Rsa

This property is relevant when signing or validating data originally provided as a string, but not when dealing with hashes or binary data. When hashing a string for these purposes, it's important to know its byte representation, such as UTF-8, ISO-8859-1, UTF-16, etc. This property defines the byte representation to use for the string before hashing, with the default being "ANSI", which is the default multibyte charset on a given computer.

Note: It is recommended that your application explicitly set this property to "utf-8".

If set to a file path, this property logs the LastErrorText of each Chilkat method or property call to the specified file. This logging helps identify the context and history of Chilkat calls leading up to any crash or hang, aiding in debugging.

Enabling the VerboseLogging property provides more detailed information. This property is mainly used for debugging rare instances where a Chilkat method call causes a hang or crash, which should generally not happen.

Possible causes of hangs include:

• A timeout property set to 0, indicating an infinite timeout.
• A hang occurring within an event callback in the application code.
• An internal bug in the Chilkat code causing the hang.

This property defines the encoding for methods ending in "ENC", such as EncryptStringENC. Valid modes include "base64", "hex", "hex_lower", and more. The encoding mode applies to signatures, encrypted data, and hashes used in or returned by a method.

Provides HTML-formatted information about the last called method or property. If a method call fails or behaves unexpectedly, check this property for details. Note that information is available regardless of the method call's success.

Provides plain text information about the last called method or property. If a method call fails or behaves unexpectedly, check this property for details. Note that information is available regardless of the method call's success.

Provides XML-formatted information about the last called method or property. If a method call fails or behaves unexpectedly, check this property for details. Note that information is available regardless of the method call's success.

Indicates the success or failure of the most recent method call: .T. means success, .F. means failure. This property remains unchanged by property setters or getters. This method is present to address challenges in checking for null or Nothing returns in certain programming languages.

When creating RSA signatures, this property determines the endianness: set it to .T. for little-endian signatures and .F. for big-endian signatures.

If .T., skips unpadding when decrypting. The default is .F.. This property value is typically left unchanged.

The bit length, such as 2048, of the imported or generated RSA key.

Selects the hash algorithm for use within OAEP padding for encryption. The valid choices are "sha256", "sha384", "sha512", or "sha1".

The default is SHA1. You'll likely want to change this to to SHA256. The next major version of Chilkat (11.0.0) will change the default to SHA256.

The optional RSA encryption OAEP label is a hex representation of the label bytes used for encrypting with OAEP padding. Typically, this is left empty (0 bytes) unless there's a specific requirement to set it.

Selects the MGF (mask generation) hash algorithm for use within OAEP padding for encryption. The valid choices are "sha256", "sha384", "sha512", or "sha1".

Note: This property should typically be set to the same value as the OaepHash property. Many software implementations are not able to handle cases where the MGF hash is different than the OAEP hash.

The default is SHA1. You'll likely want to change this to to SHA256. The next major version of Chilkat (11.0.0) will change the default to SHA256.

This property controls both RSA-PSS and OAEP. When set to .F., Chilkat uses PKCS#1 v1.5 padding for both encryption and signature creation. When set to .T., Chilkat uses RSA-PSS padding for signatures, and OAEP padding for encryption.

Note: Both OAEP and RSA-PSS incorporate random bytes in the output. Therefore, the output is different each time even if all of the inputs are identical.

The default value of this property is .F..

PS> Please accept our apology for not having a separate RsaPss property. This oversight in design happened approximately 20 years ago. We've refrained from fixing to avoid backward compatibility problems.

When using RSASSA-PSS padding for signatures, you can choose the PSS salt length. By default, the salt length is set to -1, which uses the length of the hash function. For instance, with the SHA256 hash function, the salt length will be 32 bytes. You can specify a different salt length, like 20 bytes, if needed, but it's generally recommended to keep the default setting.

This is a catch-all property to be used for uncommon needs. This property defaults to the empty string and should typically remain empty.

If set to .T., then the contents of LastErrorText (or LastErrorXml, or LastErrorHtml) may contain more verbose information. The default value is .F.. Verbose logging should only be used for debugging. The potentially large quantity of logged information may adversely affect peformance.

Version of the component/library, such as "10.1.0"

RSA decrypts the contents of bd. usePrivateKey should be set to .T. if the private key is to be used for decrypting. Otherwise it should be set to .F. if (in rare cases) the public key is to be used for decrypting.

Important: If trying to match OpenSSL results, set the LittleEndian property = .F..

Returns .T. for success, .F. for failure.

