969 lines
46 KiB
C
969 lines
46 KiB
C
|
// CkRsaW.h: interface for the CkRsaW class.
|
||
|
|
//
|
||
|
|
//////////////////////////////////////////////////////////////////////
|
||
|
|
|
||
|
|
// This header is generated for Chilkat 11.3.0
|
||
|
|
|
||
|
|
#ifndef _CkRsaW_H
|
||
|
|
#define _CkRsaW_H
|
||
|
|
|
||
|
|
#include "chilkatDefs.h"
|
||
|
|
#include "CkString.h"
|
||
|
|
#include "CkWideCharBase.h"
|
||
|
|
|
||
|
|
class CkBinDataW;
|
||
|
|
class CkByteData;
|
||
|
|
class CkPrivateKeyW;
|
||
|
|
class CkPublicKeyW;
|
||
|
|
class CkCertW;
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
#if !defined(__sun__) && !defined(__sun)
|
||
|
|
#pragma pack (push, 8)
|
||
|
|
#endif
|
||
|
|
|
||
|
|
|
||
|
|
// CLASS: CkRsaW
|
||
|
|
class CK_VISIBLE_PUBLIC CkRsaW : public CkWideCharBase
|
||
|
|
{
|
||
|
|
|
||
|
|
|
||
|
|
private:
|
||
|
|
|
||
|
|
// Don't allow assignment or copying these objects.
|
||
|
|
CkRsaW(const CkRsaW &);
|
||
|
|
CkRsaW &operator=(const CkRsaW &);
|
||
|
|
|
||
|
|
public:
|
||
|
|
CkRsaW(void);
|
||
|
|
virtual ~CkRsaW(void);
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
static CkRsaW *createNew(void);
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
void CK_VISIBLE_PRIVATE inject(void *impl);
|
||
|
|
|
||
|
|
// May be called when finished with the object to free/dispose of any
|
||
|
|
// internal resources held by the object.
|
||
|
|
void dispose(void);
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
// BEGIN PUBLIC INTERFACE
|
||
|
|
|
||
|
|
// ----------------------
|
||
|
|
// Properties
|
||
|
|
// ----------------------
|
||
|
|
// This property specifies the character encoding used to represent text as bytes
|
||
|
|
// for encryption, decryption, signing, and signature validation. By default, it
|
||
|
|
// uses the computer's ANSI charset, such as Windows-1252 for locales like the
|
||
|
|
// United States, United Kingdom, Western Europe, Australia, and New Zealand.
|
||
|
|
//
|
||
|
|
// Most applications are advised to set this property to UTF-8 . Chilkat plans to
|
||
|
|
// change its default to UTF-8 in a future major version to align with current
|
||
|
|
// standards. The current default of ANSI stems from a time when UTF-8 was not
|
||
|
|
// widely adopted.
|
||
|
|
//
|
||
|
|
void get_Charset(CkString &str);
|
||
|
|
// This property specifies the character encoding used to represent text as bytes
|
||
|
|
// for encryption, decryption, signing, and signature validation. By default, it
|
||
|
|
// uses the computer's ANSI charset, such as Windows-1252 for locales like the
|
||
|
|
// United States, United Kingdom, Western Europe, Australia, and New Zealand.
|
||
|
|
//
|
||
|
|
// Most applications are advised to set this property to UTF-8 . Chilkat plans to
|
||
|
|
// change its default to UTF-8 in a future major version to align with current
|
||
|
|
// standards. The current default of ANSI stems from a time when UTF-8 was not
|
||
|
|
// widely adopted.
|
||
|
|
//
|
||
|
|
const wchar_t *charset(void);
|
||
|
|
// This property specifies the character encoding used to represent text as bytes
|
||
|
|
// for encryption, decryption, signing, and signature validation. By default, it
|
||
|
|
// uses the computer's ANSI charset, such as Windows-1252 for locales like the
|
||
|
|
// United States, United Kingdom, Western Europe, Australia, and New Zealand.
|
||
|
|
//
|
||
|
|
// Most applications are advised to set this property to UTF-8 . Chilkat plans to
|
||
|
|
// change its default to UTF-8 in a future major version to align with current
|
||
|
|
// standards. The current default of ANSI stems from a time when UTF-8 was not
|
||
|
|
// widely adopted.
|
||
|
|
//
|
||
|
|
void put_Charset(const wchar_t *newVal);
|
||
|
|
|
||
|
|
// This property defines the encoding for methods ending in ENC , such as
|
||
|
|
// EncryptStringENC. Valid modes include base64 , hex , hex_lower , and more. The
|
||
|
|
// encoding mode applies to signatures, encrypted data, and hashes used in or
|
||
|
|
// returned by a method.
|
||
|
|
void get_EncodingMode(CkString &str);
|
||
|
|
// This property defines the encoding for methods ending in ENC , such as
|
||
|
|
// EncryptStringENC. Valid modes include base64 , hex , hex_lower , and more. The
|
||
|
|
// encoding mode applies to signatures, encrypted data, and hashes used in or
|
||
|
|
// returned by a method.
|
||
|
|
const wchar_t *encodingMode(void);
|
||
|
|
// This property defines the encoding for methods ending in ENC , such as
|
||
|
|
// EncryptStringENC. Valid modes include base64 , hex , hex_lower , and more. The
|
||
|
|
// encoding mode applies to signatures, encrypted data, and hashes used in or
|
||
|
|
// returned by a method.
|
||
|
|
void put_EncodingMode(const wchar_t *newVal);
|
||
|
|
|
||
|
|
// When creating RSA signatures, this property determines the endianness: set it to
|
||
|
|
// true for little-endian signatures and false for big-endian signatures.
|
||
|
|
bool get_LittleEndian(void);
|
||
|
|
// When creating RSA signatures, this property determines the endianness: set it to
|
||
|
|
// true for little-endian signatures and false for big-endian signatures.
|
||
|
|
void put_LittleEndian(bool newVal);
|
||
|
|
|
||
|
|
// If true, skips unpadding when decrypting. The default is false. This
|
||
|
|
// property value is typically left unchanged.
|
||
|
|
bool get_NoUnpad(void);
|
||
|
|
// If true, skips unpadding when decrypting. The default is false. This
|
||
|
|
// property value is typically left unchanged.
|
||
|
|
void put_NoUnpad(bool newVal);
|
||
|
|
|
||
|
|
// The bit length, such as 2048, of the imported or generated RSA key.
|
||
|
|
int get_NumBits(void);
|
||
|
|
|
||
|
|
// Selects the hash algorithm for use within OAEP padding for encryption. The valid
|
||
|
|
// choices are sha256 , sha384 , sha512 , or sha1 .
|
||
|
|
//
|
||
|
|
// The default is SHA1. You'll likely want to change this to to SHA256. The next
|
||
|
|
// major version of Chilkat (11.0.0) will change the default to SHA256.
|
||
|
|
//
|
||
|
|
void get_OaepHash(CkString &str);
|
||
|
|
// Selects the hash algorithm for use within OAEP padding for encryption. The valid
|
||
|
|
// choices are sha256 , sha384 , sha512 , or sha1 .
|
||
|
|
//
|
||
|
|
// The default is SHA1. You'll likely want to change this to to SHA256. The next
|
||
|
|
// major version of Chilkat (11.0.0) will change the default to SHA256.
|
||
|
|
//
|
||
|
|
const wchar_t *oaepHash(void);
|
||
|
|
// Selects the hash algorithm for use within OAEP padding for encryption. The valid
|
||
|
|
// choices are sha256 , sha384 , sha512 , or sha1 .
|
||
|
|
//
|
||
|
|
// The default is SHA1. You'll likely want to change this to to SHA256. The next
|
||
|
|
// major version of Chilkat (11.0.0) will change the default to SHA256.
