetDlgItemText(IDC_EDIT1,strOut.getUnicode());
        return;
    }

    strOut.append("Success.\r\n");

    SetDlgItemText(IDC_EDIT1,strOut.getUnicode());