PrivateKey Tcl Reference Documentation
PrivateKey
Current Version: 10.0.0
Contains an RSA, DSA, or ECC private key. Provides methods for importing and exporting to/from PEM, DER, PKCS8, PKCS1, PVK, and XML formats. Private keys can be imported/exported to both memory and files.
Object Creation
set myPrivateKey [new CkPrivateKey]
Properties
BitLength
set intVal [CkPrivateKey_get_BitLength $myPrivateKey]
The bit length (strength) of the private key.
topDebugLogFilePath
# ckStr is a CkString
CkPrivateKey_get_DebugLogFilePath $myPrivateKey $ckStr
set strVal [CkPrivateKey_get_debugLogFilePath $myPrivateKey]
CkPrivateKey_put_DebugLogFilePath $myPrivateKey $strVal
If set to a file path, causes each Chilkat method or property call to automatically append it's LastErrorText to the specified log file. The information is appended such that if a hang or crash occurs, it is possible to see the context in which the problem occurred, as well as a history of all Chilkat calls up to the point of the problem. The VerboseLogging property can be set to provide more detailed information.
This property is typically used for debugging the rare cases where a Chilkat method call hangs or generates an exception that halts program execution (i.e. crashes). A hang or crash should generally never happen. The typical causes of a hang are:
- a timeout related property was set to 0 to explicitly indicate that an infinite timeout is desired,
- the hang is actually a hang within an event callback (i.e. it is a hang within the application code), or
- there is an internal problem (bug) in the Chilkat code that causes the hang.
KeyType
# ckStr is a CkString
CkPrivateKey_get_KeyType $myPrivateKey $ckStr
set strVal [CkPrivateKey_get_keyType $myPrivateKey]
The type of private key. Can be "empty", "rsa", "dsa", "ecc" (i.e. ECDSA), or "ed25519".
topLastErrorHtml
# ckStr is a CkString
CkPrivateKey_get_LastErrorHtml $myPrivateKey $ckStr
set strVal [CkPrivateKey_get_lastErrorHtml $myPrivateKey]
Provides information in HTML format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.
topLastErrorText
# ckStr is a CkString
CkPrivateKey_get_LastErrorText $myPrivateKey $ckStr
set strVal [CkPrivateKey_get_lastErrorText $myPrivateKey]
Provides information in plain-text format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.
LastErrorXml
# ckStr is a CkString
CkPrivateKey_get_LastErrorXml $myPrivateKey $ckStr
set strVal [CkPrivateKey_get_lastErrorXml $myPrivateKey]
Provides information in XML format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.
topLastMethodSuccess
set boolVal [CkPrivateKey_get_LastMethodSuccess $myPrivateKey]
CkPrivateKey_put_LastMethodSuccess $myPrivateKey $boolVal
Indicate whether the last method call succeeded or failed. A value of 1 indicates success, a value of 0 indicates failure. This property is automatically set for method calls. It is not modified by property accesses. The property is automatically set to indicate success for the following types of method calls:
- Any method that returns a string.
- Any method returning a Chilkat object, binary bytes, or a date/time.
- Any method returning a standard boolean status value where success = 1 and failure = 0.
- Any method returning an integer where failure is defined by a return value less than zero.
Note: Methods that do not fit the above requirements will always set this property equal to 1. For example, a method that returns no value (such as a "void" in C++) will technically always succeed.
topPkcs8EncryptAlg
# ckStr is a CkString
CkPrivateKey_get_Pkcs8EncryptAlg $myPrivateKey $ckStr
set strVal [CkPrivateKey_get_pkcs8EncryptAlg $myPrivateKey]
CkPrivateKey_put_Pkcs8EncryptAlg $myPrivateKey $strVal
The encryption algorithm to be used when exporting the key to encrypted PKCS8. The default value is "3des". Possible choices also include "aes128", "aes192", and "aes256". All of the encryption algorithm choices use CBC mode.