|
||
|
|
//
|
||
|
|
void put_OaepHash(const wchar_t *newVal);
|
||
|
|
|
||
|
|
// The optional RSA encryption OAEP label is a hex representation of the label
|
||
|
|
// bytes used for encrypting with OAEP padding. Typically, this is left empty (0
|
||
|
|
// bytes) unless there's a specific requirement to set it.
|
||
|
|
void get_OaepLabel(CkString &str);
|
||
|
|
// The optional RSA encryption OAEP label is a hex representation of the label
|
||
|
|
// bytes used for encrypting with OAEP padding. Typically, this is left empty (0
|
||
|
|
// bytes) unless there's a specific requirement to set it.
|
||
|
|
const wchar_t *oaepLabel(void);
|
||
|
|
// The optional RSA encryption OAEP label is a hex representation of the label
|
||
|
|
// bytes used for encrypting with OAEP padding. Typically, this is left empty (0
|
||
|
|
// bytes) unless there's a specific requirement to set it.
|
||
|
|
void put_OaepLabel(const wchar_t *newVal);
|
||
|
|
|
||
|
|
// Selects the MGF (mask generation) hash algorithm for use within OAEP padding for
|
||
|
|
// encryption. The valid choices are sha256 , sha384 , sha512 , or sha1 .
|
||
|
|
//
|
||
|
|
// Note: This property should typically be set to the same value as the OaepHash
|
||
|
|
// property. Many software implementations are not able to handle cases where the
|
||
|
|
// MGF hash is different than the OAEP hash.
|
||
|
|
//
|
||
|
|
// The default is SHA1. You'll likely want to change this to to SHA256. The next
|
||
|
|
// major version of Chilkat (11.0.0) will change the default to SHA256.
|
||
|
|
//
|
||
|
|
void get_OaepMgfHash(CkString &str);
|
||
|
|
// Selects the MGF (mask generation) hash algorithm for use within OAEP padding for
|
||
|
|
// encryption. The valid choices are sha256 , sha384 , sha512 , or sha1 .
|
||
|
|
//
|
||
|
|
// Note: This property should typically be set to the same value as the OaepHash
|
||
|
|
// property. Many software implementations are not able to handle cases where the
|
||
|
|
// MGF hash is different than the OAEP hash.
|
||
|
|
//
|
||
|
|
// The default is SHA1. You'll likely want to change this to to SHA256. The next
|
||
|
|
// major version of Chilkat (11.0.0) will change the default to SHA256.
|
||
|
|
//
|
||
|
|
const wchar_t *oaepMgfHash(void);
|
||
|
|
// Selects the MGF (mask generation) hash algorithm for use within OAEP padding for
|
||
|
|
// encryption. The valid choices are sha256 , sha384 , sha512 , or sha1 .
|
||
|
|
//
|
||
|
|
// Note: This property should typically be set to the same value as the OaepHash
|
||
|
|
// property. Many software implementations are not able to handle cases where the
|
||
|
|
// MGF hash is different than the OAEP hash.
|
||
|
|
//
|
||
|
|
// The default is SHA1. You'll likely want to change this to to SHA256. The next
|
||
|
|
// major version of Chilkat (11.0.0) will change the default to SHA256.
|
||
|
|
//
|
||
|
|
void put_OaepMgfHash(const wchar_t *newVal);
|
||
|
|
|
||
|
|
// This property is deprecated and applications should instead use the PkcsPadding
|
||
|
|
// property.
|
||
|
|
//
|
||
|
|
// This property controls both RSA-PSS and OAEP. When set to false, Chilkat uses
|
||
|
|
// PKCS#1 v1.5 padding for both encryption and signature creation. When set to
|
||
|
|
// true, Chilkat uses RSA-PSS padding for signatures, and OAEP padding for
|
||
|
|
// encryption.
|
||
|
|
//
|
||
|
|
// Note: Both OAEP and RSA-PSS incorporate random bytes in the output. Therefore,
|
||
|
|
// the output is different each time even if all of the inputs are identical.
|
||
|
|
//
|
||
|
|
// The default value of this property is false.
|
||
|
|
//
|
||
|
|
// PS> Please accept our apology for not having a separate RsaPss property. This
|
||
|
|
// oversight in design happened approximately 20 years ago. We've refrained from
|
||
|
|
// fixing to avoid backward compatibility problems.
|
||
|
|
//
|
||
|
|
bool get_OaepPadding(void);
|
||
|
|
// This property is deprecated and applications should instead use the PkcsPadding
|
||
|
|
// property.
|
||
|
|
//
|
||
|
|
// This property controls both RSA-PSS and OAEP. When set to false, Chilkat uses
|
||
|
|
// PKCS#1 v1.5 padding for both encryption and signature creation. When set to
|
||
|
|
// true, Chilkat uses RSA-PSS padding for signatures, and OAEP padding for
|
||
|
|
// encryption.
|
||
|
|
//
|
||
|
|
// Note: Both OAEP and RSA-PSS incorporate random bytes in the output. Therefore,
|
||
|
|
// the output is different each time even if all of the inputs are identical.
|
||
|
|
//
|
||
|
|
// The default value of this property is false.
|
||
|
|
//
|
||
|
|
// PS> Please accept our apology for not having a separate RsaPss property. This
|
||
|
|
// oversight in design happened approximately 20 years ago. We've refrained from
|
||
|
|
// fixing to avoid backward compatibility problems.
|
||
|
|
//
|
||
|
|
void put_OaepPadding(bool newVal);
|
||
|
|
|
||
|
|
// This property controls padding for both signing and encryption. The default
|
||
|
|
// value is true, which is to use PKCS#1 v1.5 padding. If set to false, then PSS
|
||
|
|
// padding is used for signatures and OAEP padding is used for encryption.
|
||
|
|
//
|
||
|
|
// This property replaces the deprecated OaepPadding property. Until the
|
||
|
|
// OaepPadding property is removed, setting this property will automatically set
|
||
|
|
// OaepPadding to the opposite, and vice-versa. This is to maintain backward
|
||
|
|
// compatibility until applications can switch to using this new property.
|
||
|
|
//
|
||
|
|
bool get_PkcsPadding(void);
|
||
|
|
// This property controls padding for both signing and encryption. The default
|
||
|
|
// value is true, which is to use PKCS#1 v1.5 padding. If set to false, then PSS
|
||
|
|
// padding is used for signatures and OAEP padding is used for encryption.
|
||
|
|
//
|
||
|
|
// This property replaces the deprecated OaepPadding property. Until the
|
||
|
|
// OaepPadding property is removed, setting this property will automatically set
|
||
|
|
// OaepPadding to the opposite, and vice-versa. This is to maintain backward
|
||
|
|
// compatibility until applications can switch to using this new property.
|
||
|
|
//
|
||
|
|
void put_PkcsPadding(bool newVal);
|
||
|
|
|
||
|
|
// When using RSASSA-PSS padding for signatures, you can choose the PSS salt
|
||
|
|
// length. By default, the salt length is set to -1, which uses the length of the
|
||
|
|
// hash function. For instance, with the SHA256 hash function, the salt length will
|
||
|
|
// be 32 bytes. You can specify a different salt length, like 20 bytes, if needed,
|
||
|
|
// but it's generally recommended to keep the default setting.
|
||
|
|
int get_PssSaltLen(void);
|
||
|
|
// When using RSASSA-PSS padding for signatures, you can choose the PSS salt
|
||
|
|
// length. By default, the salt length is set to -1, which uses the length of the
|
||
|
|
// hash function. For instance, with the SHA256 hash function, the salt length will
|
||
|
|
// be 32 bytes. You can specify a different salt length, like 20 bytes, if needed,
|
||
|
|
// but it's generally recommended to keep the default setting.
