Sample code for 30+ languages & platforms
Delphi DLL

Create CAdES-BES .p7m using Smart Card or USB Token

See more Digital Signatures Examples

Demonstrates how to create a CAdES BES invoice.xml.p7m using a certificate stored on a smart card or USB token.

Note: This example requires Chilkat v9.5.0.77 and at the time of this writing is restricted to the Windows operating system.

Chilkat Delphi DLL Downloads

Delphi DLL
uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Cert, JsonObject, Crypt2;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Boolean;
crypt: HCkCrypt2;
cert: HCkCert;
jsonSignedAttrs: HCkJsonObject;
inFile: PWideChar;
sigFile: PWideChar;

begin
success := False;

// Note: Requires Chilkat v9.5.0.77 or greater.

// This requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

crypt := CkCrypt2_Create();

// Use a certificate on a smartcard or USB token.
cert := CkCert_Create();
// Load the certificate on the smartcard currently in the reader (or on the USB token).
// Pass an empty string to allow Chilkat to automatically choose the CSP (Cryptographi Service Provider).
// See Load Certificate on Smartcard for information about explicitly selecting a particular CSP.
success := CkCert_LoadFromSmartcard(cert,'');
if (success <> True) then
  begin
    Memo1.Lines.Add(CkCert__lastErrorText(cert));
    Exit;
  end;

// Provide the smartcard PIN.
// If the PIN is not explicitly provided here, the Windows OS should
// display a dialog for the PIN.
CkCert_putSmartCardPin(cert,'000000');

// Provide the certificate for signing.
success := CkCrypt2_SetSigningCert(crypt,cert);
if (success <> True) then
  begin
    Memo1.Lines.Add(CkCrypt2__lastErrorText(crypt));
    Exit;
  end;

// Indicate that SHA-256 should be used.
CkCrypt2_putHashAlgorithm(crypt,'sha256');

// Specify the signed attributes to be included.
// (This is what makes it CAdES-BES compliant.)
jsonSignedAttrs := CkJsonObject_Create();
CkJsonObject_UpdateInt(jsonSignedAttrs,'contentType',1);
CkJsonObject_UpdateInt(jsonSignedAttrs,'signingTime',1);
CkJsonObject_UpdateInt(jsonSignedAttrs,'messageDigest',1);
CkJsonObject_UpdateInt(jsonSignedAttrs,'signingCertificateV2',1);
CkCrypt2_putSigningAttributes(crypt,CkJsonObject__emit(jsonSignedAttrs));

inFile := 'qa_data/xml/IT01234567890_11002.xml';
sigFile := 'qa_output/IT01234567890_11002.xml.p7m';

// Create the CAdES-BES signature, which contains the original data.
success := CkCrypt2_CreateP7M(crypt,inFile,sigFile);
if (success = False) then
  begin
    Memo1.Lines.Add(CkCrypt2__lastErrorText(crypt));
    Exit;
  end;

Memo1.Lines.Add('Success.');

CkCrypt2_Dispose(crypt);
CkCert_Dispose(cert);
CkJsonObject_Dispose(jsonSignedAttrs);

end;