topUncommonOptions
# ckStr is a CkString
CkPrivateKey_get_UncommonOptions $myPrivateKey $ckStr
set strVal [CkPrivateKey_get_uncommonOptions $myPrivateKey]
CkPrivateKey_put_UncommonOptions $myPrivateKey $strVal
This is a catch-all property to be used for uncommon needs. This property defaults to the empty string, and should typically remain empty.
topUtf8
set boolVal [CkPrivateKey_get_Utf8 $myPrivateKey]
CkPrivateKey_put_Utf8 $myPrivateKey $boolVal
When set to 1, all "const char *" arguments are interpreted as utf-8 strings. If set to 0 (the default), then "const char *" arguments are interpreted as ANSI strings. Also, when set to 1, and Chilkat method returning a "const char *" is returning the utf-8 representation. If set to 0, all "const char *" return values are ANSI strings.
topVerboseLogging
set boolVal [CkPrivateKey_get_VerboseLogging $myPrivateKey]
CkPrivateKey_put_VerboseLogging $myPrivateKey $boolVal
If set to 1, then the contents of LastErrorText (or LastErrorXml, or LastErrorHtml) may contain more verbose information. The default value is 0. Verbose logging should only be used for debugging. The potentially large quantity of logged information may adversely affect peformance.
topVersion
# ckStr is a CkString
CkPrivateKey_get_Version $myPrivateKey $ckStr
set strVal [CkPrivateKey_get_version $myPrivateKey]
Methods
GetJwk
set status [CkPrivateKey_GetJwk $outStr]
set retStr [CkPrivateKey_getJwk $myPrivateKey]
Gets the private key in JWK (JSON Web Key) format.
RSA keys have this JWK format:
{"kty":"RSA", "n":"0vx7agoebGcQ ... JzKnqDKgw", "e":"AQAB", "d":"X4cTteJY_gn4F ... 4jfcKoAC8Q", "p":"83i-7IvMGXoMX ... vn7O0nVbfs", "q":"3dfOR9cuYq-0S ... 4vIcb6yelxk", "dp":"G4sPXkc6Ya9 ... 8YeiKkTiBj0", "dq":"s9lAH9fggBso ... w494Q_cgk", "qi":"GyM_p6JrXySi ... zTKhAVRU"}
ECC keys have this JWK format.
{"kty":"EC", "crv":"P-256", "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", "d":"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE"}
Ed25519 keys (added in v9.5.0.83) have this JWK format.
{"kty": "OKP", "crv": "Ed25519", "x": "SE2Kne5xt51z1eciMH2T2ftDQp96Gl6FhY6zSQujiP0", "d": "O-eRXewadF0sNyB0U9omcnt8Qg2ZmeK3WSXPYgqe570", "use": "sig"}
Returns 1 for success, 0 for failure.
GetJwkThumbprint
# outStr is a CkString (output)
set status [CkPrivateKey_GetJwkThumbprint $hashAlg $outStr]
set retStr [CkPrivateKey_getJwkThumbprint $myPrivateKey $hashAlg]
Returns the JWK thumbprint for the private key. This is the thumbprint of the JSON Web Key (JWK) as per RFC 7638.
Returns 1 for success, 0 for failure.
GetPkcs1
Gets the private key in unencrypted binary DER format, preferring PKCS1 if possible.
RSA keys are returned in PKCS1 ASN.1 DER format:
RSAPrivateKey ::= SEQUENCE { version Version, modulus INTEGER, -- n publicExponent INTEGER, -- e privateExponent INTEGER, -- d prime1 INTEGER, -- p prime2 INTEGER, -- q exponent1 INTEGER, -- d mod (p-1) exponent2 INTEGER, -- d mod (q-1) coefficient INTEGER, -- (inverse of q) mod p otherPrimeInfos OtherPrimeInfos OPTIONAL }
DSA keys are returned in this ASN.1 DER format:
SEQUENCE(6 elem) INTEGER 0 INTEGER(2048 bit) (p) INTEGER(160 bit) (q) INTEGER(2044 bit) (g) INTEGER(2040 bit) (y - public key) INTEGER(156 bit) (x - private key)
ECC keys are returned in this ASN.1 DER format:
(from RFC 5915) ECPrivateKey ::= SEQUENCE { version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), privateKey OCTET STRING, parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, publicKey [1] BIT STRING OPTIONAL (This is the ANSI X9.63 public key format.)