|
||
|
|
void put_PssSaltLen(int newVal);
|
||
|
|
|
||
|
|
// This is a catch-all property to be used for uncommon needs. This property
|
||
|
|
// defaults to the empty string and should typically remain empty.
|
||
|
|
void get_UncommonOptions(CkString &str);
|
||
|
|
// This is a catch-all property to be used for uncommon needs. This property
|
||
|
|
// defaults to the empty string and should typically remain empty.
|
||
|
|
const wchar_t *uncommonOptions(void);
|
||
|
|
// This is a catch-all property to be used for uncommon needs. This property
|
||
|
|
// defaults to the empty string and should typically remain empty.
|
||
|
|
void put_UncommonOptions(const wchar_t *newVal);
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
// ----------------------
|
||
|
|
// Methods
|
||
|
|
// ----------------------
|
||
|
|
// RSA decrypts the contents of bd. usePrivateKey should be set to true if the private
|
||
|
|
// key is to be used for decrypting. Otherwise it should be set to false if (in
|
||
|
|
// rare cases) the public key is to be used for decrypting.
|
||
|
|
//
|
||
|
|
// Important: If trying to match OpenSSL results, set the LittleEndian property =
|
||
|
|
// false.
|
||
|
|
//
|
||
|
|
bool DecryptBd(CkBinDataW &bd, bool usePrivateKey);
|
||
|
|
|
||
|
|
// Decrypts byte data using the RSA encryption algorithm. usePrivateKey should be set to
|
||
|
|
// true if the private key is to be used for decrypting. Otherwise it should be
|
||
|
|
// set to false if (in rare cases) the public key is to be used for decrypting.
|
||
|
|
//
|
||
|
|
// Important: If trying to match OpenSSL results, set the LittleEndian property =
|
||
|
|
// false.
|
||
|
|
//
|
||
|
|
bool DecryptBytes(CkByteData &inData, bool usePrivateKey, CkByteData &outData);
|
||
|
|
|
||
|
|
// Decrypts str using the RSA algorithm. str is the encoded form of the encrypted
|
||
|
|
// binary data. The EncodingMode property defines str's encoding. Set bUsePrivateKey to
|
||
|
|
// true to use the private key for decryption; otherwise, set it to false to
|
||
|
|
// use the public key (in rare cases).
|
||
|
|
//
|
||
|
|
// Important: If trying to match OpenSSL results, set the LittleEndian property =
|
||
|
|
// false.
|
||
|
|
//
|
||
|
|
bool DecryptBytesENC(const wchar_t *str, bool bUsePrivateKey, CkByteData &outData);
|
||
|
|
|
||
|
|
// Decrypts encBytes with the RSA algorithm. encBytes holds the encrypted binary data. The
|
||
|
|
// Charset property specifies the byte representation for interpreting the
|
||
|
|
// decrypted text. Set usePrivateKey to true to use the private key for decryption;
|
||
|
|
// otherwise, set usePrivateKey to false to use the public key (used rarely). Returns the
|
||
|
|
// decrypted string.
|
||
|
|
//
|
||
|
|
// Important: If trying to match OpenSSL results, set the LittleEndian property =
|
||
|
|
// false.
|
||
|
|
//
|
||
|
|
bool DecryptString(CkByteData &encBytes, bool usePrivateKey, CkString &outStr);
|
||
|
|
// Decrypts encBytes with the RSA algorithm. encBytes holds the encrypted binary data. The
|
||
|
|
// Charset property specifies the byte representation for interpreting the
|
||
|
|
// decrypted text. Set usePrivateKey to true to use the private key for decryption;
|
||
|
|
// otherwise, set usePrivateKey to false to use the public key (used rarely). Returns the
|
||
|
|
// decrypted string.
|
||
|
|
//
|
||
|
|
// Important: If trying to match OpenSSL results, set the LittleEndian property =
|
||
|
|
// false.
|
||
|
|
//
|
||
|
|
const wchar_t *decryptString(CkByteData &encBytes, bool usePrivateKey);
|
||
|
|
|
||
|
|
// Decrypts str with the RSA algorithm. str is the encoded form of the encrypted
|
||
|
|
// binary data. The EncodingMode property defines str's encoding. The Charset
|
||
|
|
// property specifies the byte representation for interpreting the decrypted text.
|
||
|
|
// Set usePrivateKey to true to use the private key for decryption; otherwise, set usePrivateKey to
|
||
|
|
// false to use the public key (used rarely). Returns the decrypted string.
|
||
|
|
//
|
||
|
|
// Important: If trying to match OpenSSL results, set the LittleEndian property =
|
||
|
|
// false.
|
||
|
|
//
|
||
|
|
bool DecryptStringENC(const wchar_t *str, bool usePrivateKey, CkString &outStr);
|
||
|
|
// Decrypts str with the RSA algorithm. str is the encoded form of the encrypted
|
||
|
|
// binary data. The EncodingMode property defines str's encoding. The Charset
|
||
|
|
// property specifies the byte representation for interpreting the decrypted text.
|
||
|
|
// Set usePrivateKey to true to use the private key for decryption; otherwise, set usePrivateKey to
|
||
|
|
// false to use the public key (used rarely). Returns the decrypted string.
|
||
|
|
//
|
||
|
|
// Important: If trying to match OpenSSL results, set the LittleEndian property =
|
||
|
|
// false.
|
||
|
|
//
|
||
|
|
const wchar_t *decryptStringENC(const wchar_t *str, bool usePrivateKey);
|
||
|
|
|
||
|
|
// RSA encrypts the contents of bd. Set usePrivateKey to false to use the public key for
|
||
|
|
// encrypting; otherwise, set it to true to use the private key (in rare cases).
|
||
|
|
//
|
||
|
|
// Important: If trying to match OpenSSL results, set the LittleEndian property =
|
||
|
|
// false.
|
||
|
|
//
|
||
|
|
// Note: The public key's role is to make encryption accessible to anyone while
|
||
|
|
// ensuring that only the private key holder can decrypt the messages. The public
|
||
|
|
// key is designed to be widely distributed so anyone can use it to encrypt
|
||
|
|
// messages intended for the owner of the private key.
|
||
|
|
//
|
||
|
|
bool EncryptBd(CkBinDataW &bd, bool usePrivateKey);
|
||
|
|
|
||
|
|
// Encrypts byte data using the RSA encryption algorithm. Set usePrivateKey to false to
|
||
|
|
// use the public key for encrypting; otherwise, set it to true to use the
|
||
|
|
// private key (in rare cases).
|
||
|
|
//
|
||
|
|
// Important: If trying to match OpenSSL results, set the LittleEndian property =
|
||
|
|
// false.
|
||
|
|
//
|
||
|
|
// Note: The public key's role is to make encryption accessible to anyone while
|
||
|
|
// ensuring that only the private key holder can decrypt the messages. The public
|
||
|
|
// key is designed to be widely distributed so anyone can use it to encrypt
|
||
|
|
// messages intended for the owner of the private key.
|
||
|
|
//
|
||
|
|
bool EncryptBytes(CkByteData &binaryData, bool usePrivateKey, CkByteData &outData);
|
||
|
|
|
||
|
|
// Encrypts data using the RSA algorithm. Set bUsePrivateKey to false to use the public key
|
||
|
|
// for encrypting; otherwise, set it to true to use the private key (in rare
|
||
|
|
// cases). The encrypted data is returned in the format specified by the
|
||
|
|
// EncodingMode property.
|
||
|
|
//
|
||
|
|
// Important: If trying to match OpenSSL results, set the LittleEndian property =
|
||
|
|
// false.
