Rsa Delphi DLL Reference Documentation

Rsa

Current Version: 10.1.0

RSA encryption component / library. Encrypt and decrypt byte arrays and strings. Generate public/private key pairs from 384 to 4096 bits in length. Import and export RSA keys. Import keys from SNK files. Input/output in raw binary, base64, hex encoding, quoted-printable, URL-encoding, etc.

Create/Dispose

var
myObject: HCkRsa;

begin
myObject := CkRsa_Create();

// ...

CkRsa_Dispose(myObject);
end;
function CkRsa_Create: HCkRsa; stdcall;

Creates an instance of the HCkRsa object and returns a handle (i.e. a Pointer). The handle is passed in the 1st argument for the functions listed on this page.

procedure CkRsa_Dispose(handle: HCkRsa); stdcall;

Objects created by calling CkRsa_Create must be freed by calling this method. A memory leak occurs if a handle is not disposed by calling this function.

Properties

Charset
procedure CkRsa_getCharset(objHandle: HCkRsa; outPropVal: HCkString); stdcall;
procedure CkRsa_putCharset(objHandle: HCkRsa; newPropVal: PWideChar); stdcall;
function CkRsa__charset(objHandle: HCkRsa): PWideChar; stdcall;

This property only applies when encrypting, decrypting, signing, or verifying signatures for strings. When encrypting strings, the input string is first converted to this charset before encrypting.

When decrypting, the decrypted data is interpreted as a string with this charset encoding and converted to the appropriate return. For example, ActiveX's returning strings always return Unicode (2 bytes/char). Java strings are utf-8. Chilkat C++ strings are ANSI or utf-8. .NET strings are Unicode.

The default value of this property is the ANSI charset of the local computer.

When signing string data, the input string is first converted to this charset before being hashed and signed. When verifying the signature for string data, the input string is first converted to this charset before the verification process begins.

See the notes about PWideChar memory ownership and validity.

top
DebugLogFilePath
procedure CkRsa_getDebugLogFilePath(objHandle: HCkRsa; outPropVal: HCkString); stdcall;
procedure CkRsa_putDebugLogFilePath(objHandle: HCkRsa; newPropVal: PWideChar); stdcall;
function CkRsa__debugLogFilePath(objHandle: HCkRsa): PWideChar; stdcall;

If set to a file path, causes each Chilkat method or property call to automatically append it's LastErrorText to the specified log file. The information is appended such that if a hang or crash occurs, it is possible to see the context in which the problem occurred, as well as a history of all Chilkat calls up to the point of the problem. The VerboseLogging property can be set to provide more detailed information.

This property is typically used for debugging the rare cases where a Chilkat method call hangs or generates an exception that halts program execution (i.e. crashes). A hang or crash should generally never happen. The typical causes of a hang are:

  1. a timeout related property was set to 0 to explicitly indicate that an infinite timeout is desired,
  2. the hang is actually a hang within an event callback (i.e. it is a hang within the application code), or
  3. there is an internal problem (bug) in the Chilkat code that causes the hang.

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
EncodingMode
procedure CkRsa_getEncodingMode(objHandle: HCkRsa; outPropVal: HCkString); stdcall;
procedure CkRsa_putEncodingMode(objHandle: HCkRsa; newPropVal: PWideChar); stdcall;
function CkRsa__encodingMode(objHandle: HCkRsa): PWideChar; stdcall;

Encoding mode to be used in methods ending in "ENC", such as EncryptStringENC. Valid EncodingModes are "base64", "hex", "url", or "quoted-printable" (or "qp"). Encryption methods ending in "ENC" will return encrypted data as a string encoded according to this property's value. Decryption methods ending in "ENC" accept an encoded string as specified by this property. The string is first decoded and then decrypted. The default value is "base64".

This property also applies to the "ENC" methods for creating and verifying digital signatures.

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
LastErrorHtml
procedure CkRsa_getLastErrorHtml(objHandle: HCkRsa; outPropVal: HCkString); stdcall;
function CkRsa__lastErrorHtml(objHandle: HCkRsa): PWideChar; stdcall;

Provides information in HTML format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.

See the notes about PWideChar memory ownership and validity.

top
LastErrorText
procedure CkRsa_getLastErrorText(objHandle: HCkRsa; outPropVal: HCkString); stdcall;
function CkRsa__lastErrorText(objHandle: HCkRsa): PWideChar; stdcall;

Provides information in plain-text format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.

See the notes about PWideChar memory ownership and validity.

top
LastErrorXml
procedure CkRsa_getLastErrorXml(objHandle: HCkRsa; outPropVal: HCkString); stdcall;
function CkRsa__lastErrorXml(objHandle: HCkRsa): PWideChar; stdcall;

Provides information in XML format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.

