(Tcl) RSA Encrypt Hash using SHA256 hash function and SHA1 mask function

How can this Javascript be duplicated using Chilkat?

function a(e, t) {
                var r = s.pki.publicKeyFromPem(e)
                  , n = r.encrypt(t, "RSA-OAEP", {
                    md: s.md.sha256.create(),
                    mgf1: {
                        md: s.md.sha1.create()
                    }
                });
                return s.util.encode64(n)
            }

Note: The OAEP padding uses random bytes in the padding, and therefore each time encryption happens, even using the same data and key, the result will be different -- but still valid. One should not expect to get the same output.

Note: This example requires Chilkat v11.0.0 or greater.

Chilkat Tcl Extension Downloads Chilkat Tcl Extension Downloads

load ./chilkat.dll

set success 0

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

set pubkey [new_CkPublicKey]

set sbPem [new_CkStringBuilder]

set bCrlf 1
CkStringBuilder_AppendLine $sbPem "-----BEGIN PUBLIC KEY-----" $bCrlf
CkStringBuilder_AppendLine $sbPem "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA33TqqLR3eeUmDtHS89qF" $bCrlf
CkStringBuilder_AppendLine $sbPem "3p4MP7Wfqt2Zjj3lZjLjjCGDvwr9cJNlNDiuKboODgUiT4ZdPWbOiMAfDcDzlOxA" $bCrlf
CkStringBuilder_AppendLine $sbPem "04DDnEFGAf+kDQiNSe2ZtqC7bnIc8+KSG/qOGQIVaay4Ucr6ovDkykO5Hxn7OU7s" $bCrlf
CkStringBuilder_AppendLine $sbPem "Jp9TP9H0JH8zMQA6YzijYH9LsupTerrY3U6zyihVEDXXOv08vBHk50BMFJbE9iwF" $bCrlf
CkStringBuilder_AppendLine $sbPem "wnxCsU5+UZUZYw87Uu0n4LPFS9BT8tUIvAfnRXIEWCha3KbFWmdZQZlyrFw0buUE" $bCrlf
CkStringBuilder_AppendLine $sbPem "f0YN3/Q0auBkdbDR/ES2PbgKTJdkjc/rEeM0TxvOUf7HuUNOhrtAVEN1D5uuxE1W" $bCrlf
CkStringBuilder_AppendLine $sbPem "SwIDAQAB" $bCrlf
CkStringBuilder_AppendLine $sbPem "-----END PUBLIC KEY-----" $bCrlf

# Load the public key object from the PEM. 
set success [CkPublicKey_LoadFromString $pubkey [CkStringBuilder_getAsString $sbPem]]
if {$success == 0} then {
    puts [CkPublicKey_lastErrorText $pubkey]
    delete_CkPublicKey $pubkey
    delete_CkStringBuilder $sbPem
    exit
}

set originalData "This is the original data to be SHA-256 hashed and RSA encrypted."

# First we SHA-256 hash the original data to get the hash in base64 format:
set crypt [new_CkCrypt2]

CkCrypt2_put_HashAlgorithm $crypt "SHA-256"
CkCrypt2_put_EncodingMode $crypt "base64"
set hashBase64 [CkCrypt2_hashStringENC $crypt $originalData]

# Setup RSA to use OAEP padding with SHA-1 for the mask function.
set rsa [new_CkRsa]

CkRsa_put_PkcsPadding $rsa 0
CkRsa_put_OaepHash $rsa "SHA256"
CkRsa_UsePublicKey $rsa $pubkey
CkRsa_put_EncodingMode $rsa "base64"

# We can provide a binary encoding mode, such as "base64", "hex", "base64url", etc.
# for the Charset property.   The Charset property was previously limited to character encodings, such as
# "utf-8", "iso-8859-1", etc.  If a binary encoding is used, then the string passed in is decoded to the binary
# bytes as indicated.  (If an actual charset, such as "utf-8" is used, then the input string is converted to the
# byte representation of the charset, and then encrypted.)

# Given that a hash is composed of non-text binary bytes, we'll set the Charset property equal to "base64" 
# (because we have the base64 hash from above).
CkRsa_put_Charset $rsa "base64"

# Note: The OAEP padding uses random bytes in the padding, and therefore each time encryption happens,
# even using the same data and key, the result will be different --  but still valid.  One should not expect
# to get the same output.
set bUsePrivateKey 0
set encryptedStr [CkRsa_encryptStringENC $rsa $hashBase64 $bUsePrivateKey]
if {[CkRsa_get_LastMethodSuccess $rsa] == 0} then {
    puts [CkRsa_lastErrorText $rsa]
    delete_CkPublicKey $pubkey
    delete_CkStringBuilder $sbPem
    delete_CkCrypt2 $crypt
    delete_CkRsa $rsa
    exit
}

puts "Base64 RSA encrypted output: $encryptedStr"

delete_CkPublicKey $pubkey
delete_CkStringBuilder $sbPem
delete_CkCrypt2 $crypt
delete_CkRsa $rsa