|
||
|
|
//
|
||
|
|
// Note: The public key's role is to make encryption accessible to anyone while
|
||
|
|
// ensuring that only the private key holder can decrypt the messages. The public
|
||
|
|
// key is designed to be widely distributed so anyone can use it to encrypt
|
||
|
|
// messages intended for the owner of the private key.
|
||
|
|
//
|
||
|
|
bool EncryptBytesENC(CkByteData &data, bool bUsePrivateKey, CkString &outStr);
|
||
|
|
// Encrypts data using the RSA algorithm. Set bUsePrivateKey to false to use the public key
|
||
|
|
// for encrypting; otherwise, set it to true to use the private key (in rare
|
||
|
|
// cases). The encrypted data is returned in the format specified by the
|
||
|
|
// EncodingMode property.
|
||
|
|
//
|
||
|
|
// Important: If trying to match OpenSSL results, set the LittleEndian property =
|
||
|
|
// false.
|
||
|
|
//
|
||
|
|
// Note: The public key's role is to make encryption accessible to anyone while
|
||
|
|
// ensuring that only the private key holder can decrypt the messages. The public
|
||
|
|
// key is designed to be widely distributed so anyone can use it to encrypt
|
||
|
|
// messages intended for the owner of the private key.
|
||
|
|
//
|
||
|
|
const wchar_t *encryptBytesENC(CkByteData &data, bool bUsePrivateKey);
|
||
|
|
|
||
|
|
// Encrypts stringToEncrypt with the RSA algorithm. The Charset property specifies the byte
|
||
|
|
// representation of the string that is encrypted. Set usePrivateKey to false to use the
|
||
|
|
// public key for encrypting; otherwise, set it to true to use the private key
|
||
|
|
// (in rare cases).
|
||
|
|
//
|
||
|
|
// Important: If trying to match OpenSSL results, set the LittleEndian property =
|
||
|
|
// false.
|
||
|
|
//
|
||
|
|
// Note: The public key's role is to make encryption accessible to anyone while
|
||
|
|
// ensuring that only the private key holder can decrypt the messages. The public
|
||
|
|
// key is designed to be widely distributed so anyone can use it to encrypt
|
||
|
|
// messages intended for the owner of the private key.
|
||
|
|
//
|
||
|
|
bool EncryptString(const wchar_t *stringToEncrypt, bool usePrivateKey, CkByteData &outData);
|
||
|
|
|
||
|
|
// Encrypts str with the RSA algorithm. The Charset property specifies the byte
|
||
|
|
// representation of the string that is encrypted. Set bUsePrivateKey to false to use the
|
||
|
|
// public key for encrypting; otherwise, set it to true to use the private key
|
||
|
|
// (in rare cases). The encrypted data is returned in the format specified by the
|
||
|
|
// EncodingMode property.
|
||
|
|
//
|
||
|
|
// Important: If trying to match OpenSSL results, set the LittleEndian property =
|
||
|
|
// false.
|
||
|
|
//
|
||
|
|
// Note: The public key's role is to make encryption accessible to anyone while
|
||
|
|
// ensuring that only the private key holder can decrypt the messages. The public
|
||
|
|
// key is designed to be widely distributed so anyone can use it to encrypt
|
||
|
|
// messages intended for the owner of the private key.
|
||
|
|
//
|
||
|
|
bool EncryptStringENC(const wchar_t *str, bool bUsePrivateKey, CkString &outStr);
|
||
|
|
// Encrypts str with the RSA algorithm. The Charset property specifies the byte
|
||
|
|
// representation of the string that is encrypted. Set bUsePrivateKey to false to use the
|
||
|
|
// public key for encrypting; otherwise, set it to true to use the private key
|
||
|
|
// (in rare cases). The encrypted data is returned in the format specified by the
|
||
|
|
// EncodingMode property.
|
||
|
|
//
|
||
|
|
// Important: If trying to match OpenSSL results, set the LittleEndian property =
|
||
|
|
// false.
|
||
|
|
//
|
||
|
|
// Note: The public key's role is to make encryption accessible to anyone while
|
||
|
|
// ensuring that only the private key holder can decrypt the messages. The public
|
||
|
|
// key is designed to be widely distributed so anyone can use it to encrypt
|
||
|
|
// messages intended for the owner of the private key.
|
||
|
|
//
|
||
|
|
const wchar_t *encryptStringENC(const wchar_t *str, bool bUsePrivateKey);
|
||
|
|
|
||
|
|
// This method is deprecated and should no longer be needed because the new GenKey
|
||
|
|
// method replaces the GenerateKey method.
|
||
|
|
//
|
||
|
|
// Exports the private-key of an RSA key pair to XML format. This is typically
|
||
|
|
// called after generating a new RSA key via the GenerateKey method.
|
||
|
|
//
|
||
|
|
bool ExportPrivateKey(CkString &outStr);
|
||
|
|
// This method is deprecated and should no longer be needed because the new GenKey
|
||
|
|
// method replaces the GenerateKey method.
|
||
|
|
//
|
||
|
|
// Exports the private-key of an RSA key pair to XML format. This is typically
|
||
|
|
// called after generating a new RSA key via the GenerateKey method.
|
||
|
|
//
|
||
|
|
const wchar_t *exportPrivateKey(void);
|
||
|
|
|
||
|
|
// This method is deprecated and should no longer be needed because the new GenKey
|
||
|
|
// method replaces the GenerateKey method.
|
||
|
|
//
|
||
|
|
// Exports the private-key to a private key object. This is typically called after
|
||
|
|
// generating a new RSA key via the GenerateKey method. Once the private key object
|
||
|
|
// is obtained, it may be saved in a variety of different formats.
|
||
|
|
//
|
||
|
|
// The caller is responsible for deleting the object returned by this method.
|
||
|
|
CkPrivateKeyW *ExportPrivateKeyObj(void);
|
||
|
|
|
||
|
|
// This method is deprecated and should no longer be needed because the new GenKey
|
||
|
|
// method replaces the GenerateKey method.
|
||
|
|
//
|
||
|
|
// Exports the public-key of an RSA key pair to XML format. This is typically
|
||
|
|
// called after generating a new RSA key via the GenerateKey method.
|
||
|
|
//
|
||
|
|
bool ExportPublicKey(CkString &outStr);
|
||
|
|
// This method is deprecated and should no longer be needed because the new GenKey
|
||
|
|
// method replaces the GenerateKey method.
|
||
|
|
//
|
||
|
|
// Exports the public-key of an RSA key pair to XML format. This is typically
|
||
|
|
// called after generating a new RSA key via the GenerateKey method.
|
||
|
|
//
|
||
|
|
const wchar_t *exportPublicKey(void);
|
||
|
|
|
||
|
|
// This method is deprecated and should no longer be needed because the new GenKey
|
||
|
|
// method replaces the GenerateKey method.
|
||
|
|
//
|
||
|
|
// Exports the public key to a public key object. Once the public key object is
|
||
|
|
// obtained, it may be saved in a variety of different formats.
|
||
|
|
//
|
||
|
|
// The caller is responsible for deleting the object returned by this method.
|
||
|
|
CkPublicKeyW *ExportPublicKeyObj(void);
|
||
|
|
|
||
|
|
// This method is deprecated. Applications should instead call GenKey .
|
||
|
|
//
|
||
|
|
// Generates a new RSA public/private key pair. The number of bits can range from
|
||
|
|
// 512 to 8192. Typical key lengths are 1024, 2048, or 4096 bits. After successful
|
||
|
|
// generation, the public/private parts of the key can be exported to XML via the
|
||
|
|
// ExportPrivateKey and ExportPublicKey methods.
|
||
|
|
//
|
||
|
|
// Note: Generating an 8192-bit RSA key can take a considerable amount of time.
|
||
|
|
// There are no event callbacks or progress monitoring for RSA key generation.
