CkoRsa

This property is relevant when signing or validating data originally provided as a string, but not when dealing with hashes or binary data. When hashing a string for these purposes, it's important to know its byte representation, such as UTF-8, ISO-8859-1, UTF-16, etc. This property defines the byte representation to use for the string before hashing, with the default being "ANSI", which is the default multibyte charset on a given computer.

Note: It is recommended that your application explicitly set this property to "utf-8".

If set to a file path, this property logs the LastErrorText of each Chilkat method or property call to the specified file. This logging helps identify the context and history of Chilkat calls leading up to any crash or hang, aiding in debugging.

Enabling the VerboseLogging property provides more detailed information. This property is mainly used for debugging rare instances where a Chilkat method call causes a hang or crash, which should generally not happen.

Possible causes of hangs include:

• A timeout property set to 0, indicating an infinite timeout.
• A hang occurring within an event callback in the application code.
• An internal bug in the Chilkat code causing the hang.

This property defines the encoding for methods ending in "ENC", such as EncryptStringENC. Valid modes include "base64", "hex", "hex_lower", and more. The encoding mode applies to signatures, encrypted data, and hashes used in or returned by a method.

Provides HTML-formatted information about the last called method or property. If a method call fails or behaves unexpectedly, check this property for details. Note that information is available regardless of the method call's success.

Provides plain text information about the last called method or property. If a method call fails or behaves unexpectedly, check this property for details. Note that information is available regardless of the method call's success.

Provides XML-formatted information about the last called method or property. If a method call fails or behaves unexpectedly, check this property for details. Note that information is available regardless of the method call's success.

Indicates the success or failure of the most recent method call: true means success, false means failure. This property remains unchanged by property setters or getters. This method is present to address challenges in checking for null or Nothing returns in certain programming languages.

When creating RSA signatures, this property determines the endianness: set it to true for little-endian signatures and false for big-endian signatures.

If true, skips unpadding when decrypting. The default is false. This property value is typically left unchanged.

The bit length, such as 2048, of the imported or generated RSA key.

Selects the hash algorithm for use within OAEP padding for encryption. The valid choices are "sha256", "sha384", "sha512", or "sha1".

The default is SHA1. You'll likely want to change this to to SHA256. The next major version of Chilkat (11.0.0) will change the default to SHA256.

The optional RSA encryption OAEP label is a hex representation of the label bytes used for encrypting with OAEP padding. Typically, this is left empty (0 bytes) unless there's a specific requirement to set it.

Selects the MGF (mask generation) hash algorithm for use within OAEP padding for encryption. The valid choices are "sha256", "sha384", "sha512", or "sha1".

Note: This property should typically be set to the same value as the OaepHash property. Many software implementations are not able to handle cases where the MGF hash is different than the OAEP hash.

The default is SHA1. You'll likely want to change this to to SHA256. The next major version of Chilkat (11.0.0) will change the default to SHA256.

This property controls both RSA-PSS and OAEP. When set to false, Chilkat uses PKCS#1 v1.5 padding for both encryption and signature creation. When set to true, Chilkat uses RSA-PSS padding for signatures, and OAEP padding for encryption.

Note: Both OAEP and RSA-PSS incorporate random bytes in the output. Therefore, the output is different each time even if all of the inputs are identical.

The default value of this property is false.

PS> Please accept our apology for not having a separate RsaPss property. This oversight in design happened approximately 20 years ago. We've refrained from fixing to avoid backward compatibility problems.

When using RSASSA-PSS padding for signatures, you can choose the PSS salt length. By default, the salt length is set to -1, which uses the length of the hash function. For instance, with the SHA256 hash function, the salt length will be 32 bytes. You can specify a different salt length, like 20 bytes, if needed, but it's generally recommended to keep the default setting.

This is a catch-all property to be used for uncommon needs. This property defaults to the empty string and should typically remain empty.

If set to true, then the contents of LastErrorText (or LastErrorXml, or LastErrorHtml) may contain more verbose information. The default value is false. Verbose logging should only be used for debugging. The potentially large quantity of logged information may adversely affect peformance.

Version of the component/library, such as "10.1.0"

RSA decrypts the contents of bd. usePrivateKey should be set to true if the private key is to be used for decrypting. Otherwise it should be set to false if (in rare cases) the public key is to be used for decrypting.

Important: If trying to match OpenSSL results, set the LittleEndian property = false.