See the notes about PWideChar memory ownership and validity.

top
LastMethodSuccess
function CkRsa_getLastMethodSuccess(objHandle: HCkRsa): wordbool; stdcall;
procedure CkRsa_putLastMethodSuccess(objHandle: HCkRsa; newPropVal: wordbool); stdcall;

Indicate whether the last method call succeeded or failed. A value of True indicates success, a value of False indicates failure. This property is automatically set for method calls. It is not modified by property accesses. The property is automatically set to indicate success for the following types of method calls:

  • Any method that returns a string.
  • Any method returning a Chilkat object, binary bytes, or a date/time.
  • Any method returning a standard boolean status value where success = True and failure = False.
  • Any method returning an integer where failure is defined by a return value less than zero.

Note: Methods that do not fit the above requirements will always set this property equal to True. For example, a method that returns no value (such as a "void" in C++) will technically always succeed.

top
LittleEndian
function CkRsa_getLittleEndian(objHandle: HCkRsa): wordbool; stdcall;
procedure CkRsa_putLittleEndian(objHandle: HCkRsa; newPropVal: wordbool); stdcall;

The default value is False, which means that signatures and encrypted output will be created using the big endian byte ordering. A value of True will produce little-endian output, which is what Microsoft's Crypto API produces.

Important: Prior to v9.5.0.49, this property behaved the opposite as it should for encryption. When updating from an older version of Chilkat to v9.5.0.49 or greater, the following change is required:

  • If the application did NOT explicity set the LittleEndian property, then no change is required for encryption/decryption. If signatures were being created or verified, then explicitly set this property to True.
  • If the application explicitly set this property, then reverse the setting ONLY if doing encryption/decryption. No changes are required if doing signature creation/verification.

top
NoUnpad
function CkRsa_getNoUnpad(objHandle: HCkRsa): wordbool; stdcall;
procedure CkRsa_putNoUnpad(objHandle: HCkRsa; newPropVal: wordbool); stdcall;

If True, skips unpadding when decrypting. The default is False. This property value is typically left unchanged.

top
NumBits
function CkRsa_getNumBits(objHandle: HCkRsa): Integer; stdcall;

The number of bits of the key generated or imported into this RSA encryption object. Keys ranging in size from 384 bits to 4096 bits can be generated by calling GenerateKey. A public or private key may be imported by calling ImportPublicKey or ImportPrivateKey. A key must be available either via GenerateKey or import before any of the encrypt/decrypt methods may be called.

top
OaepHash
procedure CkRsa_getOaepHash(objHandle: HCkRsa; outPropVal: HCkString); stdcall;
procedure CkRsa_putOaepHash(objHandle: HCkRsa; newPropVal: PWideChar); stdcall;
function CkRsa__oaepHash(objHandle: HCkRsa): PWideChar; stdcall;
Introduced in version 9.5.0.48

Selects the hash algorithm for use within OAEP padding. The valid choices are "sha1", "sha256", "sha384", "sha512", "md2", "md5", "haval", "ripemd128", "ripemd160","ripemd256", or "ripemd320". The default is "sha1".

See the notes about PWideChar memory ownership and validity.

top
OaepLabel
procedure CkRsa_getOaepLabel(objHandle: HCkRsa; outPropVal: HCkString); stdcall;
procedure CkRsa_putOaepLabel(objHandle: HCkRsa; newPropVal: PWideChar); stdcall;
function CkRsa__oaepLabel(objHandle: HCkRsa): PWideChar; stdcall;
Introduced in version 9.5.0.95

The optional RSA encryption OAEP label. This property is the hex representation of the OAEP label bytes to be used when encrypting with OAEP padding. In virtually all cases, it is left empty (the label is 0 bytes in length). Only set this property if you have a specific need. Otherwise, leave it empty.

See the notes about PWideChar memory ownership and validity.

top
OaepMgfHash
procedure CkRsa_getOaepMgfHash(objHandle: HCkRsa; outPropVal: HCkString); stdcall;
procedure CkRsa_putOaepMgfHash(objHandle: HCkRsa; newPropVal: PWideChar); stdcall;
function CkRsa__oaepMgfHash(objHandle: HCkRsa): PWideChar; stdcall;
Introduced in version 9.5.0.71

Selects the MGF (mask generation) hash algorithm for use within OAEP padding. The valid choices are "sha1", "sha256", "sha384", "sha512", "md2", "md5", "haval", "ripemd128", "ripemd160","ripemd256", or "ripemd320". The default is "sha1".