|
||
|
|
// Calling this will block the thread until it returns.
|
||
|
|
//
|
||
|
|
bool GenerateKey(int numBits);
|
||
|
|
|
||
|
|
// Generates a new RSA key and stores it in privKey. numBits specifies the key length,
|
||
|
|
// which can range from 512 to 8192 bits. Common key lengths are 1024, 2048, or
|
||
|
|
// 4096 bits.
|
||
|
|
//
|
||
|
|
// Note: Generating an 8192-bit key may take a significant amount of time. The
|
||
|
|
// method does not support event callbacks or progress monitoring and will block
|
||
|
|
// the thread until completion.
|
||
|
|
//
|
||
|
|
bool GenKey(int numBits, CkPrivateKeyW &privKey);
|
||
|
|
|
||
|
|
// This method is deprecated. Applications should instead call UsePrivateKey .
|
||
|
|
//
|
||
|
|
// Imports a private key from XML format. After successful import, the private key
|
||
|
|
// can be used to encrypt or decrypt. A private key (by definition) contains both
|
||
|
|
// private and public parts. This is because the public key consist of modulus and
|
||
|
|
// exponent. The private key consists of modulus, exponent, P, Q, DP, DQ, InverseQ,
|
||
|
|
// and D using base64 representation:_LT_RSAKeyValue>
|
||
|
|
// _LT_Modulus>..._LT_/Modulus>
|
||
|
|
// _LT_Exponent>..._LT_/Exponent>
|
||
|
|
// _LT_P>..._LT_/P>
|
||
|
|
// _LT_Q>..._LT_/Q>
|
||
|
|
// _LT_DP>..._LT_/DP>
|
||
|
|
// _LT_DQ>..._LT_/DQ>
|
||
|
|
// _LT_InverseQ>..._LT_/InverseQ>
|
||
|
|
// _LT_D>..._LT_/D>
|
||
|
|
// _LT_/RSAKeyValue>
|
||
|
|
//
|
||
|
|
//
|
||
|
|
// Important: The Rsa object can contain either a private key or a public key, but
|
||
|
|
// not both. Importing a private key overwrites the existing key regardless of
|
||
|
|
// whether the type of key is public or private.
|
||
|
|
//
|
||
|
|
bool ImportPrivateKey(const wchar_t *xmlKey);
|
||
|
|
|
||
|
|
// This method is deprecated. Applications should instead call UsePrivateKey .
|
||
|
|
//
|
||
|
|
// Imports a private key from a private key object. The imported private key is
|
||
|
|
// used in methods that sign or decrypt.
|
||
|
|
//
|
||
|
|
bool ImportPrivateKeyObj(CkPrivateKeyW &key);
|
||
|
|
|
||
|
|
// This method is deprecated. Applications should instead call UsePublicKey .
|
||
|
|
//
|
||
|
|
// Imports a public key from XML format. After successful import, the public key
|
||
|
|
// can be used to encrypt or decrypt.
|
||
|
|
//
|
||
|
|
// Note: Importing a public key overwrites the key that is currently contained in
|
||
|
|
// this object - even if it's a private key.
|
||
|
|
//
|
||
|
|
// A public key consists of modulus and exponent using base64 representation:_LT_RSAPublicKey>
|
||
|
|
// _LT_Modulus>..._LT_/Modulus>
|
||
|
|
// _LT_Exponent>..._LT_/Exponent>
|
||
|
|
// _LT_/RSAPublicKey>
|
||
|
|
//
|
||
|
|
//
|
||
|
|
// Important: The Rsa object can contain either a private key or a public key, but
|
||
|
|
// not both. Importing a private key overwrites the existing key regardless of
|
||
|
|
// whether the type of key is public or private.
|
||
|
|
//
|
||
|
|
bool ImportPublicKey(const wchar_t *xmlKey);
|
||
|
|
|
||
|
|
// This method is deprecated. Applications should instead call UsePublicKey .
|
||
|
|
//
|
||
|
|
// Imports a public key from a public key object. The imported public key is used
|
||
|
|
// in methods that encrypt data or verify signatures.
|
||
|
|
//
|
||
|
|
bool ImportPublicKeyObj(CkPublicKeyW &key);
|
||
|
|
|
||
|
|
// This method is deprecated and applications should instead call SignRawBd .
|
||
|
|
//
|
||
|
|
// The Chilkat RSA functions having names beginning with OpenSsl are provided to
|
||
|
|
// duplicate OpenSSL's rsautl functionality, which is to directly sign raw input
|
||
|
|
// data using an RSA private key without performing additional steps like hashing
|
||
|
|
// or ASN.1 encapsulation. These functions always use PKCS#1 v1.5 padding (because
|
||
|
|
// rsautl always uses PKCS#1 v1.5 padding and never RSA-PSS).
|
||
|
|
//
|
||
|
|
// The maximum number of bytes that can be signed in any of the OpenSsl functions
|
||
|
|
// depends on the size of the RSA key. It is equal to the Key Size in Bytes - 11.
|
||
|
|
// Thus for a 2048-bit key, the maximum data size = 256 - 11 = 245 bytes.
|
||
|
|
//
|
||
|
|
// The bytes to be signed are passed in bd. If successful, the contents of bd
|
||
|
|
// are replaced with the RSA signature.
|
||
|
|
//
|
||
|
|
bool OpenSslSignBd(CkBinDataW &bd);
|
||
|
|
|
||
|
|
// This method is deprecated and applications should instead call SignRawBd .
|
||
|
|
//
|
||
|
|
// The Chilkat RSA functions having names beginning with OpenSsl are provided to
|
||
|
|
// duplicate OpenSSL's rsautl functionality, which is to directly sign raw input
|
||
|
|
// data using an RSA private key without performing additional steps like hashing
|
||
|
|
// or ASN.1 encapsulation. These functions always use PKCS#1 v1.5 padding (because
|
||
|
|
// rsautl always uses PKCS#1 v1.5 padding and never RSA-PSS).
|
||
|
|
//
|
||
|
|
// The maximum number of bytes that can be signed in any of the OpenSsl functions
|
||
|
|
// depends on the size of the RSA key. It is equal to the Key Size in Bytes - 11.
|
||
|
|
// Thus for a 2048-bit key, the maximum data size = 256 - 11 = 245 bytes.
|
||
|
|
//
|
||
|
|
// The bytes to be signed are passed in data. The binary RSA signature is returned.
|
||
|
|
//
|
||
|
|
bool OpenSslSignBytes(CkByteData &data, CkByteData &outBytes);
|
||
|
|
|
||
|
|
// This method is deprecated and applications should instead call SignRawBd .
|
||
|
|
//
|
||
|
|
// The Chilkat RSA functions having names beginning with OpenSsl are provided to
|
||
|
|
// duplicate OpenSSL's rsautl functionality, which is to directly sign raw input
|
||
|
|
// data using an RSA private key without performing additional steps like hashing
|
||
|
|
// or ASN.1 encapsulation. These functions always use PKCS#1 v1.5 padding (because
|
||
|
|
// rsautl always uses PKCS#1 v1.5 padding and never RSA-PSS).
|
||
|
|
//
|
||
|
|
// The maximum number of bytes that can be signed in any of the OpenSsl functions
|
||
|
|
// depends on the size of the RSA key. It is equal to the Key Size in Bytes - 11.
|
||
|
|
// Thus for a 2048-bit key, the maximum data size = 256 - 11 = 245 bytes.
|
||
|
|
//
|
||
|
|
// The bytes to be signed are passed in data. Returns the signature encoded based
|
||
|
|
// on the EncodingMode property.
|
||
|
|
//
|
||
|
|
bool OpenSslSignBytesENC(CkByteData &data, CkString &outStr);
|
||
|
|
// This method is deprecated and applications should instead call SignRawBd .