Returns 1 for success, 0 for failure.
topGetPkcs1ENC
# outStr is a CkString (output)
set status [CkPrivateKey_GetPkcs1ENC $encoding $outStr]
set retStr [CkPrivateKey_getPkcs1ENC $myPrivateKey $encoding]
Gets the private key in unencrypted binary DER format, preferring PKCS1 if possible, and returns in an encoded string, as specified by the encoding argument.
RSA keys are returned in PKCS1 ASN.1 DER format:
RSAPrivateKey ::= SEQUENCE { version Version, modulus INTEGER, -- n publicExponent INTEGER, -- e privateExponent INTEGER, -- d prime1 INTEGER, -- p prime2 INTEGER, -- q exponent1 INTEGER, -- d mod (p-1) exponent2 INTEGER, -- d mod (q-1) coefficient INTEGER, -- (inverse of q) mod p otherPrimeInfos OtherPrimeInfos OPTIONAL }
DSA keys are returned in this ASN.1 DER format:
SEQUENCE(6 elem) INTEGER 0 INTEGER(2048 bit) (p) INTEGER(160 bit) (q) INTEGER(2044 bit) (g) INTEGER(2040 bit) (y - public key) INTEGER(156 bit) (x - private key)
ECC keys are returned in this ASN.1 DER format:
(from RFC 5915) ECPrivateKey ::= SEQUENCE { version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), privateKey OCTET STRING, parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, publicKey [1] BIT STRING OPTIONAL (This is the ANSI X9.63 public key format.)
Returns 1 for success, 0 for failure.
GetPkcs1Pem
set status [CkPrivateKey_GetPkcs1Pem $outStr]
set retStr [CkPrivateKey_getPkcs1Pem $myPrivateKey]
Gets the private key in non-encrypted PEM format, preferring PKCS1 over PKCS8 if possible for the key type.
Returns 1 for success, 0 for failure.
topGetPkcs8
Gets the private key in unencrypted PKCS8 format.
RSA keys are returned in PKCS8 ASN.1 DER format:
SEQUENCE // PrivateKeyInfo +- INTEGER // Version - 0 (v1998) +- SEQUENCE // AlgorithmIdentifier +- OID // 1.2.840.113549.1.1.1 +- NULL // Optional Parameters +- OCTETSTRING // PrivateKey +- SEQUENCE // RSAPrivateKey +- INTEGER(0) // Version - v1998(0) +- INTEGER(N) // N +- INTEGER(E) // E +- INTEGER(D) // D +- INTEGER(P) // P +- INTEGER(Q) // Q +- INTEGER(DP) // d mod p-1 +- INTEGER(DQ) // d mod q-1 +- INTEGER(Inv Q) // INV(q) mod p
DSA keys are returned in this ASN.1 DER format:
SEQUENCE // PrivateKeyInfo +- INTEGER // Version +- SEQUENCE // AlgorithmIdentifier +- OID // 1.2.840.10040.4.1 +- SEQUENCE // DSS-Params (Optional Parameters) +- INTEGER(P) // P +- INTEGER(Q) // Q +- INTEGER(G) // G +- OCTETSTRING // PrivateKey +- INTEGER(X) // DSAPrivateKey X
ECC keys are returned in this ASN.1 DER format:
(from RFC 5915) ECPrivateKey ::= SEQUENCE { version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), privateKey OCTET STRING, parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, publicKey [1] BIT STRING OPTIONAL (This is the ANSI X9.63 public key format.)
Returns 1 for success, 0 for failure.
topGetPkcs8ENC
# outStr is a CkString (output)
set status [CkPrivateKey_GetPkcs8ENC $encoding $outStr]
set retStr [CkPrivateKey_getPkcs8ENC $myPrivateKey $encoding]
Gets the private key in unencrypted PKCS8 format and returned in an encoded string, as specified by the encoding argument.
