Sample code for 30+ languages & platforms
Classic ASP

Signed Zip as Base64 with XAdES-BES

See more XAdES Examples

This example is to help companies implement a solution for sending XAdES-BES to the Polish government for reporting purposes. Specifically:

Przed podpisaniem deklaracja zbiorcza (PIT-11Z, PIT-8CZ, PIT-40Z, PIT-RZ) musi zostać
umieszczona w archiwum ZIP. W tym przypadku, podpisywany jest plik archiwum ZIP,
przyjmujący w podpisie XAdES-BES formę zakodowaną base64.

The example demonstrates the following:

  1. Zip an XML file (PIT-11Z.xml is zipped to PIT-11Z.zip)
  2. Create XML to be signed, where the XML contains the base64 encoded content of the PIT-11Z.zip archive.
  3. XAdES-BES sign the XML containing the base64 zip.

This example will also show the reverse:

  1. Verify the signed XML.
  2. Extract the PIT-11z.zip from the signed XML.
  3. Unzip the PIT-11Z.zip to get the original PIT-11Z.xml

Chilkat Classic ASP Downloads

Classic ASP
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<%
success = 0

' This example assumes the Chilkat API to have been previously unlocked.
' See Global Unlock Sample for sample code.

' Zip the PIT-11Z.xml to create PIT-11Z.zip (not as a .zip file, but in-memory).
set sbXmlToZip = Server.CreateObject("Chilkat.StringBuilder")
success = sbXmlToZip.LoadFile("qa_data/xml/PIT-11Z.xml","utf-8")
If (success <> 1) Then
    Response.Write "<pre>" & Server.HTMLEncode( "Failed to load the XML to be zipped.") & "</pre>"
    Response.End
End If

set zip = Server.CreateObject("Chilkat.Zip")

' Initialize the zip object. No file is created in this call.
' It should always return 1.
success = zip.NewZip("PIT-11Z.zip")

' Add the XML to be zipped.
success = zip.AddSb("PIT-11Z.xml",sbXmlToZip,"utf-8")

' Write the zip to a BinData object.
set bdZip = Server.CreateObject("Chilkat.BinData")
success = zip.WriteBd(bdZip)
' The contents of the bdZip will be retrieved in base64 format when needed below..

set gen = Server.CreateObject("Chilkat.XmlDSigGen")

gen.SigLocation = ""
gen.SigLocationMod = 0

gen.SigId = "Signature_2a8df7f8-b958-40cc-83f6-edb53b837347_19"
gen.SigNamespacePrefix = "ds"
gen.SigNamespaceUri = "http://www.w3.org/2000/09/xmldsig#"
gen.SigValueId = "SignatureValue_2a8df7f8-b958-40cc-83f6-edb53b837347_52"
gen.SignedInfoId = "SignedInfo_2a8df7f8-b958-40cc-83f6-edb53b837347_41"
gen.SignedInfoCanonAlg = "C14N"
gen.SignedInfoDigestMethod = "sha1"

' Set the KeyInfoId before adding references..
gen.KeyInfoId = "KeyInfo_2a8df7f8-b958-40cc-83f6-edb53b837347_24"

' Create an Object to be added to the Signature.
set object1 = Server.CreateObject("Chilkat.Xml")
object1.Tag = "xades:QualifyingProperties"
success = object1.AddAttribute("xmlns:xades","http://uri.etsi.org/01903/v1.3.2#")
success = object1.AddAttribute("Id","QualifyingProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_43")
success = object1.AddAttribute("Target","#Signature_2a8df7f8-b958-40cc-83f6-edb53b837347_19")
success = object1.UpdateAttrAt("xades:SignedProperties",1,"Id","SignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4e")
success = object1.UpdateAttrAt("xades:SignedProperties|xades:SignedSignatureProperties",1,"Id","SignedSignatureProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_0a")
' Chilkat will replace the strings "TO BE GENERATED BY CHILKAT" with actual values when the signature is created.
object1.UpdateChildContent "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningTime","TO BE GENERATED BY CHILKAT"
' Note: It may be that http://www.w3.org/2001/04/xmlenc#sha256 is needed in the following line instead of http://www.w3.org/2000/09/xmldsig#sha1
success = object1.UpdateAttrAt("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestMethod",1,"Algorithm","http://www.w3.org/2000/09/xmldsig#sha1")
object1.UpdateChildContent "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestValue","TO BE GENERATED BY CHILKAT"
object1.UpdateChildContent "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:IssuerSerialV2","TO BE GENERATED BY CHILKAT"
success = object1.UpdateAttrAt("xades:SignedProperties|xades:SignedDataObjectProperties",1,"Id","SignedDataObjectProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4b")
success = object1.UpdateAttrAt("xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat",1,"ObjectReference","#Reference1_2a8df7f8-b958-40cc-83f6-edb53b837347_27")
object1.UpdateChildContent "xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:Description","MIME-Version: 1.0" & vbCrLf & "Content-Type: application/zip" & vbCrLf & "Content-Transfer-Encoding: binary" & vbCrLf & "Content-Disposition: filename=&quot;PIT-11Z.zip&quot;"
success = object1.UpdateAttrAt("xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Identifier",1,"Qualifier","OIDAsURI")
object1.UpdateChildContent "xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Identifier","http://www.certum.pl/OIDAsURI/signedFile/1.2.616.1.113527.3.1.1.3.1"
object1.UpdateChildContent "xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Description","Opis formatu dokumentu oraz jego pelna nazwa"
object1.UpdateChildContent "xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:DocumentationReferences|xades:DocumentationReference","http://www.certum.pl/OIDAsURI/signedFile.pdf"
object1.UpdateChildContent "xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:MimeType","application/zip"
object1.UpdateChildContent "xades:SignedProperties|xades:SignedDataObjectProperties|xades:CommitmentTypeIndication|xades:CommitmentTypeId|xades:Identifier","http://uri.etsi.org/01903/v1.2.2#ProofOfApproval"
object1.UpdateChildContent "xades:SignedProperties|xades:SignedDataObjectProperties|xades:CommitmentTypeIndication|xades:AllSignedDataObjects",""
success = object1.UpdateAttrAt("xades:UnsignedProperties",1,"Id","UnsignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_55")