|
||
|
|
//
|
||
|
|
// The Chilkat RSA functions having names beginning with OpenSsl are provided to
|
||
|
|
// duplicate OpenSSL's rsautl functionality, which is to directly sign raw input
|
||
|
|
// data using an RSA private key without performing additional steps like hashing
|
||
|
|
// or ASN.1 encapsulation. These functions always use PKCS#1 v1.5 padding (because
|
||
|
|
// rsautl always uses PKCS#1 v1.5 padding and never RSA-PSS).
|
||
|
|
//
|
||
|
|
// The maximum number of bytes that can be signed in any of the OpenSsl functions
|
||
|
|
// depends on the size of the RSA key. It is equal to the Key Size in Bytes - 11.
|
||
|
|
// Thus for a 2048-bit key, the maximum data size = 256 - 11 = 245 bytes.
|
||
|
|
//
|
||
|
|
// The bytes to be signed are passed in data. Returns the signature encoded based
|
||
|
|
// on the EncodingMode property.
|
||
|
|
//
|
||
|
|
const wchar_t *openSslSignBytesENC(CkByteData &data);
|
||
|
|
|
||
|
|
// This method is deprecated and applications should instead call SignRawBd .
|
||
|
|
//
|
||
|
|
// The Chilkat RSA functions having names beginning with OpenSsl are provided to
|
||
|
|
// duplicate OpenSSL's rsautl functionality, which is to directly sign raw input
|
||
|
|
// data using an RSA private key without performing additional steps like hashing
|
||
|
|
// or ASN.1 encapsulation. These functions always use PKCS#1 v1.5 padding (because
|
||
|
|
// rsautl always uses PKCS#1 v1.5 padding and never RSA-PSS).
|
||
|
|
//
|
||
|
|
// The maximum number of bytes that can be signed in any of the OpenSsl functions
|
||
|
|
// depends on the size of the RSA key. It is equal to the Key Size in Bytes - 11.
|
||
|
|
// Thus for a 2048-bit key, the maximum data size = 256 - 11 = 245 bytes.
|
||
|
|
//
|
||
|
|
// The string to be signed is passed in str. Returns the binary signature.
|
||
|
|
//
|
||
|
|
bool OpenSslSignString(const wchar_t *str, CkByteData &outBytes);
|
||
|
|
|
||
|
|
// This method is deprecated and applications should instead call SignRawBd .
|
||
|
|
//
|
||
|
|
// The Chilkat RSA functions having names beginning with OpenSsl are provided to
|
||
|
|
// duplicate OpenSSL's rsautl functionality, which is to directly sign raw input
|
||
|
|
// data using an RSA private key without performing additional steps like hashing
|
||
|
|
// or ASN.1 encapsulation. These functions always use PKCS#1 v1.5 padding (because
|
||
|
|
// rsautl always uses PKCS#1 v1.5 padding and never RSA-PSS).
|
||
|
|
//
|
||
|
|
// The maximum number of bytes that can be signed in any of the OpenSsl functions
|
||
|
|
// depends on the size of the RSA key. It is equal to the Key Size in Bytes - 11.
|
||
|
|
// Thus for a 2048-bit key, the maximum data size = 256 - 11 = 245 bytes.
|
||
|
|
//
|
||
|
|
// The string to be signed is passed in str. Returns the signature encoded based
|
||
|
|
// on the EncodingMode property.
|
||
|
|
//
|
||
|
|
bool OpenSslSignStringENC(const wchar_t *str, CkString &outStr);
|
||
|
|
// This method is deprecated and applications should instead call SignRawBd .
|
||
|
|
//
|
||
|
|
// The Chilkat RSA functions having names beginning with OpenSsl are provided to
|
||
|
|
// duplicate OpenSSL's rsautl functionality, which is to directly sign raw input
|
||
|
|
// data using an RSA private key without performing additional steps like hashing
|
||
|
|
// or ASN.1 encapsulation. These functions always use PKCS#1 v1.5 padding (because
|
||
|
|
// rsautl always uses PKCS#1 v1.5 padding and never RSA-PSS).
|
||
|
|
//
|
||
|
|
// The maximum number of bytes that can be signed in any of the OpenSsl functions
|
||
|
|
// depends on the size of the RSA key. It is equal to the Key Size in Bytes - 11.
|
||
|
|
// Thus for a 2048-bit key, the maximum data size = 256 - 11 = 245 bytes.
|
||
|
|
//
|
||
|
|
// The string to be signed is passed in str. Returns the signature encoded based
|
||
|
|
// on the EncodingMode property.
|
||
|
|
//
|
||
|
|
const wchar_t *openSslSignStringENC(const wchar_t *str);
|
||
|
|
|
||
|
|
// This method is deprecated and applications should instead call VerifyRawBd .
|
||
|
|
//
|
||
|
|
// Duplicates OpenSSL's rsautl utility for verifying RSA signatures and recovering
|
||
|
|
// the original data. On input, the bd contains the RSA signature that embeds the
|
||
|
|
// original data. If successful (i.e. the signature was verified), then the bd is
|
||
|
|
// transformed to contain just the original data.
|
||
|
|
//
|
||
|
|
bool OpenSslVerifyBd(CkBinDataW &bd);
|
||
|
|
|
||
|
|
// This method is deprecated and applications should instead call VerifyRawBd .
|
||
|
|
//
|
||
|
|
// Duplicates OpenSSL's rsautl utility for verifying RSA signatures and recovering
|
||
|
|
// the original data. Input data consists of the raw signature bytes and returns
|
||
|
|
// the original bytes.
|
||
|
|
//
|
||
|
|
bool OpenSslVerifyBytes(CkByteData &signature, CkByteData &outBytes);
|
||
|
|
|
||
|
|
// This method is deprecated and applications should instead call VerifyRawBd .
|
||
|
|
//
|
||
|
|
// Duplicates OpenSSL's rsautl utility for verifying RSA signatures and recovering
|
||
|
|
// the original data. Input data is a signature string encoded according to the
|
||
|
|
// EncodingMode property (base64, hex, etc.). Returns the original bytes.
|
||
|
|
//
|
||
|
|
bool OpenSslVerifyBytesENC(const wchar_t *str, CkByteData &outBytes);
|
||
|
|
|
||
|
|
// This method is deprecated and applications should instead call VerifyRawBd .
|
||
|
|
//
|
||
|
|
// Duplicates OpenSSL's rsautl utility for verifying RSA signatures and recovering
|
||
|
|
// the original data. Input data consists of the raw signature bytes and returns
|
||
|
|
// the original string.
|
||
|
|
//
|
||
|
|
bool OpenSslVerifyString(CkByteData &data, CkString &outStr);
|
||
|
|
// This method is deprecated and applications should instead call VerifyRawBd .
|
||
|
|
//
|
||
|
|
// Duplicates OpenSSL's rsautl utility for verifying RSA signatures and recovering
|
||
|
|
// the original data. Input data consists of the raw signature bytes and returns
|
||
|
|
// the original string.
|
||
|
|
//
|
||
|
|
const wchar_t *openSslVerifyString(CkByteData &data);
|
||
|
|
|
||
|
|
// This method is deprecated and applications should instead call VerifyRawBd .
|
||
|
|
//
|
||
|
|
// Duplicates OpenSSL's rsautl utility for verifying RSA signatures and recovering
|
||
|
|
// the original data. Input data is a signature string encoded according to the
|
||
|
|
// EncodingMode property (base64, hex, etc.). Returns the original string.
|
||
|
|
//
|
||
|
|
bool OpenSslVerifyStringENC(const wchar_t *str, CkString &outStr);
|
||
|
|
// This method is deprecated and applications should instead call VerifyRawBd .
