Dear experts,
I need RS256 signing for MMQT message signing (yeah!).
SHA256 hash and then RSA - ok.
What I normally do:
set hKey [twapi::crypt_keypair $hCrypt signature]
set hHash [twapi::capi_hash_create $hCrypt sha]
twapi::capi_hash_string $hHash $DataIn
set sig [twapi::capi_hash_sign $hHash signature -nohashoid 1] twapi::capi_hash_free $hHash
return [binary encode base64 $sig]
Theoretically, these are the same steps as RS256.
But there is the PKCS#1 packaging.
TWAPI only has PKCS#7 high level functions.
Is there any way to solve this?
Any answer welcome!
Harald
Harald, I suggest looking at the pki module in tcllib as it might be
simpler though slower.
If your code below is not working as you expect, two things to try -
- remove the -nohashoid option. I think the hash oid inclusion is
required for PKCS#1 but not entirely sure.
- reverse the signature bytes. MS CryptoAPI uses little endian format
while most implementations (including, I think, MS Crypto NG) use big endian.
I remember running into similar questions a long time ago but sorry
cannot recall the details.
/Ashok
On 10/23/2025 5:57 PM, Harald Oehlmann wrote:
Dear experts,
I need RS256 signing for MMQT message signing (yeah!).
SHA256 hash and then RSA - ok.
What I normally do:
set hKey [twapi::crypt_keypair $hCrypt signature]
set hHash [twapi::capi_hash_create $hCrypt sha]
twapi::capi_hash_string $hHash $DataIn
set sig [twapi::capi_hash_sign $hHash signature -nohashoid 1]
twapi::capi_hash_free $hHash
return [binary encode base64 $sig]
Theoretically, these are the same steps as RS256.
But there is the PKCS#1 packaging.
TWAPI only has PKCS#7 high level functions.
Is there any way to solve this?
Any answer welcome!
Harald
Thanks Ashok, I appreciate !
Take care,
Harald
Am 29.10.2025 um 04:06 schrieb Ashok:
Harald, I suggest looking at the pki module in tcllib as it might be
simpler though slower.
If your code below is not working as you expect, two things to try -
- remove the -nohashoid option. I think the hash oid inclusion is
required for PKCS#1 but not entirely sure.
- reverse the signature bytes. MS CryptoAPI uses little endian format
while most implementations (including, I think, MS Crypto NG) use big
endian.
I remember running into similar questions a long time ago but sorry
cannot recall the details.
/Ashok
On 10/23/2025 5:57 PM, Harald Oehlmann wrote:
Dear experts,
I need RS256 signing for MMQT message signing (yeah!).
SHA256 hash and then RSA - ok.
What I normally do:
set hKey [twapi::crypt_keypair $hCrypt signature]
set hHash [twapi::capi_hash_create $hCrypt sha]
twapi::capi_hash_string $hHash $DataIn
set sig [twapi::capi_hash_sign $hHash signature -nohashoid 1]
twapi::capi_hash_free $hHash
return [binary encode base64 $sig]
Theoretically, these are the same steps as RS256.
But there is the PKCS#1 packaging.
TWAPI only has PKCS#7 high level functions.
Is there any way to solve this?
Any answer welcome!
Harald
Is there a chance to switch in TWAPI to the new crypto API?
We have dropped Vista compatibility?
I don't miss anything, all works great, just a question...
Only bug fixes going into twapi now, no new features. The new crypto API would be pretty much a rewrite so I'm afraid that is not likely.
On 10/29/2025 2:22 PM, Harald Oehlmann wrote:
Is there a chance to switch in TWAPI to the new crypto API?
We have dropped Vista compatibility?
I don't miss anything, all works great, just a question...
| Sysop: | DaiTengu |
|---|---|
| Location: | Appleton, WI |
| Users: | 1,089 |
| Nodes: | 10 (0 / 10) |
| Uptime: | 153:53:34 |
| Calls: | 13,921 |
| Calls today: | 2 |
| Files: | 187,021 |
| D/L today: |
3,760 files (944M bytes) |
| Messages: | 2,457,163 |