Returns 1 for success, 0 for failure.
GetPkcs8Encrypted
# outBytes is a CkByteData (output)
set status [CkPrivateKey_GetPkcs8Encrypted $password $outData]
Writes the private key to password-protected PKCS8 format. The Pkcs8EncryptAlg property controls the encryption algorithm used to encrypt.
Returns 1 for success, 0 for failure.
topGetPkcs8EncryptedENC
# password is a string
# outStr is a CkString (output)
set status [CkPrivateKey_GetPkcs8EncryptedENC $encoding $password $outStr]
set retStr [CkPrivateKey_getPkcs8EncryptedENC $myPrivateKey $encoding $password]
Writes the private key to password-protected PKCS8 format and returns as an encoded string as specified by the encoding argument. The Pkcs8EncryptAlg property controls the encryption algorithm used to encrypt.
Returns 1 for success, 0 for failure.
GetPkcs8EncryptedPem
# outStr is a CkString (output)
set status [CkPrivateKey_GetPkcs8EncryptedPem $password $outStr]
set retStr [CkPrivateKey_getPkcs8EncryptedPem $myPrivateKey $password]
Writes the private key to password-protected PKCS8 PEM format. The Pkcs8EncryptAlg property controls the encryption algorithm used to encrypt.
Returns 1 for success, 0 for failure.
GetPkcs8Pem
set status [CkPrivateKey_GetPkcs8Pem $outStr]
set retStr [CkPrivateKey_getPkcs8Pem $myPrivateKey]
GetPublicKey
set ret_publicKey [CkPrivateKey_GetPublicKey]
Returns the public key portion of the private key as a public key object.
Returns NULL on failure
GetRawHex
# outStr is a CkString (output)
set status [CkPrivateKey_GetRawHex $pubKey $outStr]
set retStr [CkPrivateKey_getRawHex $myPrivateKey $pubKey]
Returns the private key in raw hex format (lowercase). The public key is written to pubKey.
Ed25519 private and public keys are 32-byte each (64 chars in hex format).
The length of an EC key depends on the curve. The private key is a single hex string. The public key is a hex string composed of the "x" and "y" parts of the public key like this:
04||HEX(x)||HEX(y)
Note: This method is only applicable to Ed25519 and ECDSA keys. An RSA key cannot be returned in such as simple raw format because it is composed of multiple parts (modulus, exponent, and more).
Returns 1 for success, 0 for failure.
GetXml
set status [CkPrivateKey_GetXml $outStr]
set retStr [CkPrivateKey_getXml $myPrivateKey]
Returns the private key in XML format. The private key is returned unencrypted and the parts are base64 encoded.
RSA keys have this XML format:
<RSAKeyValue> <Modulus>...</Modulus> <Exponent>...</Exponent> <P>...</P> <Q>...</Q> <DP>...</DP> <DQ>...</DQ> <InverseQ>...</InverseQ> <D>...</D> </RSAKeyValue>
DSA keys have this XML format:
<DSAKeyValue> <P>...</P> <Q>...</Q> <G>...</G> <Y>...</Y> <X>...</X> </DSAKeyValue>
ECC keys have this XML format. The CURVE_NAME could be one of secp256r1, secp384r1, secp521r1, secp256k1 (or others as new curves are supported.)
<ECCKeyValue curve="CURVE_NAME">...</ECCKeyValue>
Returns 1 for success, 0 for failure.
LoadAnyFormat
# password is a string
set status [CkPrivateKey_LoadAnyFormat $privKeyData $password]
Loads a private key from any format (PKCS1, PKCS8, PEM, JWK, PVK, etc.). The contents of the key (binary or text) is passed in privKeyData. The password is optional and should be specified if needed.
Returns 1 for success, 0 for failure.
LoadAnyFormatFile
# password is a string
set status [CkPrivateKey_LoadAnyFormatFile $path $password]
Loads a private key from a file in any format (PKCS1, PKCS8, PEM, JWK, PVK, etc.). The password is optional and should be specified if needed.