Returns true for success, false for failure.

Decrypts byte data using the RSA encryption algorithm. usePrivateKey should be set to true if the private key is to be used for decrypting. Otherwise it should be set to false if (in rare cases) the public key is to be used for decrypting.

Important: If trying to match OpenSSL results, set the LittleEndian property = false.

Returns nil on failure

Decrypts str using the RSA algorithm. str is the encoded form of the encrypted binary data. The EncodingMode property defines str's encoding. Set bUsePrivateKey to true to use the private key for decryption; otherwise, set it to false to use the public key (in rare cases).

Important: If trying to match OpenSSL results, set the LittleEndian property = false.

Returns nil on failure

Decrypts encBytes with the RSA algorithm. encBytes holds the encrypted binary data. The Charset property specifies the byte representation for interpreting the decrypted text. Set usePrivateKey to true to use the private key for decryption; otherwise, set usePrivateKey to false to use the public key (used rarely). Returns the decrypted string.

Important: If trying to match OpenSSL results, set the LittleEndian property = false.

Returns nil on failure

Decrypts str with the RSA algorithm. str is the encoded form of the encrypted binary data. The EncodingMode property defines str's encoding. The Charset property specifies the byte representation for interpreting the decrypted text. Set usePrivateKey to true to use the private key for decryption; otherwise, set usePrivateKey to false to use the public key (used rarely). Returns the decrypted string.

Important: If trying to match OpenSSL results, set the LittleEndian property = false.

Returns nil on failure

RSA encrypts the contents of bd. Set usePrivateKey to false to use the public key for encrypting; otherwise, set it to true to use the private key (in rare cases).

Important: If trying to match OpenSSL results, set the LittleEndian property = false.

Note: The public key's role is to make encryption accessible to anyone while ensuring that only the private key holder can decrypt the messages. The public key is designed to be widely distributed so anyone can use it to encrypt messages intended for the owner of the private key.

Returns true for success, false for failure.

Encrypts byte data using the RSA encryption algorithm. Set usePrivateKey to false to use the public key for encrypting; otherwise, set it to true to use the private key (in rare cases).

Important: If trying to match OpenSSL results, set the LittleEndian property = false.

Note: The public key's role is to make encryption accessible to anyone while ensuring that only the private key holder can decrypt the messages. The public key is designed to be widely distributed so anyone can use it to encrypt messages intended for the owner of the private key.

Returns nil on failure

Encrypts data using the RSA algorithm. Set bUsePrivateKey to false to use the public key for encrypting; otherwise, set it to true to use the private key (in rare cases). The encrypted data is returned in the format specified by the EncodingMode property.

Important: If trying to match OpenSSL results, set the LittleEndian property = false.

Note: The public key's role is to make encryption accessible to anyone while ensuring that only the private key holder can decrypt the messages. The public key is designed to be widely distributed so anyone can use it to encrypt messages intended for the owner of the private key.

Returns nil on failure

Encrypts stringToEncrypt with the RSA algorithm. The Charset property specifies the byte representation of the string that is encrypted. Set usePrivateKey to false to use the public key for encrypting; otherwise, set it to true to use the private key (in rare cases).

Important: If trying to match OpenSSL results, set the LittleEndian property = false.

Note: The public key's role is to make encryption accessible to anyone while ensuring that only the private key holder can decrypt the messages. The public key is designed to be widely distributed so anyone can use it to encrypt messages intended for the owner of the private key.

Returns nil on failure

Encrypts str with the RSA algorithm. The Charset property specifies the byte representation of the string that is encrypted. Set bUsePrivateKey to false to use the public key for encrypting; otherwise, set it to true to use the private key (in rare cases). The encrypted data is returned in the format specified by the EncodingMode property.

Important: If trying to match OpenSSL results, set the LittleEndian property = false.

Note: The public key's role is to make encryption accessible to anyone while ensuring that only the private key holder can decrypt the messages. The public key is designed to be widely distributed so anyone can use it to encrypt messages intended for the owner of the private key.

Returns nil on failure

Exports the private-key of an RSA key pair to XML format. This is typically called after generating a new RSA key via the GenerateKey method.

Returns nil on failure

Exports the private-key to a private key object. This is typically called after generating a new RSA key via the GenerateKey method. Once the private key object is obtained, it may be saved in a variety of different formats.

Returns nil on failure

Exports the public-key of an RSA key pair to XML format. This is typically called after generating a new RSA key via the GenerateKey method.