|
||
|
|
//
|
||
|
|
// Duplicates OpenSSL's rsautl utility for verifying RSA signatures and recovering
|
||
|
|
// the original data. Input data is a signature string encoded according to the
|
||
|
|
// EncodingMode property (base64, hex, etc.). Returns the original string.
|
||
|
|
//
|
||
|
|
const wchar_t *openSslVerifyStringENC(const wchar_t *str);
|
||
|
|
|
||
|
|
// Provides the private or public key indirectly through a certificate. This method
|
||
|
|
// is used when the private key is inaccessible, such as when stored on a smart
|
||
|
|
// card, USB token, in the Windows registry (marked as non-exportable), or in the
|
||
|
|
// Apple Keychain.
|
||
|
|
bool SetX509Cert(CkCertW &cert, bool usePrivateKey);
|
||
|
|
|
||
|
|
// Generates an RSA digital signature by first hashing the contents of bdData with
|
||
|
|
// the hash algorithm specified by hashAlgorithm, which can be sha256 , sha384 , sha512 , or
|
||
|
|
// sha1 . The resulting signature is written to bdSig.
|
||
|
|
//
|
||
|
|
// Note: It is important to be aware of endianness. Make sure the LittleEndian
|
||
|
|
// property is set according to your specific needs.
|
||
|
|
//
|
||
|
|
bool SignBd(CkBinDataW &bdData, const wchar_t *hashAlgorithm, CkBinDataW &bdSig);
|
||
|
|
|
||
|
|
// Generates an RSA digital signature by first hashing the contents of binaryData with
|
||
|
|
// the hash algorithm specified by hashAlgorithm, which can be sha256 , sha384 , sha512 , or
|
||
|
|
// sha1 . The function returns the binary signature.
|
||
|
|
//
|
||
|
|
// Note: It is important to be aware of endianness. Make sure the LittleEndian
|
||
|
|
// property is set according to your specific needs.
|
||
|
|
//
|
||
|
|
bool SignBytes(CkByteData &binaryData, const wchar_t *hashAlgorithm, CkByteData &outData);
|
||
|
|
|
||
|
|
// Generates an RSA digital signature by first hashing the bytes passed in binaryData
|
||
|
|
// with the hash algorithm specified by hashAlgorithm, which can be sha256 , sha384 , sha512
|
||
|
|
// , or sha1 . Returns the signature encoded based on the EncodingMode property.
|
||
|
|
bool SignBytesENC(CkByteData &binaryData, const wchar_t *hashAlgorithm, CkString &outStr);
|
||
|
|
// Generates an RSA digital signature by first hashing the bytes passed in binaryData
|
||
|
|
// with the hash algorithm specified by hashAlgorithm, which can be sha256 , sha384 , sha512
|
||
|
|
// , or sha1 . Returns the signature encoded based on the EncodingMode property.
|
||
|
|
const wchar_t *signBytesENC(CkByteData &binaryData, const wchar_t *hashAlgorithm);
|
||
|
|
|
||
|
|
// This function creates an RSA digital signature by signing the hash provided in
|
||
|
|
// hashBytes. hashAlg specifies the hash algorithm, which can be sha256 , sha384 , sha512 ,
|
||
|
|
// or sha1 . The function returns the signature in binary format.
|
||
|
|
bool SignHash(CkByteData &hashBytes, const wchar_t *hashAlg, CkByteData &outBytes);
|
||
|
|
|
||
|
|
// This function creates an RSA digital signature for the hash provided in encodedHash,
|
||
|
|
// which should be encoded according to the EncodingMode setting (e.g., base64 if
|
||
|
|
// EncodingMode = base64 ). hashAlg specifies the hash algorithm and can be sha256 ,
|
||
|
|
// sha384 , sha512 , or sha1 . The function returns the signature encoded as
|
||
|
|
// specified by EncodingMode.
|
||
|
|
bool SignHashENC(const wchar_t *encodedHash, const wchar_t *hashAlg, CkString &outStr);
|
||
|
|
// This function creates an RSA digital signature for the hash provided in encodedHash,
|
||
|
|
// which should be encoded according to the EncodingMode setting (e.g., base64 if
|
||
|
|
// EncodingMode = base64 ). hashAlg specifies the hash algorithm and can be sha256 ,
|
||
|
|
// sha384 , sha512 , or sha1 . The function returns the signature encoded as
|
||
|
|
// specified by EncodingMode.
|
||
|
|
const wchar_t *signHashENC(const wchar_t *encodedHash, const wchar_t *hashAlg);
|
||
|
|
|
||
|
|
// This is legacy low-level raw RSA that duplicates the (now deprecated) OpenSSL
|
||
|
|
// rsautl utility. It directly signs raw data rather than signing a hash of the
|
||
|
|
// data. PKCS#1 v1.5 padding is always used. The data to be signed is passed in
|
||
|
|
// bd, and on return the content of bd is replaced with the RSA signed data.
|
||
|
|
//
|
||
|
|
// Note: It is possible to validate and recover the original data by calling
|
||
|
|
// VerifyRawBd .
|
||
|
|
//
|
||
|
|
bool SignRawBd(CkBinDataW &bd);
|
||
|
|
|
||
|
|
// Generates an RSA digital signature by first hashing strToBeHashed with the hash algorithm
|
||
|
|
// specified by hashAlgorithm, which can be sha256 , sha384 , sha512 , or sha1 . The
|
||
|
|
// function returns the binary signature.
|
||
|
|
//
|
||
|
|
// Note: It is recommended to set the Charset property equal to utf-8 before
|
||
|
|
// signing strings.
|
||
|
|
//
|
||
|
|
// Note: It is important to be aware of endianness. Make sure the LittleEndian
|
||
|
|
// property is set according to your specific needs.
|
||
|
|
//
|
||
|
|
bool SignString(const wchar_t *strToBeHashed, const wchar_t *hashAlgorithm, CkByteData &outData);
|
||
|
|
|
||
|
|
// Generates an RSA digital signature by first hashing strToBeHashed with the hash algorithm
|
||
|
|
// specified by hashAlgorithm, which can be sha256 , sha384 , sha512 , or sha1 . Returns the
|
||
|
|
// signature encoded based on the EncodingMode property.
|
||
|
|
//
|
||
|
|
// Note: It is important to be aware of endianness. Make sure the LittleEndian
|
||
|
|
// property is set according to your specific needs.
|
||
|
|
//
|
||
|
|
// Note: It is recommended to set the Charset property equal to utf-8 before
|
||
|
|
// signing strings.
|
||
|
|
//
|
||
|
|
bool SignStringENC(const wchar_t *strToBeHashed, const wchar_t *hashAlgorithm, CkString &outStr);
|
||
|
|
// Generates an RSA digital signature by first hashing strToBeHashed with the hash algorithm
|
||
|
|
// specified by hashAlgorithm, which can be sha256 , sha384 , sha512 , or sha1 . Returns the
|
||
|
|
// signature encoded based on the EncodingMode property.
|
||
|
|
//
|
||
|
|
// Note: It is important to be aware of endianness. Make sure the LittleEndian
|
||
|
|
// property is set according to your specific needs.
|
||
|
|
//
|
||
|
|
// Note: It is recommended to set the Charset property equal to utf-8 before
|
||
|
|
// signing strings.
|
||
|
|
//
|
||
|
|
const wchar_t *signStringENC(const wchar_t *strToBeHashed, const wchar_t *hashAlgorithm);
|
||
|
|
|
||
|
|
// Imports a .snk file to an XML document that can be imported via the
|
||
|
|
// ImportPrivateKey method.
|
||
|
|
bool SnkToXml(const wchar_t *filename, CkString &outStr);
|
||
|
|
// Imports a .snk file to an XML document that can be imported via the
|
||
|
|
// ImportPrivateKey method.