Returns 1 for success, 0 for failure.
topLoadEd25519
# pubKey is a string
set status [CkPrivateKey_LoadEd25519 $privKey $pubKey]
Loads the private key object with an ed25519 key pair. The privKey is the 32-byte private key as a hex string. The pubKey is the 32-byte public key as a hex string. pubKey may be an empty string, in which case the public key is automatically computed from the private key.
Returns 1 for success, 0 for failure.
LoadEncryptedPem
# password is a string
set status [CkPrivateKey_LoadEncryptedPem $pemStr $password]
Loads the private key from an in-memory encrypted PEM string. An encrypted PEM contains the private key in encrypted PKCS#8 format, where the data begins and ends with the following tags:
-----BEGIN ENCRYPTED PRIVATE KEY----- BASE64 ENCODED DATA -----END ENCRYPTED PRIVATE KEY-----
For those requiring a deeper understanding: The base64 data contains ASN.1 DER with the following structure:
EncryptedPrivateKeyInfo ::= SEQUENCE { encryptionAlgorithm EncryptionAlgorithmIdentifier, encryptedData EncryptedData } EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier EncryptedData ::= OCTET STRING
Note: Each of the private key Load* methods willl auto-recognize the content and will parse appropriately. The private key should be successfully loaded even when the wrong format data is passed to the wrong method.
Returns 1 for success, 0 for failure.
LoadEncryptedPemFile
# password is a string
set status [CkPrivateKey_LoadEncryptedPemFile $path $password]
Loads a private key from an encrypted PEM file.
Note: Each of the private key Load* methods willl auto-recognize the content and will parse appropriately. The private key should be successfully loaded even when the wrong format data is passed to the wrong method.
Returns 1 for success, 0 for failure.
LoadJwk
set status [CkPrivateKey_LoadJwk $jsonStr]
Loads a private key from an JWK (JSON Web Key) string.
RSA keys have this JWK format:
{"kty":"RSA", "n":"0vx7agoebGcQ ... JzKnqDKgw", "e":"AQAB", "d":"X4cTteJY_gn4F ... 4jfcKoAC8Q", "p":"83i-7IvMGXoMX ... vn7O0nVbfs", "q":"3dfOR9cuYq-0S ... 4vIcb6yelxk", "dp":"G4sPXkc6Ya9 ... 8YeiKkTiBj0", "dq":"s9lAH9fggBso ... w494Q_cgk", "qi":"GyM_p6JrXySi ... zTKhAVRU"}
ECC keys have this JWK format.
{"kty":"EC", "crv":"P-256", "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", "d":"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE"}
Ed25519 keys (added in v9.5.0.83) have this JWK format.
{"kty": "OKP", "crv": "Ed25519", "x": "SE2Kne5xt51z1eciMH2T2ftDQp96Gl6FhY6zSQujiP0", "d": "O-eRXewadF0sNyB0U9omcnt8Qg2ZmeK3WSXPYgqe570", "use": "sig"}
Note: Each of the private key Load* methods willl auto-recognize the content and will parse appropriately. The private key should be successfully loaded even when the wrong format data is passed to the wrong method.
Returns 1 for success, 0 for failure.
LoadPem
set status [CkPrivateKey_LoadPem $str]
Loads the private key from an in-memory PEM string. If the PEM contains an encrypted private key, then the LoadEncryptedPem method should instead be called. This method is for loading an unencrypted private key stored in PEM using PKCS#1 or PKCS#8.