Returns nil on failure

Exports the public key to a public key object. Once the public key object is obtained, it may be saved in a variety of different formats.

Returns nil on failure

Generates a new RSA public/private key pair. The number of bits can range from 512 to 8192. Typical key lengths are 1024, 2048, or 4096 bits. After successful generation, the public/private parts of the key can be exported to XML via the ExportPrivateKey and ExportPublicKey methods.

Note: Generating an 8192-bit RSA key can take a considerable amount of time. There are no event callbacks or progress monitoring for RSA key generation. Calling this will block the thread until it returns.

Returns true for success, false for failure.

Imports a private key from XML format. After successful import, the private key can be used to encrypt or decrypt. A private key (by definition) contains both private and public parts. This is because the public key consist of modulus and exponent. The private key consists of modulus, exponent, P, Q, DP, DQ, InverseQ, and D using base64 representation:

<RSAKeyValue>
  <Modulus>...</Modulus>
  <Exponent>...</Exponent>
  <P>...</P>
  <Q>...</Q>
  <DP>...</DP>
  <DQ>...</DQ>
  <InverseQ>...</InverseQ>
  <D>...</D>
</RSAKeyValue>

Important: The Rsa object can contain either a private key or a public key, but not both. Importing a private key overwrites the existing key regardless of whether the type of key is public or private.

Returns true for success, false for failure.

Imports a private key from a private key object. The imported private key is used in methods that sign or decrypt.

Returns true for success, false for failure.

Imports a public key from XML format. After successful import, the public key can be used to encrypt or decrypt.

Note: Importing a public key overwrites the key that is currently contained in this object - even if it's a private key.

A public key consists of modulus and exponent using base64 representation:

<RSAPublicKey>
  <Modulus>...</Modulus>
  <Exponent>...</Exponent>
</RSAPublicKey>

Important: The Rsa object can contain either a private key or a public key, but not both. Importing a private key overwrites the existing key regardless of whether the type of key is public or private.

Returns true for success, false for failure.

Imports a public key from a public key object. The imported public key is used in methods that encrypt data or verify signatures.

Returns true for success, false for failure.

The Chilkat RSA functions having names beginning with "OpenSsl" are provided to duplicate OpenSSL's rsautl functionality, which is to directly sign raw input data using an RSA private key without performing additional steps like hashing or ASN.1 encapsulation. These functions always use PKCS#1 v1.5 padding (because rsautl always uses PKCS#1 v1.5 padding and never RSA-PSS).

The maximum number of bytes that can be signed in any of the "OpenSsl" functions depends on the size of the RSA key. It is equal to the Key Size in Bytes - 11. Thus for a 2048-bit key, the maximum data size = 256 - 11 = 245 bytes.

The bytes to be signed are passed in bd. If successful, the contents of bd are replaced with the RSA signature.

Returns true for success, false for failure.

The Chilkat RSA functions having names beginning with "OpenSsl" are provided to duplicate OpenSSL's rsautl functionality, which is to directly sign raw input data using an RSA private key without performing additional steps like hashing or ASN.1 encapsulation. These functions always use PKCS#1 v1.5 padding (because rsautl always uses PKCS#1 v1.5 padding and never RSA-PSS).

The maximum number of bytes that can be signed in any of the "OpenSsl" functions depends on the size of the RSA key. It is equal to the Key Size in Bytes - 11. Thus for a 2048-bit key, the maximum data size = 256 - 11 = 245 bytes.

The bytes to be signed are passed in data. The binary RSA signature is returned.

Returns nil on failure

The Chilkat RSA functions having names beginning with "OpenSsl" are provided to duplicate OpenSSL's rsautl functionality, which is to directly sign raw input data using an RSA private key without performing additional steps like hashing or ASN.1 encapsulation. These functions always use PKCS#1 v1.5 padding (because rsautl always uses PKCS#1 v1.5 padding and never RSA-PSS).

The maximum number of bytes that can be signed in any of the "OpenSsl" functions depends on the size of the RSA key. It is equal to the Key Size in Bytes - 11. Thus for a 2048-bit key, the maximum data size = 256 - 11 = 245 bytes.

The bytes to be signed are passed in data. Returns the signature encoded based on the EncodingMode property.