' Emit XML in compact (single-line) format to avoid whitespace problems.
object1.EmitCompact = 1
success = gen.AddObject("",object1.GetXml(),"","")

' Create an Object to be added to the Signature.
' This is where we add the base64 representation of the PIT-11Z.zip
success = gen.AddObject("Object1_2a8df7f8-b958-40cc-83f6-edb53b837347",bdZip.GetEncoded("base64"),"","http://www.w3.org/2000/09/xmldsig#base64")

' -------- Reference 1 --------
success = gen.AddObjectRef("Object1_2a8df7f8-b958-40cc-83f6-edb53b837347","sha1","C14N_WithComments","","")
success = gen.SetRefIdAttr("Object1_2a8df7f8-b958-40cc-83f6-edb53b837347","Reference1_2a8df7f8-b958-40cc-83f6-edb53b837347_27")

' -------- Reference 2 --------
success = gen.AddObjectRef("SignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4e","sha1","","","http://uri.etsi.org/01903#SignedProperties")
success = gen.SetRefIdAttr("SignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4e","SignedProperties-Reference_2a8df7f8-b958-40cc-83f6-edb53b837347_28")

' Provide a certificate + private key. (PFX password is test123)
set cert = Server.CreateObject("Chilkat.Cert")
success = cert.LoadPfxFile("qa_data/pfx/cert_test123.pfx","test123")
If (success = 0) Then
    Response.Write "<pre>" & Server.HTMLEncode( cert.LastErrorText) & "</pre>"
    Response.End
End If

success = gen.SetX509Cert(cert,1)

gen.KeyInfoType = "X509Data"
gen.X509Type = "Certificate"

' This will be an enveloping signature where the Signature element
' is the XML document root, the signed data is contained within Object
' tag(s) within the Signature.
' Therefore, pass an empty sbXml to CreateXmlDsigSb.
set sbXml = Server.CreateObject("Chilkat.StringBuilder")

' The Polish government's XmlDSig implementation requires that we reproduce an attribute-sorting error.
' (This is an error in the XML canonicalization that is not noticed when both the signature-creation code and signature-verification code use
' the same XML canonicalization implementation w/ the bug.)
gen.Behaviors = "AttributeSortingBug,CompactSignedXml"

' Sign the XML...
success = gen.CreateXmlDSigSb(sbXml)
If (success = 0) Then
    Response.Write "<pre>" & Server.HTMLEncode( gen.LastErrorText) & "</pre>"
    Response.End
End If

' -----------------------------------------------

' Save the signed XML to a file.
success = sbXml.WriteFile("qa_output/signedXml.xml","utf-8",0)

Response.Write "<pre>" & Server.HTMLEncode( sbXml.GetAsString()) & "</pre>"

' ----------------------------------------
' Verify the signature we just produced...
set verifier = Server.CreateObject("Chilkat.XmlDSig")
success = verifier.LoadSignatureSb(sbXml)
If (success = 0) Then
    Response.Write "<pre>" & Server.HTMLEncode( verifier.LastErrorText) & "</pre>"
    Response.End
End If

verified = verifier.VerifySignature(1)
If (verified <> 1) Then
    Response.Write "<pre>" & Server.HTMLEncode( verifier.LastErrorText) & "</pre>"
    Response.End
End If

Response.Write "<pre>" & Server.HTMLEncode( "This signature was successfully verified.") & "</pre>"

' ------------------------------------
' Finally, let's extract the .zip from the signed XML, and then unzip the original PIT-11Z.xml from the in-memory zip.
set xml = Server.CreateObject("Chilkat.Xml")
success = xml.LoadSb(sbXml,1)

' The base64 image of the PIT-11Z.zip is in the 2nd ds:Object child of the ds:Signature (the ds:Signature is the root element of the signed XML).
' (ds:Object[0] would be the 1st ds:Object child.  Index 1 is the 2nd ds:Object child.)
strZipBase64 = xml.GetChildContent("ds:Object[1]")

success = bdZip.Clear()
success = bdZip.AppendEncoded(strZipBase64,"base64")
If (bdZip.NumBytes = 0) Then
    Response.Write "<pre>" & Server.HTMLEncode( "Something went wrong.. we dont' have any data..") & "</pre>"
    Response.End
End If

success = zip.OpenBd(bdZip)
If (success = 0) Then
    Response.Write "<pre>" & Server.HTMLEncode( zip.LastErrorText) & "</pre>"
    Response.End
End If

' Get the 1st file in the zip, which should be the PIT-11Z.xml
set entry = Server.CreateObject("Chilkat.ZipEntry")
success = zip.EntryAt(0,entry)
If (success = 0) Then
    Response.Write "<pre>" & Server.HTMLEncode( "Zip contains no files...") & "</pre>"
    Response.End
End If

' Get the XML:
origXml = entry.UnzipToString(0,"utf-8")
Response.Write "<pre>" & Server.HTMLEncode( "Original XML extracted from base64 zip:") & "</pre>"
Response.Write "<pre>" & Server.HTMLEncode( origXml) & "</pre>"

%>
</body>
</html>