|
||
|
|
const wchar_t *snkToXml(const wchar_t *filename);
|
||
|
|
|
||
|
|
// Imports a private key from privKey to use for signing or decrypting.
|
||
|
|
bool UsePrivateKey(CkPrivateKeyW &privKey);
|
||
|
|
|
||
|
|
// Imports a public key from pubKey to use for encrypting or signature verification.
|
||
|
|
bool UsePublicKey(CkPublicKeyW &pubKey);
|
||
|
|
|
||
|
|
// Verifies the RSA signature passed in bdSig against the original data passed in
|
||
|
|
// bdData. The original data passed in bdData is hashed using the hash algorithm passed
|
||
|
|
// in hashAlgorithm (such as sha256 , sha384 , sha512 , or sha1 ). Returns true if the
|
||
|
|
// signature is validated, and false if not.
|
||
|
|
//
|
||
|
|
// Note: Knowing the exact hash algorithm used to create the signature is not
|
||
|
|
// required. If the signature is not validated using the hash algorithm specified
|
||
|
|
// in hashAlgorithm, Chilkat will automatically try validating using the other supported
|
||
|
|
// algorithms and return success if any validate.
|
||
|
|
//
|
||
|
|
bool VerifyBd(CkBinDataW &bdData, const wchar_t *hashAlgorithm, CkBinDataW &bdSig);
|
||
|
|
|
||
|
|
// Verifies the RSA signature passed in signatureBytes against the original data passed in
|
||
|
|
// originalData. The original data passed in originalData is hashed using the hash algorithm passed
|
||
|
|
// in hashAlgorithm (such as sha256 , sha384 , sha512 , or sha1 ). Returns true if the
|
||
|
|
// signature is validated, and false if not.
|
||
|
|
//
|
||
|
|
// Note: Knowing the exact hash algorithm used to create the signature is not
|
||
|
|
// required. If the signature is not validated using the hash algorithm specified
|
||
|
|
// in hashAlgorithm, Chilkat will automatically try validating using the other supported
|
||
|
|
// algorithms and return success if any validate.
|
||
|
|
//
|
||
|
|
bool VerifyBytes(CkByteData &originalData, const wchar_t *hashAlgorithm, CkByteData &signatureBytes);
|
||
|
|
|
||
|
|
// Verifies the encoded RSA signature passed in encodedSig against the original data
|
||
|
|
// passed in originalData. The original data passed in originalData is hashed using the hash
|
||
|
|
// algorithm passed in hashAlgorithm (such as sha256 , sha384 , sha512 , or sha1 ). Returns
|
||
|
|
// true if the signature is validated, and false if not.
|
||
|
|
//
|
||
|
|
// The signature passed in encodedSig should be encoded according to the EncodingMode
|
||
|
|
// property (e.g., base64 if EncodingMode = base64 )
|
||
|
|
//
|
||
|
|
// Note: Knowing the exact hash algorithm used to create the signature is not
|
||
|
|
// required. If the signature is not validated using the hash algorithm specified
|
||
|
|
// in hashAlgorithm, Chilkat will automatically try validating using the other supported
|
||
|
|
// algorithms and return success if any validate.
|
||
|
|
//
|
||
|
|
bool VerifyBytesENC(CkByteData &originalData, const wchar_t *hashAlgorithm, const wchar_t *encodedSig);
|
||
|
|
|
||
|
|
// Validates an RSA signature provided in sigBytes against the hash of the original
|
||
|
|
// data in hashBytes. Returns true if validation is successful, otherwise returns
|
||
|
|
// false. hashAlg specifies the hash algorithm used for hashBytes, such as sha256 ,
|
||
|
|
// sha384 , sha512 , or sha1 . Ensure the hash's size (e.g., 32 bytes for sha256,
|
||
|
|
// 48 bytes for sha384, 64 bytes for sha512, 20 bytes for sha1) matches that of
|
||
|
|
// hashBytes.
|
||
|
|
bool VerifyHash(CkByteData &hashBytes, const wchar_t *hashAlg, CkByteData &sigBytes);
|
||
|
|
|
||
|
|
// Validates an RSA signature provided in encodedSig against the hash of the original
|
||
|
|
// data in encodedHash. Returns true if validation is successful, otherwise returns
|
||
|
|
// false. hashAlg specifies the hash algorithm used for encodedHash, such as sha256 ,
|
||
|
|
// sha384 , sha512 , or sha1 . Ensure the hash's size (e.g., 32 bytes for sha256,
|
||
|
|
// 48 bytes for sha384, 64 bytes for sha512, 20 bytes for sha1) matches that of
|
||
|
|
// encodedHash.
|
||
|
|
//
|
||
|
|
// Both encodedHash and encodedSig should be encoded according to the EncodingMode property
|
||
|
|
// (e.g., base64 if EncodingMode = base64 )
|
||
|
|
//
|
||
|
|
bool VerifyHashENC(const wchar_t *encodedHash, const wchar_t *hashAlg, const wchar_t *encodedSig);
|
||
|
|
|
||
|
|
// This is legacy low-level raw RSA that duplicates the (now deprecated) OpenSSL
|
||
|
|
// rsautl utility. It validates signed raw data and recovers the original data. The
|
||
|
|
// RSA signature to be verified is passed in bd, and on return the content of
|
||
|
|
// bd is replaced with the original data.
|
||
|
|
bool VerifyRawBd(CkBinDataW &bd);
|
||
|
|
|
||
|
|
// Verifies the RSA signature passed in binarySig against the original data passed in
|
||
|
|
// originalString. The original data passed in originalString is hashed using the hash algorithm passed
|
||
|
|
// in hashAlgorithm (such as sha256 , sha384 , sha512 , or sha1 ). Returns true if the
|
||
|
|
// signature is validated, and false if not.
|
||
|
|
//
|
||
|
|
// Note: Knowing the exact hash algorithm used to create the signature is not
|
||
|
|
// required. If the signature is not validated using the hash algorithm specified
|
||
|
|
// in hashAlgorithm, Chilkat will automatically try validating using the other supported
|
||
|
|
// algorithms and return success if any validate.
|
||
|
|
//
|
||
|
|
bool VerifyString(const wchar_t *originalString, const wchar_t *hashAlgorithm, CkByteData &binarySig);
|
||
|
|
|
||
|
|
// Verifies the encoded RSA signature passed in encodedSig against the original data
|
||
|
|
// passed in originalString. The original data passed in originalString is hashed using the hash
|
||
|
|
// algorithm passed in hashAlgorithm (such as sha256 , sha384 , sha512 , or sha1 ). Returns
|
||
|
|
// true if the signature is validated, and false if not.
|
||
|
|
//
|
||
|
|
// The signature passed in encodedSig should be encoded according to the EncodingMode
|
||
|
|
// property (e.g., base64 if EncodingMode = base64 )
|
||
|
|
//
|
||
|
|
// Note: Knowing the exact hash algorithm used to create the signature is not
|
||
|
|
// required. If the signature is not validated using the hash algorithm specified
|
||
|
|
// in hashAlgorithm, Chilkat will automatically try validating using the other supported
|
||
|
|
// algorithms and return success if any validate.
|
||
|
|
//
|
||
|
|
bool VerifyStringENC(const wchar_t *originalString, const wchar_t *hashAlgorithm, const wchar_t *encodedSig);
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
// END PUBLIC INTERFACE
|
||
|
|
|
||
|
|
|
||
|
|
};
|
||
|
|
#if !defined(__sun__) && !defined(__sun)
|
||
|
|
#pragma pack (pop)
|
||
|
|
#endif
|
||
|
|
|
||
|
|
#endif
|