Returns nil on failure

The Chilkat RSA functions having names beginning with "OpenSsl" are provided to duplicate OpenSSL's rsautl functionality, which is to directly sign raw input data using an RSA private key without performing additional steps like hashing or ASN.1 encapsulation. These functions always use PKCS#1 v1.5 padding (because rsautl always uses PKCS#1 v1.5 padding and never RSA-PSS).

The maximum number of bytes that can be signed in any of the "OpenSsl" functions depends on the size of the RSA key. It is equal to the Key Size in Bytes - 11. Thus for a 2048-bit key, the maximum data size = 256 - 11 = 245 bytes.

The string to be signed is passed in str. Returns the binary signature.

Returns nil on failure

The Chilkat RSA functions having names beginning with "OpenSsl" are provided to duplicate OpenSSL's rsautl functionality, which is to directly sign raw input data using an RSA private key without performing additional steps like hashing or ASN.1 encapsulation. These functions always use PKCS#1 v1.5 padding (because rsautl always uses PKCS#1 v1.5 padding and never RSA-PSS).

The maximum number of bytes that can be signed in any of the "OpenSsl" functions depends on the size of the RSA key. It is equal to the Key Size in Bytes - 11. Thus for a 2048-bit key, the maximum data size = 256 - 11 = 245 bytes.

The string to be signed is passed in str. Returns the signature encoded based on the EncodingMode property.

Returns nil on failure

Duplicates OpenSSL's rsautl utility for verifying RSA signatures and recovering the original data. On input, the bd contains the RSA signature that embeds the original data. If successful (i.e. the signature was verified), then the bd is transformed to contain just the original data.

Returns true for success, false for failure.

Duplicates OpenSSL's rsautl utility for verifying RSA signatures and recovering the original data. Input data consists of the raw signature bytes and returns the original bytes.

Returns nil on failure

Duplicates OpenSSL's rsautl utility for verifying RSA signatures and recovering the original data. Input data is a signature string encoded according to the EncodingMode property (base64, hex, etc.). Returns the original bytes.

Returns nil on failure

Duplicates OpenSSL's rsautl utility for verifying RSA signatures and recovering the original data. Input data consists of the raw signature bytes and returns the original string.

Returns nil on failure

Duplicates OpenSSL's rsautl utility for verifying RSA signatures and recovering the original data. Input data is a signature string encoded according to the EncodingMode property (base64, hex, etc.). Returns the original string.

Returns nil on failure

Provides the private or public key indirectly through a certificate. This method is used when the private key is inaccessible, such as when stored on a smart card, USB token, in the Windows registry (marked as non-exportable), or in the Apple Keychain.

Returns true for success, false for failure.

Generates an RSA digital signature by first hashing the contents of bdData with the hash algorithm specified by hashAlgorithm, which can be "sha256", "sha384", "sha512", or "sha1". The resulting signature is written to bdSig.

Note: It is important to be aware of endianness. Make sure the LittleEndian property is set according to your specific needs.

Generates an RSA digital signature by first hashing the contents of binaryData with the hash algorithm specified by hashAlgorithm, which can be "sha256", "sha384", "sha512", or "sha1". The function returns the binary signature.

Note: It is important to be aware of endianness. Make sure the LittleEndian property is set according to your specific needs.

Returns nil on failure

Generates an RSA digital signature by first hashing the bytes passed in binaryData with the hash algorithm specified by hashAlgorithm, which can be "sha256", "sha384", "sha512", or "sha1". Returns the signature encoded based on the EncodingMode property.

Returns nil on failure

This function creates an RSA digital signature by signing the hash provided in hashBytes. hashAlg specifies the hash algorithm, which can be "sha256", "sha384", "sha512", or "sha1". The function returns the signature in binary format.

Returns nil on failure

This function creates an RSA digital signature for the hash provided in encodedHash, which should be encoded according to the EncodingMode setting (e.g., base64 if EncodingMode = "base64"). hashAlg specifies the hash algorithm and can be "sha256", "sha384", "sha512", or "sha1". The function returns the signature encoded as specified by EncodingMode.

Returns nil on failure

Generates an RSA digital signature by first hashing strToBeHashed with the hash algorithm specified by hashAlgorithm, which can be "sha256", "sha384", "sha512", or "sha1". The function returns the binary signature.

Note: It is recommended to set the Charset property equal to "utf-8" before signing strings.

Note: It is important to be aware of endianness. Make sure the LittleEndian property is set according to your specific needs.