See the notes about PWideChar memory ownership and validity.

top
OaepPadding
function CkRsa_getOaepPadding(objHandle: HCkRsa): wordbool; stdcall;
procedure CkRsa_putOaepPadding(objHandle: HCkRsa; newPropVal: wordbool); stdcall;

Controls whether Optimal Asymmetric Encryption Padding (OAEP) is used for the padding scheme (for encrypting/decrypting). If set to False, PKCS1 v1.5 padding is used. If set to True, PKCS1 v2.0 (OAEP) padding is used.

Important: The OAEP padding algorithm uses randomly generated bytes. Therefore, the RSA result will be different each time, even if all of the other inputs are identical. For example, if you RSA encrypt or sign the same data using the same key 100 times, the output will appear different each time, but they are all valid.

When creating digital signatures, this property controls whether RSA-PSS or PKCS1 v1.5 is used. If True, then the RSA-PSS signature scheme is used. The default value of this property is False.

More Information and Examples
top
PssSaltLen
function CkRsa_getPssSaltLen(objHandle: HCkRsa): Integer; stdcall;
procedure CkRsa_putPssSaltLen(objHandle: HCkRsa; newPropVal: Integer); stdcall;
Introduced in version 9.5.0.80

Selects the PSS salt length when RSASSA-PSS padding is selected for signatures. The default value is -1 to indicate that the length of the hash function should be used. For example, if the hash function is SHA256, then the PSS salt length will be 32 bytes. Can be optionally set to a value such as 20 if a specific salt length is required. This property should normally remain at the default value.

top
UncommonOptions
procedure CkRsa_getUncommonOptions(objHandle: HCkRsa; outPropVal: HCkString); stdcall;
procedure CkRsa_putUncommonOptions(objHandle: HCkRsa; newPropVal: PWideChar); stdcall;
function CkRsa__uncommonOptions(objHandle: HCkRsa): PWideChar; stdcall;
Introduced in version 10.1.0

This is a catch-all property to be used for uncommon needs. This property defaults to the empty string and should typically remain empty.

See the notes about PWideChar memory ownership and validity.

top
VerboseLogging
function CkRsa_getVerboseLogging(objHandle: HCkRsa): wordbool; stdcall;
procedure CkRsa_putVerboseLogging(objHandle: HCkRsa; newPropVal: wordbool); stdcall;

If set to True, then the contents of LastErrorText (or LastErrorXml, or LastErrorHtml) may contain more verbose information. The default value is False. Verbose logging should only be used for debugging. The potentially large quantity of logged information may adversely affect peformance.

top
Version
procedure CkRsa_getVersion(objHandle: HCkRsa; outPropVal: HCkString); stdcall;
function CkRsa__version(objHandle: HCkRsa): PWideChar; stdcall;

Version of the component/library, such as "9.5.0.94"

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top

Methods

DecryptBd
function CkRsa_DecryptBd(objHandle: HCkRsa;
    bd: HCkBinData;
    usePrivateKey: wordbool): wordbool; stdcall;
Introduced in version 9.5.0.76

RSA decrypts the contents of bd. usePrivateKey should be set to True if the private key is to be used for decrypting. Otherwise it should be set to False if the public key is to be used for decrypting.

Important: If trying to match OpenSSL results, set the LittleEndian property = False.

Returns True for success, False for failure.

top
DecryptBytes
function CkRsa_DecryptBytes(objHandle: HCkRsa;
    inData: HCkByteData;
    usePrivateKey: wordbool;
    outData: HCkByteData): wordbool; stdcall;

Decrypts byte data using the RSA encryption algorithm. usePrivateKey should be set to True if the private key is to be used for decrypting. Otherwise it should be set to False if the public key is to be used for decrypting.

Important: If trying to match OpenSSL results, set the LittleEndian property = False.

Returns True for success, False for failure.

More Information and Examples
top
DecryptBytesENC
function CkRsa_DecryptBytesENC(objHandle: HCkRsa;
    str: PWideChar;
    bUsePrivateKey: wordbool;
    outData: HCkByteData): wordbool; stdcall;

Same as DecryptBytes, except the input is an encoded string. The encoding is specified by the EncodingMode property, which can have values such as "base64", "hex", "quoted-printable", "url", etc.

Important: If trying to match OpenSSL results, set the LittleEndian property = False.

