login about faq


For my last step in XMLDSIG trilogy I need sign sha-1 hash code using RSA.

I try many codes Chlkat, but, on all cases, the Signature Value isn't equal to value obtained in others apps.

The hashcode (plain text) and the certificate are correct. Any Idea???

public String sign(String txt) {
        String retorno = "";
        CkPrivateKey pkey;
        pkey = cert.ExportPrivateKey();
        if (pkey == null) {
            retorno += cert.lastErrorText() + "\n";
            return (retorno);

        String pkeyXml;
        // Get the private key in XML format:
        pkeyXml = pkey.getXml();
        pkeyXml = pkey.getRsaPem();

        CkRsa rsa = new CkRsa();

        // Any string argument automatically begins the 30-day trial.

        Boolean success = rsa.UnlockComponent("30-day trial");
        if (success != true) {
            retorno += "RSA component unlock failed" + "\n";
            return (retorno);

        // Import the private key into the RSA component:
        success = rsa.ImportPrivateKey(pkeyXml);
        if (success != true) {
            retorno += rsa.lastErrorText() + "\n";
            return (retorno);

        // This example will sign a string, and receive the signature
        // in a hex-encoded string. Therefore, set the encoding mode
        // to "hex":
        // rsa.put_EncodingMode("hex");

        // If some other non-Chilkat application or web service is going to be
        // verifying
        // the signature, it is important to match the byte-ordering.
        // The LittleEndian property may be set to true
        // for little-endian byte ordering,
        // or false for big-endian byte ordering.
        // Microsoft apps typically use little-endian, while
        // OpenSSL and other services (such as Amazon CloudFront)
        // use big-endian.

        String strData;
        strData = txt;

        // Sign the string using the sha-1 hash algorithm.
        // Other valid choices are "md2" and "md5".
        String SignatureValue="";
        //SignatureValue  += "\n\nsignStringENC -> ";
        //SignatureValue += rsa.signStringENC(strData, "sha-1");
        //SignatureValue  += "\n\nsignStringENC -> ";
        //SignatureValue += rsa.signStringENC(strData, "sha-1");
        //SignatureValue  += "\n\nsignHashENC -> ";
        //SignatureValue += rsa.signHashENC("28p9P8ov68imSmbU7uYrHEhOAuw=","base64");
        //SignatureValue  += "\n\nencryptStringENC, true -> ";
        //SignatureValue += rsa.encryptStringENC(strData,true);
        //SignatureValue  += "\n\nencryptStringENC, false -> ";
        //SignatureValue += rsa.encryptStringENC("28p9P8ov68imSmbU7uYrHEhOAuw=",false);

        //String msg = rsa.encryptStringENC("28p9P8ov68imSmbU7uYrHEhOAuw=",true);
        //SignatureValue  += "\n\nEncript, True -> " + msg;
        //msg = rsa.decryptStringENC(msg,false);
        //SignatureValue  += "\n\nDecript, False -> " + msg;

        //msg = rsa.encryptStringENC("28p9P8ov68imSmbU7uYrHEhOAuw=",true);
        //SignatureValue  += "\n\nEncript, True -> " + msg;
        //msg = rsa.decryptStringENC(msg,false);
        //SignatureValue  += "\n\nDecript, False -> " + msg;
        SignatureValue += rsa.openSslSignStringENC(strData);
        return SignatureValue;

asked Jan 06 '13 at 16:32

mbarbiero's gravatar image


edited Jan 06 '13 at 17:07

First, if possible, make sure the hash values input to the signing algorithm match. If the inputs to the signing algorithm don't match, then the first step is to get matching hash values.

Second, make sure the private keys used for signing are exactly the same.


answered Jan 07 '13 at 08:50

chilkat's gravatar image

chilkat ♦♦

I'm sure the hash values are correct.

I believe that Private Key is ok too, but i'm not sure. How to guarantee that Private key is the same from certificate?

In add, I pass hash value in a base64 string. Is it correct?


(please forgive my poor english, my first language is português)


answered Jan 07 '13 at 11:03

mbarbiero's gravatar image


I think that solution is in format of encoded "EncodedHash" parameter of SignHashENC method. I need to use base64, HEX, Byte or plain text in "EncodedHash"?

(Jan 07 '13 at 14:20) mbarbiero

The format passed depends on the value of the EncodingMode property. Given that you set it to "base64", as shown here:

Then you should pass a base64 string for methods ending in "ENC".

(Jan 07 '13 at 22:29) chilkat ♦♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported



Asked: Jan 06 '13 at 16:32

Seen: 3,764 times

Last updated: Jan 07 '13 at 22:29

powered by OSQA