Returns nil on failure

Generates an RSA digital signature by first hashing strToBeHashed with the hash algorithm specified by hashAlgorithm, which can be "sha256", "sha384", "sha512", or "sha1". Returns the signature encoded based on the EncodingMode property.

Note: It is important to be aware of endianness. Make sure the LittleEndian property is set according to your specific needs.

Note: It is recommended to set the Charset property equal to "utf-8" before signing strings.

Returns nil on failure

Imports a .snk file to an XML document that can be imported via the ImportPrivateKey method.

Returns nil on failure

Verifies the RSA signature passed in bdSig against the original data passed in bdData. The original data passed in bdData is hashed using the hash algorithm passed in hashAlgorithm (such as "sha256", "sha384", "sha512", or "sha1"). Returns true if the signature is validated, and false if not.

Note: Knowing the exact hash algorithm used to create the signature is not required. If the signature is not validated using the hash algorithm specified in hashAlgorithm, Chilkat will automatically try validating using the other supported algorithms and return success if any validate.

Returns true for success, false for failure.

Verifies the RSA signature passed in signatureBytes against the original data passed in originalData. The original data passed in originalData is hashed using the hash algorithm passed in hashAlgorithm (such as "sha256", "sha384", "sha512", or "sha1"). Returns true if the signature is validated, and false if not.

Note: Knowing the exact hash algorithm used to create the signature is not required. If the signature is not validated using the hash algorithm specified in hashAlgorithm, Chilkat will automatically try validating using the other supported algorithms and return success if any validate.

Returns true for success, false for failure.

Verifies the encoded RSA signature passed in encodedSig against the original data passed in originalData. The original data passed in originalData is hashed using the hash algorithm passed in hashAlgorithm (such as "sha256", "sha384", "sha512", or "sha1"). Returns true if the signature is validated, and false if not.

The signature passed in encodedSig should be encoded according to the EncodingMode property (e.g., base64 if EncodingMode = "base64")

Note: Knowing the exact hash algorithm used to create the signature is not required. If the signature is not validated using the hash algorithm specified in hashAlgorithm, Chilkat will automatically try validating using the other supported algorithms and return success if any validate.

Returns true for success, false for failure.

Validates an RSA signature provided in sigBytes against the hash of the original data in hashBytes. Returns true if validation is successful, otherwise returns false. hashAlg specifies the hash algorithm used for hashBytes, such as "sha256", "sha384", "sha512", or "sha1". Ensure the hash's size (e.g., 32 bytes for sha256, 48 bytes for sha384, 64 bytes for sha512, 20 bytes for sha1) matches that of hashBytes.

Returns true for success, false for failure.

Validates an RSA signature provided in encodedSig against the hash of the original data in encodedHash. Returns true if validation is successful, otherwise returns false. hashAlg specifies the hash algorithm used for encodedHash, such as "sha256", "sha384", "sha512", or "sha1". Ensure the hash's size (e.g., 32 bytes for sha256, 48 bytes for sha384, 64 bytes for sha512, 20 bytes for sha1) matches that of encodedHash.

Both encodedHash and encodedSig should be encoded according to the EncodingMode property (e.g., base64 if EncodingMode = "base64")

Returns true for success, false for failure.

Returns true if the XML contains a valid RSA private key. Otherwise returns false.

Returns true for success, false for failure.

Verifies the RSA signature passed in binarySig against the original data passed in originalString. The original data passed in originalString is hashed using the hash algorithm passed in hashAlgorithm (such as "sha256", "sha384", "sha512", or "sha1"). Returns true if the signature is validated, and false if not.

Note: Knowing the exact hash algorithm used to create the signature is not required. If the signature is not validated using the hash algorithm specified in hashAlgorithm, Chilkat will automatically try validating using the other supported algorithms and return success if any validate.

Returns true for success, false for failure.

Verifies the encoded RSA signature passed in encodedSig against the original data passed in originalString. The original data passed in originalString is hashed using the hash algorithm passed in hashAlgorithm (such as "sha256", "sha384", "sha512", or "sha1"). Returns true if the signature is validated, and false if not.

The signature passed in encodedSig should be encoded according to the EncodingMode property (e.g., base64 if EncodingMode = "base64")

Note: Knowing the exact hash algorithm used to create the signature is not required. If the signature is not validated using the hash algorithm specified in hashAlgorithm, Chilkat will automatically try validating using the other supported algorithms and return success if any validate.

Returns true for success, false for failure.