Returns True for success, False for failure.

top
DecryptString
function CkRsa_DecryptString(objHandle: HCkRsa;
    encBytes: HCkByteData;
    usePrivateKey: wordbool;
    outStr: HCkString): wordbool; stdcall;
function CkRsa__decryptString(objHandle: HCkRsa;
    encBytes: HCkByteData;
    usePrivateKey: wordbool): PWideChar; stdcall;

Decrypts encrypted string data and returns an unencrypted string. usePrivateKey should be set to True if the private key is to be used for decrypting. Otherwise it should be set to False if the public key is to be used. The Charset property controls how the component interprets the decrypted string. Depending on the programming language, strings are returned to the application as Unicode, utf-8, or ANSI. Internal to DecryptString, the decrypted string is automatically converted from the charset specified by the Charset property to the encoding required by the calling programming language.

Important: If trying to match OpenSSL results, set the LittleEndian property = False.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

top
DecryptStringENC
function CkRsa_DecryptStringENC(objHandle: HCkRsa;
    str: PWideChar;
    usePrivateKey: wordbool;
    outStr: HCkString): wordbool; stdcall;
function CkRsa__decryptStringENC(objHandle: HCkRsa;
    str: PWideChar;
    usePrivateKey: wordbool): PWideChar; stdcall;

Same as DecryptString, except the input is an encoded string. The encoding is specified by the EncodingMode property, which can have values such as "base64", "hex", "quoted-printable", "url", etc.

Important: If trying to match OpenSSL results, set the LittleEndian property = False.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

top
EncryptBd
function CkRsa_EncryptBd(objHandle: HCkRsa;
    bd: HCkBinData;
    usePrivateKey: wordbool): wordbool; stdcall;
Introduced in version 9.5.0.76

RSA encrypts the contents of bd. usePrivateKey should be set to True if the private key is to be used for encrypting. Otherwise it should be set to False if the public key is to be used for encrypting.

Important: If trying to match OpenSSL results, set the LittleEndian property = False.

Note: Except for special situations, the public key should always be used for encrypting, and the private key for decrypting. This makes sense because an encrypted message is sent to a recipient, and the recipient is the only one in possession of the private key, and therefore the only one that can decrypt and read the message.

Returns True for success, False for failure.

top
EncryptBytes
function CkRsa_EncryptBytes(objHandle: HCkRsa;
    binaryData: HCkByteData;
    usePrivateKey: wordbool;
    outData: HCkByteData): wordbool; stdcall;

Encrypts byte data using the RSA encryption algorithm. usePrivateKey should be set to True if the private key is to be used for encrypting. Otherwise it should be set to False if the public key is to be used for encrypting.

Important: If trying to match OpenSSL results, set the LittleEndian property = False.

Note: Except for special situations, the public key should always be used for encrypting, and the private key for decrypting. This makes sense because an encrypted message is sent to a recipient, and the recipient is the only one in possession of the private key, and therefore the only one that can decrypt and read the message.

Returns True for success, False for failure.

More Information and Examples
top
EncryptBytesENC
function CkRsa_EncryptBytesENC(objHandle: HCkRsa;
    data: HCkByteData;
    bUsePrivateKey: wordbool;
    outStr: HCkString): wordbool; stdcall;
function CkRsa__encryptBytesENC(objHandle: HCkRsa;
    data: HCkByteData;
    bUsePrivateKey: wordbool): PWideChar; stdcall;

Same as EncryptBytes, except the output is an encoded string. The encoding is specified by the EncodingMode property, which can have values such as "base64", "hex", "quoted-printable", "url", etc.

Important: If trying to match OpenSSL results, set the LittleEndian property = False.

Note: Except for special situations, the public key should always be used for encrypting, and the private key for decrypting. This makes sense because an encrypted message is sent to a recipient, and the recipient is the only one in possession of the private key, and therefore the only one that can decrypt and read the message.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

top
EncryptString
function CkRsa_EncryptString(objHandle: HCkRsa;
    stringToEncrypt: PWideChar;
    usePrivateKey: wordbool;
    outData: HCkByteData): wordbool; stdcall;

Encrypts a string using the RSA encryption algorithm. usePrivateKey should be set to True if the private key is to be used for encrypting. Otherwise it should be set to False if the public key is to be used for encrypting. The string is first converted (if necessary) to the character encoding specified by the Charset property before encrypting. The encrypted bytes are returned.

Important: If trying to match OpenSSL results, set the LittleEndian property = False.

Note: Except for special situations, the public key should always be used for encrypting, and the private key for decrypting. This makes sense because an encrypted message is sent to a recipient, and the recipient is the only one in possession of the private key, and therefore the only one that can decrypt and read the message.

Returns True for success, False for failure.