A private key stored in PKCS#1 format begins and ends with the tags:
-----BEGIN RSA PRIVATE KEY----- BASE64 ENCODED DATA -----END RSA PRIVATE KEY-----
For those requiring a deeper understanding, the PKCS1 base64 contains ASN.1 in DER encoding with the following structure:
RSAPrivateKey ::= SEQUENCE { version Version, modulus INTEGER, -- n publicExponent INTEGER, -- e privateExponent INTEGER, -- d prime1 INTEGER, -- p prime2 INTEGER, -- q exponent1 INTEGER, -- d mod (p-1) exponent2 INTEGER, -- d mod (q-1) coefficient INTEGER, -- (inverse of q) mod p otherPrimeInfos OtherPrimeInfos OPTIONAL }
A private key stored in PKCS#8 format begins and ends with the tags:
-----BEGIN PRIVATE KEY----- BASE64 ENCODED DATA -----END PRIVATE KEY-----
For those requiring a deeper understanding, the PKCS8 base64 contains ASN.1 in DER encoding with the following structure:
PrivateKeyInfo ::= SEQUENCE { version Version, algorithm AlgorithmIdentifier, PrivateKey BIT STRING } AlgorithmIdentifier ::= SEQUENCE { algorithm OBJECT IDENTIFIER, parameters ANY DEFINED BY algorithm OPTIONAL }
Note: Each of the private key Load* methods willl auto-recognize the content and will parse appropriately. The private key should be successfully loaded even when the wrong format data is passed to the wrong method.
Returns 1 for success, 0 for failure.
LoadPemFile
set status [CkPrivateKey_LoadPemFile $path]
Loads a private key from a PEM file.
Returns 1 for success, 0 for failure.
LoadPkcs1
Loads an RSA, ECC, or DSA private key from binary DER.
Note: Each of the private key Load* methods willl auto-recognize the content and will parse appropriately. The private key should be successfully loaded even when the wrong format data is passed to the wrong method.
Returns 1 for success, 0 for failure.
topLoadPkcs1File
set status [CkPrivateKey_LoadPkcs1File $path]
Loads a private key from a PKCS1 file.
Note: Each of the private key Load* methods willl auto-recognize the content and will parse appropriately. The private key should be successfully loaded even when the wrong format data is passed to the wrong method.
Returns 1 for success, 0 for failure.
topLoadPkcs8
Loads a private key from in-memory PKCS8 byte data.
For those requiring a deeper understanding, the PKCS8 contains ASN.1 in DER encoding with the following structure:
PrivateKeyInfo ::= SEQUENCE { version Version, algorithm AlgorithmIdentifier, PrivateKey BIT STRING } AlgorithmIdentifier ::= SEQUENCE { algorithm OBJECT IDENTIFIER, parameters ANY DEFINED BY algorithm OPTIONAL }
Note: Each of the private key Load* methods willl auto-recognize the content and will parse appropriately. The private key should be successfully loaded even when the wrong format data is passed to the wrong method.
Returns 1 for success, 0 for failure.
topLoadPkcs8Encrypted
# password is a string
set status [CkPrivateKey_LoadPkcs8Encrypted $data $password]
Loads a private key from in-memory password-protected PKCS8 byte data.
For those requiring a deeper understanding, the encrypted PKCS8 contains ASN.1 in DER encoding with the following structure:
EncryptedPrivateKeyInfo ::= SEQUENCE { encryptionAlgorithm EncryptionAlgorithmIdentifier, encryptedData EncryptedData } EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier EncryptedData ::= OCTET STRING
Note: Each of the private key Load* methods willl auto-recognize the content and will parse appropriately. The private key should be successfully loaded even when the wrong format data is passed to the wrong method.
Returns 1 for success, 0 for failure.
topLoadPkcs8EncryptedFile
# password is a string
set status [CkPrivateKey_LoadPkcs8EncryptedFile $path $password]
Loads a private key from an encrypted PKCS8 file.
Note: Each of the private key Load* methods willl auto-recognize the content and will parse appropriately. The private key should be successfully loaded even when the wrong format data is passed to the wrong method.
Returns 1 for success, 0 for failure.
LoadPkcs8File
set status [CkPrivateKey_LoadPkcs8File $path]
Loads a private key from a PKCS8 file.
Note: Each of the private key Load* methods willl auto-recognize the content and will parse appropriately. The private key should be successfully loaded even when the wrong format data is passed to the wrong method.
Returns 1 for success, 0 for failure.
topLoadPvk
Loads a private key from in-memory PVK byte data.