Decrypts str with the RSA algorithm. str is the encoded form of the encrypted binary data. The EncodingMode property defines str's encoding. The Charset property specifies the byte representation for interpreting the decrypted text. Set usePrivateKey to .T. to use the private key for decryption; otherwise, set usePrivateKey to .F. to use the public key (used rarely). Returns the decrypted string.

Important: If trying to match OpenSSL results, set the LittleEndian property = .F..

Returns .F. on failure

RSA encrypts the contents of bd. Set usePrivateKey to .F. to use the public key for encrypting; otherwise, set it to .T. to use the private key (in rare cases).

Important: If trying to match OpenSSL results, set the LittleEndian property = .F..

Note: The public key's role is to make encryption accessible to anyone while ensuring that only the private key holder can decrypt the messages. The public key is designed to be widely distributed so anyone can use it to encrypt messages intended for the owner of the private key.

Returns .T. for success, .F. for failure.

Encrypts str with the RSA algorithm. The Charset property specifies the byte representation of the string that is encrypted. Set bUsePrivateKey to .F. to use the public key for encrypting; otherwise, set it to .T. to use the private key (in rare cases). The encrypted data is returned in the format specified by the EncodingMode property.

Important: If trying to match OpenSSL results, set the LittleEndian property = .F..

Note: The public key's role is to make encryption accessible to anyone while ensuring that only the private key holder can decrypt the messages. The public key is designed to be widely distributed so anyone can use it to encrypt messages intended for the owner of the private key.

Returns .F. on failure

Exports the private-key of an RSA key pair to XML format. This is typically called after generating a new RSA key via the GenerateKey method.

Returns .F. on failure

Exports the private-key to a private key object. This is typically called after generating a new RSA key via the GenerateKey method. Once the private key object is obtained, it may be saved in a variety of different formats.

Returns .F. on failure

Exports the public-key of an RSA key pair to XML format. This is typically called after generating a new RSA key via the GenerateKey method.

Returns .F. on failure

Exports the public key to a public key object. Once the public key object is obtained, it may be saved in a variety of different formats.

Returns .F. on failure

Generates a new RSA public/private key pair. The number of bits can range from 512 to 8192. Typical key lengths are 1024, 2048, or 4096 bits. After successful generation, the public/private parts of the key can be exported to XML via the ExportPrivateKey and ExportPublicKey methods.

Note: Generating an 8192-bit RSA key can take a considerable amount of time. There are no event callbacks or progress monitoring for RSA key generation. Calling this will block the thread until it returns.

Returns .T. for success, .F. for failure.

Imports a private key from XML format. After successful import, the private key can be used to encrypt or decrypt. A private key (by definition) contains both private and public parts. This is because the public key consist of modulus and exponent. The private key consists of modulus, exponent, P, Q, DP, DQ, InverseQ, and D using base64 representation:

<RSAKeyValue>
  <Modulus>...</Modulus>
  <Exponent>...</Exponent>
  <P>...</P>
  <Q>...</Q>
  <DP>...</DP>
  <DQ>...</DQ>
  <InverseQ>...</InverseQ>
  <D>...</D>
</RSAKeyValue>

Important: The Rsa object can contain either a private key or a public key, but not both. Importing a private key overwrites the existing key regardless of whether the type of key is public or private.

Returns .T. for success, .F. for failure.

Imports a private key from a private key object. The imported private key is used in methods that sign or decrypt.

Returns .T. for success, .F. for failure.

Imports a public key from XML format. After successful import, the public key can be used to encrypt or decrypt.

Note: Importing a public key overwrites the key that is currently contained in this object - even if it's a private key.

A public key consists of modulus and exponent using base64 representation:

<RSAPublicKey>
  <Modulus>...</Modulus>
  <Exponent>...</Exponent>
</RSAPublicKey>

Important: The Rsa object can contain either a private key or a public key, but not both. Importing a private key overwrites the existing key regardless of whether the type of key is public or private.

Returns .T. for success, .F. for failure.

Imports a public key from a public key object. The imported public key is used in methods that encrypt data or verify signatures.

Returns .T. for success, .F. for failure.

The Chilkat RSA functions having names beginning with "OpenSsl" are provided to duplicate OpenSSL's rsautl functionality, which is to directly sign raw input data using an RSA private key without performing additional steps like hashing or ASN.1 encapsulation. These functions always use PKCS#1 v1.5 padding (because rsautl always uses PKCS#1 v1.5 padding and never RSA-PSS).

The maximum number of bytes that can be signed in any of the "OpenSsl" functions depends on the size of the RSA key. It is equal to the Key Size in Bytes - 11. Thus for a 2048-bit key, the maximum data size = 256 - 11 = 245 bytes.