More Information and Examples
top
EncryptStringENC
function CkRsa_EncryptStringENC(objHandle: HCkRsa;
    str: PWideChar;
    bUsePrivateKey: wordbool;
    outStr: HCkString): wordbool; stdcall;
function CkRsa__encryptStringENC(objHandle: HCkRsa;
    str: PWideChar;
    bUsePrivateKey: wordbool): PWideChar; stdcall;

Same as EncryptString, except the output is an encoded string. The encoding is specified by the EncodingMode property, which can have values such as "base64", "hex", "quoted-printable", "url", etc.

Important: If trying to match OpenSSL results, set the LittleEndian property = False.

Note: Except for special situations, the public key should always be used for encrypting, and the private key for decrypting. This makes sense because an encrypted message is sent to a recipient, and the recipient is the only one in possession of the private key, and therefore the only one that can decrypt and read the message.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

top
ExportPrivateKey
function CkRsa_ExportPrivateKey(objHandle: HCkRsa;
    outStr: HCkString): wordbool; stdcall;
function CkRsa__exportPrivateKey(objHandle: HCkRsa): PWideChar; stdcall;

Exports the private-key of an RSA key pair to XML format. This is typically called after generating a new RSA key via the GenerateKey method.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

top
ExportPrivateKeyObj
function CkRsa_ExportPrivateKeyObj(objHandle: HCkRsa): HCkPrivateKey; stdcall;
Introduced in version 9.5.0.40

Exports the private-key to a private key object. This is typically called after generating a new RSA key via the GenerateKey method. Once the private key object is obtained, it may be saved in a variety of different formats.

Returns nil on failure

More Information and Examples
top
ExportPublicKey
function CkRsa_ExportPublicKey(objHandle: HCkRsa;
    outStr: HCkString): wordbool; stdcall;
function CkRsa__exportPublicKey(objHandle: HCkRsa): PWideChar; stdcall;

Exports the public-key of an RSA key pair to XML format. This is typically called after generating a new RSA key via the GenerateKey method.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

top
ExportPublicKeyObj
function CkRsa_ExportPublicKeyObj(objHandle: HCkRsa): HCkPublicKey; stdcall;
Introduced in version 9.5.0.40

Exports the public key to a public key object. Once the public key object is obtained, it may be saved in a variety of different formats.

Returns nil on failure

More Information and Examples
top
GenerateKey
function CkRsa_GenerateKey(objHandle: HCkRsa;
    numBits: Integer): wordbool; stdcall;

Generates a new RSA public/private key pair. The number of bits can range from 512 to 8192. Typical key lengths are 1024, 2048, or 4096 bits. After successful generation, the public/private parts of the key can be exported to XML via the ExportPrivateKey and ExportPublicKey methods.

Note: Prior to version 9.5.0.49, the max key size was 4096 bits. Generating an 8192-bit RSA key takes a considerable amount of time and CPU processing power. There are no event callbacks or progress monitoring for RSA key generation. Calling this will block the thread until it returns.

Returns True for success, False for failure.

More Information and Examples
top
ImportPrivateKey
function CkRsa_ImportPrivateKey(objHandle: HCkRsa;
    xmlKey: PWideChar): wordbool; stdcall;

Imports a private key from XML format. After successful import, the private key can be used to encrypt or decrypt. A private key (by definition) contains both private and public parts. This is because the public key consist of modulus and exponent. The private key consists of modulus, exponent, P, Q, DP, DQ, InverseQ, and D using base64 representation:

<RSAKeyValue>
  <Modulus>...</Modulus>
  <Exponent>...</Exponent>
  <P>...</P>
  <Q>...</Q>
  <DP>...</DP>
  <DQ>...</DQ>
  <InverseQ>...</InverseQ>
  <D>...</D>
</RSAKeyValue>

Important: The Rsa object can contain either a private key or a public key, but not both. Importing a private key overwrites the existing key regardless of whether the type of key is public or private.

Returns True for success, False for failure.

top
ImportPrivateKeyObj
function CkRsa_ImportPrivateKeyObj(objHandle: HCkRsa;
    key: HCkPrivateKey): wordbool; stdcall;
Introduced in version 9.5.0.40

Imports a private key from a private key object. The imported private key is used in methods that sign or decrypt.

Returns True for success, False for failure.

top
ImportPublicKey
function CkRsa_ImportPublicKey(objHandle: HCkRsa;
    xmlKey: PWideChar): wordbool; stdcall;

Imports a public key from XML format. After successful import, the public key can be used to encrypt or decrypt.

Note: Importing a public key overwrites the key that is currently contained in this object - even if it's a private key.

A public key consists of modulus and exponent using base64 representation:

<RSAPublicKey>
  <Modulus>...</Modulus>
  <Exponent>...</Exponent>
</RSAPublicKey>

Important: The Rsa object can contain either a private key or a public key, but not both. Importing a private key overwrites the existing key regardless of whether the type of key is public or private.