Note: Each of the private key Load* methods willl auto-recognize the content and will parse appropriately. The private key should be successfully loaded even when the wrong format data is passed to the wrong method.
Returns 1 for success, 0 for failure.
topLoadPvkFile
# password is a string
set status [CkPrivateKey_LoadPvkFile $path $password]
Loads a private key from a PVK format file.
Note: Each of the private key Load* methods willl auto-recognize the content and will parse appropriately. The private key should be successfully loaded even when the wrong format data is passed to the wrong method.
Returns 1 for success, 0 for failure.
LoadXml
set status [CkPrivateKey_LoadXml $xml]
Loads a private key from an XML string.
RSA keys have this XML format:
<RSAKeyValue> <Modulus>...</Modulus> <Exponent>...</Exponent> <P>...</P> <Q>...</Q> <DP>...</DP> <DQ>...</DQ> <InverseQ>...</InverseQ> <D>...</D> </RSAKeyValue>
DSA keys have this XML format:
<DSAKeyValue> <P>...</P> <Q>...</Q> <G>...</G> <Y>...</Y> <X>...</X> </DSAKeyValue>
ECC keys have this XML format. The CURVE_NAME could be one of secp256r1, secp384r1, secp521r1, secp256k1 (or others as new curves are supported.)
<ECCKeyValue curve="CURVE_NAME">...</ECCKeyValue>
Note: Each of the private key Load* methods willl auto-recognize the content and will parse appropriately. The private key should be successfully loaded even when the wrong format data is passed to the wrong method.
Returns 1 for success, 0 for failure.
topLoadXmlFile
set status [CkPrivateKey_LoadXmlFile $path]
Loads a private key from an XML file.
Note: Each of the private key Load* methods willl auto-recognize the content and will parse appropriately. The private key should be successfully loaded even when the wrong format data is passed to the wrong method.
Returns 1 for success, 0 for failure.
topSavePemFile
set status [CkPrivateKey_SavePemFile $path]
Saves the private key to an unencrypted PKCS1 PEM format file.
Returns 1 for success, 0 for failure.
topSavePkcs1File
set status [CkPrivateKey_SavePkcs1File $path]
Saves the private key to an unencrypted binary PKCS1 format file.
Returns 1 for success, 0 for failure.
topSavePkcs8EncryptedFile
# path is a string
set status [CkPrivateKey_SavePkcs8EncryptedFile $password $path]
Saves the private key to a password-protected PKCS8 format file. The Pkcs8EncryptAlg property controls the encryption algorithm used to encrypt.
Returns 1 for success, 0 for failure.
topSavePkcs8EncryptedPemFile
# path is a string
set status [CkPrivateKey_SavePkcs8EncryptedPemFile $password $path]
Saves the private key to a password-protected PKCS8 PEM format file. The Pkcs8EncryptAlg property controls the encryption algorithm used to encrypt.
Returns 1 for success, 0 for failure.
SavePkcs8File
set status [CkPrivateKey_SavePkcs8File $path]
Saves the private key to an unencrypted binary PKCS8 format file.
Returns 1 for success, 0 for failure.
topSavePkcs8PemFile
set status [CkPrivateKey_SavePkcs8PemFile $path]
SaveXmlFile
set status [CkPrivateKey_SaveXmlFile $path]
UploadToCloud
# jsonOut is a CkJsonObject
set status [CkPrivateKey_UploadToCloud $jsonIn $jsonOut]
This is an open-ended method to accomodate uploading the private key to a cloud service, such as AWS KMS, or Azure Key Vault. For details, see the examples below.
Returns 1 for success, 0 for failure.
topUploadToCloudAsync (1)
# jsonIn is a CkJsonObject
# jsonOut is a CkJsonObject
set ret_task [CkPrivateKey_UploadToCloudAsync $jsonIn $jsonOut]
Creates an asynchronous task to call the UploadToCloud method with the arguments provided. (Async methods are available starting in Chilkat v9.5.0.52.)
Returns NULL on failure
top