The bytes to be signed are passed in bd. If successful, the contents of bd are replaced with the RSA signature.

Returns .T. for success, .F. for failure.

The Chilkat RSA functions having names beginning with "OpenSsl" are provided to duplicate OpenSSL's rsautl functionality, which is to directly sign raw input data using an RSA private key without performing additional steps like hashing or ASN.1 encapsulation. These functions always use PKCS#1 v1.5 padding (because rsautl always uses PKCS#1 v1.5 padding and never RSA-PSS).

The maximum number of bytes that can be signed in any of the "OpenSsl" functions depends on the size of the RSA key. It is equal to the Key Size in Bytes - 11. Thus for a 2048-bit key, the maximum data size = 256 - 11 = 245 bytes.

The string to be signed is passed in str. Returns the signature encoded based on the EncodingMode property.

Returns .F. on failure

Duplicates OpenSSL's rsautl utility for verifying RSA signatures and recovering the original data. On input, the bd contains the RSA signature that embeds the original data. If successful (i.e. the signature was verified), then the bd is transformed to contain just the original data.

Returns .T. for success, .F. for failure.

Duplicates OpenSSL's rsautl utility for verifying RSA signatures and recovering the original data. Input data is a signature string encoded according to the EncodingMode property (base64, hex, etc.). Returns the original string.

Returns .F. on failure

Provides the private or public key indirectly through a certificate. This method is especially useful on Windows computers where the private key is installed as non-exportable (such as on a hardware token).

Returns .T. for success, .F. for failure.

Generates an RSA digital signature by first hashing the contents of bdData with the hash algorithm specified by hashAlgorithm, which can be "sha256", "sha384", "sha512", or "sha1". The resulting signature is written to bdSig.

Note: It is important to be aware of endianness. Make sure the LittleEndian property is set according to your specific needs.

This function creates an RSA digital signature for the hash provided in encodedHash, which should be encoded according to the EncodingMode setting (e.g., base64 if EncodingMode = "base64"). hashAlg specifies the hash algorithm and can be "sha256", "sha384", "sha512", or "sha1". The function returns the signature encoded as specified by EncodingMode.

Returns .F. on failure

Generates an RSA digital signature by first hashing strToBeHashed with the hash algorithm specified by hashAlgorithm, which can be "sha256", "sha384", "sha512", or "sha1". Returns the signature encoded based on the EncodingMode property.

Note: It is important to be aware of endianness. Make sure the LittleEndian property is set according to your specific needs.

Note: It is recommended to set the Charset property equal to "utf-8" before signing strings.

Returns .F. on failure

Imports a .snk file to an XML document that can be imported via the ImportPrivateKey method.

Returns .F. on failure

Verifies the RSA signature passed in bdSig against the original data passed in bdData. The original data passed in bdData is hashed using the hash algorithm passed in hashAlgorithm (such as "sha256", "sha384", "sha512", or "sha1"). Returns .T. if the signature is validated, and .F. if not.

Note: Knowing the exact hash algorithm used to create the signature is not required. If the signature is not validated using the hash algorithm specified in hashAlgorithm, Chilkat will automatically try validating using the other supported algorithms and return success if any validate.

Returns .T. for success, .F. for failure.

Validates an RSA signature provided in encodedSig against the hash of the original data in encodedHash. Returns .T. if validation is successful, otherwise returns .F.. hashAlg specifies the hash algorithm used for encodedHash, such as "sha256", "sha384", "sha512", or "sha1". Ensure the hash's size (e.g., 32 bytes for sha256, 48 bytes for sha384, 64 bytes for sha512, 20 bytes for sha1) matches that of encodedHash.

Both encodedHash and encodedSig should be encoded according to the EncodingMode property (e.g., base64 if EncodingMode = "base64")

Returns .T. for success, .F. for failure.

Returns .T. if the XML contains a valid RSA private key. Otherwise returns .F..

Returns .T. for success, .F. for failure.

Verifies the encoded RSA signature passed in encodedSig against the original data passed in originalString. The original data passed in originalString is hashed using the hash algorithm passed in hashAlgorithm (such as "sha256", "sha384", "sha512", or "sha1"). Returns .T. if the signature is validated, and .F. if not.

The signature passed in encodedSig should be encoded according to the EncodingMode property (e.g., base64 if EncodingMode = "base64")

Note: Knowing the exact hash algorithm used to create the signature is not required. If the signature is not validated using the hash algorithm specified in hashAlgorithm, Chilkat will automatically try validating using the other supported algorithms and return success if any validate.

Returns .T. for success, .F. for failure.