Returns True for success, False for failure.

top
ImportPublicKeyObj
function CkRsa_ImportPublicKeyObj(objHandle: HCkRsa;
    key: HCkPublicKey): wordbool; stdcall;
Introduced in version 9.5.0.40

Imports a public key from a public key object. The imported public key is used in methods that encrypt data or verify signatures.

Returns True for success, False for failure.

top
OpenSslSignBd
function CkRsa_OpenSslSignBd(objHandle: HCkRsa;
    bd: HCkBinData): wordbool; stdcall;
Introduced in version 9.5.0.77

Duplicates OpenSSL's rsautl utility for creating RSA signatures. The contents of bd are signed. If successful, the result is that bd contains the RSA signature that itself contains (embeds) the original data.

Returns True for success, False for failure.

top
OpenSslSignBytes
function CkRsa_OpenSslSignBytes(objHandle: HCkRsa;
    data: HCkByteData;
    outBytes: HCkByteData): wordbool; stdcall;

Duplicates OpenSSL's rsautl utility for creating RSA signatures. Input data consists of binary bytes, and returns the signature bytes.

Returns True for success, False for failure.

top
OpenSslSignBytesENC
function CkRsa_OpenSslSignBytesENC(objHandle: HCkRsa;
    data: HCkByteData;
    outStr: HCkString): wordbool; stdcall;
function CkRsa__openSslSignBytesENC(objHandle: HCkRsa;
    data: HCkByteData): PWideChar; stdcall;

Duplicates OpenSSL's rsautl utility for creating RSA signatures. Input data consists of binary bytes, and returns the signature as a string encoded according to the EncodingMode property (base64, hex, etc.).

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

top
OpenSslSignString
function CkRsa_OpenSslSignString(objHandle: HCkRsa;
    str: PWideChar;
    outBytes: HCkByteData): wordbool; stdcall;

Duplicates OpenSSL's rsautl utility for creating RSA signatures. Input data is a string, and returns the signature bytes.

Returns True for success, False for failure.

top
OpenSslSignStringENC
function CkRsa_OpenSslSignStringENC(objHandle: HCkRsa;
    str: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkRsa__openSslSignStringENC(objHandle: HCkRsa;
    str: PWideChar): PWideChar; stdcall;

Duplicates OpenSSL's rsautl utility for creating RSA signatures. Input data is a string, and returns the signature as a string encoded according to the EncodingMode property (base64, hex, etc.).

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

top
OpenSslVerifyBd
function CkRsa_OpenSslVerifyBd(objHandle: HCkRsa;
    bd: HCkBinData): wordbool; stdcall;
Introduced in version 9.5.0.77

Duplicates OpenSSL's rsautl utility for verifying RSA signatures and recovering the original data. On input, the bd contains the RSA signature that embeds the original data. If successful (i.e. the signature was verified), then the bd is transformed to contain just the original data.

Returns True for success, False for failure.

top
OpenSslVerifyBytes
function CkRsa_OpenSslVerifyBytes(objHandle: HCkRsa;
    signature: HCkByteData;
    outBytes: HCkByteData): wordbool; stdcall;

Duplicates OpenSSL's rsautl utility for verifying RSA signatures and recovering the original data. Input data consists of the raw signature bytes and returns the original bytes.

Returns True for success, False for failure.

top
OpenSslVerifyBytesENC
function CkRsa_OpenSslVerifyBytesENC(objHandle: HCkRsa;
    str: PWideChar;
    outBytes: HCkByteData): wordbool; stdcall;

Duplicates OpenSSL's rsautl utility for verifying RSA signatures and recovering the original data. Input data is a signature string encoded according to the EncodingMode property (base64, hex, etc.). Returns the original bytes.

Returns True for success, False for failure.

top
OpenSslVerifyString
function CkRsa_OpenSslVerifyString(objHandle: HCkRsa;
    data: HCkByteData;
    outStr: HCkString): wordbool; stdcall;
function CkRsa__openSslVerifyString(objHandle: HCkRsa;
    data: HCkByteData): PWideChar; stdcall;

Duplicates OpenSSL's rsautl utility for verifying RSA signatures and recovering the original data. Input data consists of the raw signature bytes and returns the original string.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

top
OpenSslVerifyStringENC
function CkRsa_OpenSslVerifyStringENC(objHandle: HCkRsa;
    str: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkRsa__openSslVerifyStringENC(objHandle: HCkRsa;
    str: PWideChar): PWideChar; stdcall;

Duplicates OpenSSL's rsautl utility for verifying RSA signatures and recovering the original data. Input data is a signature string encoded according to the EncodingMode property (base64, hex, etc.). Returns the original string.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

top
SetX509Cert
function CkRsa_SetX509Cert(objHandle: HCkRsa;
    cert: HCkCert;
    usePrivateKey: wordbool): wordbool; stdcall;
Introduced in version 9.5.0.73

Provides the private or public key indirectly through a certificate. This method is especially useful on Windows computers where the private key is installed as non-exportable (such as on a hardware token).

Returns True for success, False for failure.

top
SignBd
function CkRsa_SignBd(objHandle: HCkRsa;
    bdData: HCkBinData;
    hashAlgorithm: PWideChar;
    bdSig: HCkBinData): wordbool; stdcall;
Introduced in version 9.5.0.77

Creates an RSA digital signature by hashing the contents of bdData and then signing the hash. The hash algorithm is specified by hashAlgorithm, which may be "SHA-1", "MD5", "MD2", "SHA-256", "SHA-384", or "SHA-512". The resulting signature is returned in bdSig.

Important: If trying to match OpenSSL results, set the LittleEndian property = False. (The LittleEndian property should also be set to False to match Amazon web services, such as CloudFront.)

A private key is required to create digital signatures.

More Information and Examples
top
SignBytes
function CkRsa_SignBytes(objHandle: HCkRsa;
    binaryData: HCkByteData;
    hashAlgorithm: PWideChar;
    outData: HCkByteData): wordbool; stdcall;

Creates an RSA digital signature by hashing binaryData and then signing the hash. The hash algorithm is specified by hashAlgorithm, which may be "SHA-1", "MD5", "MD2", "SHA-256", "SHA-384", or "SHA-512". The recommended hash algorithm is "SHA-1".

Important: If trying to match OpenSSL results, set the LittleEndian property = False. (The LittleEndian property should also be set to False to match Amazon web services, such as CloudFront.)

A private key is required to create a digital signature.

An error is indicated when a byte array of 0 length is returned.

Returns True for success, False for failure.

top
SignBytesENC
function CkRsa_SignBytesENC(objHandle: HCkRsa;
    binaryData: HCkByteData;
    hashAlgorithm: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkRsa__signBytesENC(objHandle: HCkRsa;
    binaryData: HCkByteData;
    hashAlgorithm: PWideChar): PWideChar; stdcall;

Creates an RSA digital signature by hashing binaryData and then signing the hash. The hash algorithm is specified by hashAlgorithm, which may be "SHA-1", "MD5", "MD2", "SHA-256", "SHA-384", or "SHA-512". The recommended hash algorithm is "SHA-1". The digital signature is returned as an encoded string, where the encoding is specified by the EncodingMode property.

Important: If trying to match OpenSSL results, set the LittleEndian property = False. (The LittleEndian property should also be set to False to match Amazon web services, such as CloudFront.)

A private key is required to create a digital signature.

An error is indicated when null reference is returned.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

top
SignHash
function CkRsa_SignHash(objHandle: HCkRsa;
    hashBytes: HCkByteData;
    hashAlg: PWideChar;
    outBytes: HCkByteData): wordbool; stdcall;

The same as the SignBytes method, except the hash to be signed is passed directly.

Returns True for success, False for failure.

top
SignHashENC
function CkRsa_SignHashENC(objHandle: HCkRsa;
    encodedHash: PWideChar;
    hashAlg: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkRsa__signHashENC(objHandle: HCkRsa;
    encodedHash: PWideChar;
    hashAlg: PWideChar): PWideChar; stdcall;

The same as SignBytesENC except the hash is passed directly.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

top
SignString
function CkRsa_SignString(objHandle: HCkRsa;
    strToBeHashed: PWideChar;
    hashAlgorithm: PWideChar;
    outData: HCkByteData): wordbool; stdcall;

Creates an RSA digital signature by hashing strToBeHashed and then signing the hash. The hash algorithm is specified by hashAlgorithm, which may be "SHA-1", "MD5", "MD2", "SHA-256", "SHA-384", or "SHA-512". The recommended hash algorithm is "SHA-1".

Important: If trying to match OpenSSL results, set the LittleEndian property = False. (The LittleEndian property should also be set to False to match Amazon web services, such as CloudFront.)

A private key is required to create a digital signature.

An error is indicated when a byte array of 0 length is returned.

Returns True for success, False for failure.

top
SignStringENC
function CkRsa_SignStringENC(objHandle: HCkRsa;
    strToBeHashed: PWideChar;
    hashAlgorithm: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkRsa__signStringENC(objHandle: HCkRsa;
    strToBeHashed: PWideChar;
    hashAlgorithm: PWideChar): PWideChar; stdcall;

Creates an RSA digital signature by hashing strToBeHashed and then signing the hash. The hash algorithm is specified by hashAlgorithm, which may be "SHA-1", "MD5", "MD2", "SHA-256", "SHA-384", or "SHA-512". The recommended hash algorithm is "SHA-1". The digital signature is returned as an encoded string, where the encoding is specified by the EncodingMode property.

Important: If trying to match OpenSSL results, set the LittleEndian property = False. (The LittleEndian property should also be set to False to match Amazon web services, such as CloudFront.)

A private key is required to create a digital signature.

An error is indicated when null reference is returned.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

top
SnkToXml
function CkRsa_SnkToXml(objHandle: HCkRsa;
    filename: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkRsa__snkToXml(objHandle: HCkRsa;
    filename: PWideChar): PWideChar; stdcall;

Imports a .snk file to an XML document that can be imported via the ImportPrivateKey method.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

top
VerifyBd
function CkRsa_VerifyBd(objHandle: HCkRsa;
    bdData: HCkBinData;
    hashAlgorithm: PWideChar;
    bdSig: HCkBinData): wordbool; stdcall;
Introduced in version 9.5.0.77

Verifies an RSA digital signature. Returns True if the signature in bdSig is valid an confirms that the original data in bdData has not been modified. The hashAlgorithm may be "SHA-1", "MD5", "MD2", "SHA-256", "SHA-384", or "SHA-512".

Returns True for success, False for failure.

More Information and Examples
top
VerifyBytes
function CkRsa_VerifyBytes(objHandle: HCkRsa;
    originalData: HCkByteData;
    hashAlgorithm: PWideChar;
    signatureBytes: HCkByteData): wordbool; stdcall;

Verifies an RSA digital signature. Returns True if the signature is valid for the originalData. The hashAlgorithm may be "SHA-1", "MD5", "MD2", "SHA-256", "SHA-384", or "SHA-512". The recommended hash algorithm is "SHA-1".

top
VerifyBytesENC
function CkRsa_VerifyBytesENC(objHandle: HCkRsa;
    originalData: HCkByteData;
    hashAlgorithm: PWideChar;
    encodedSig: PWideChar): wordbool; stdcall;

Verifies an RSA digital signature. Returns True if the signature is valid for the originalData. The hashAlgorithm may be "SHA-1", "MD5", "MD2", "SHA-256", "SHA-384", or "SHA-512". The recommended hash algorithm is "SHA-1".

The encodedSig is a digital signature encoded according to the EncodingMode property (i.e. base64, hex, etc.).

top
VerifyHash
function CkRsa_VerifyHash(objHandle: HCkRsa;
    hashBytes: HCkByteData;
    hashAlg: PWideChar;
    sigBytes: HCkByteData): wordbool; stdcall;

The same as VerifyBytes except the hash of the original data is passed directly.

top
VerifyHashENC
function CkRsa_VerifyHashENC(objHandle: HCkRsa;
    encodedHash: PWideChar;
    hashAlg: PWideChar;
    encodedSig: PWideChar): wordbool; stdcall;

The same as VerifyBytesENC except the hash of the original data is passed directly.

More Information and Examples
top
VerifyPrivateKey
function CkRsa_VerifyPrivateKey(objHandle: HCkRsa;
    xml: PWideChar): wordbool; stdcall;

Returns True if the XML contains a valid RSA private key. Otherwise returns False.

Returns True for success, False for failure.

top
VerifyString
function CkRsa_VerifyString(objHandle: HCkRsa;
    originalString: PWideChar;
    hashAlgorithm: PWideChar;
    binarySig: HCkByteData): wordbool; stdcall;

Verifies an RSA digital signature. Returns True if the signature is valid for the originalString. The hashAlgorithm may be "SHA-1", "MD5", "MD2", "SHA-256", "SHA-384", or "SHA-512". The recommended hash algorithm is "SHA-1".

top
VerifyStringENC
function CkRsa_VerifyStringENC(objHandle: HCkRsa;
    originalString: PWideChar;
    hashAlgorithm: PWideChar;
    encodedSig: PWideChar): wordbool; stdcall;

Verifies an RSA digital signature. Returns True if the signature is valid for the originalString. The hashAlgorithm may be "SHA-1", "MD5", "MD2", "SHA-256", "SHA-384", or "SHA-512". The recommended hash algorithm is "SHA-1".

The encodedSig is a digital signature encoded according to the EncodingMode property (i.e. base64, hex, etc.).

More Information and Examples
top