Sample code for 30+ languages & platforms
SQL Server

Verify XML Digital Signature with an RSA Key

See more XML Digital Signatures Examples

This example demonstrates how to verify an XML signature, where the RSA public key is embedded in the KeyInfo part of the Signature. When this is the case, nothing external is needed to verify the signature.

This example requires Chilkat v9.5.0.69 or greater.

Chilkat SQL Server Downloads

SQL Server
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
    DECLARE @hr int
    DECLARE @iTmp0 int
    -- Important: Do not use nvarchar(max).  See the warning about using nvarchar(max).
    DECLARE @sTmp0 nvarchar(4000)
    DECLARE @success int
    SELECT @success = 0

    -- This example requires the Chilkat API to have been previously unlocked.
    -- See Global Unlock Sample for sample code.

    -- The signed XML to be verified in this example contains the following:

    -- <?xml version="1.0" encoding="UTF-8"?>
    -- <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    -- <SignedInfo>
    --   <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
    --   <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
    --   <Reference URI="#object">
    --     <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
    --     <DigestValue>OPnpF/ZNLDxJ/I+1F3iHhlmSwgo=</DigestValue>
    --   </Reference>
    -- </SignedInfo>
    -- <SignatureValue>nihUFQg4mDhLgecvhIcKb9Gz8VRTOlw+adiZOBBXgK4JodEe5aFfCqm8WcRIT8GLLXSk8PsUP4//SsKqUBQkpotcAqQAhtz2v9kCWdoUDnAOtFZkd/CnsZ1sge0ndha40wWDV+nOWyJxkYgicvB8POYtSmldLLepPGMz+J7/Uws=</SignatureValue>
    -- <KeyInfo>
    --   <KeyValue>
    --     <RSAKeyValue><Modulus>4IlzOY3Y9fXoh3Y5f06wBbtTg94Pt6vcfcd1KQ0FLm0S36aGJtTSb6pYKfyX7PqCUQ8wgL6xUJ5GRPEsu9gyz8ZobwfZsGCsvu40CWoT9fcFBZPfXro1Vtlh/xl/yYHm+Gzqh0Bw76xtLHSfLfpVOrmZdwKmSFKMTvNXOFd0V18=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>
    --   </KeyValue>
    -- </KeyInfo>
    -- <Object Id="object">some text
    --   with spaces and CR-LF.</Object>
    -- </Signature>

    -- The above XML is available at https://www.chilkatsoft.com/exampleData/signedSample1.xml
    -- Fetch the XML and then verify it..

    DECLARE @url nvarchar(4000)
    SELECT @url = 'https://www.chilkatsoft.com/exampleData/signedSample1.xml'
    DECLARE @http int
    EXEC @hr = sp_OACreate 'Chilkat.Http', @http OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    DECLARE @sbXml int
    EXEC @hr = sp_OACreate 'Chilkat.StringBuilder', @sbXml OUT

    EXEC sp_OAMethod @http, 'QuickGetSb', @success OUT, @url, @sbXml
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @http, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @http
        EXEC @hr = sp_OADestroy @sbXml
        RETURN
      END

    DECLARE @dsig int
    EXEC @hr = sp_OACreate 'Chilkat.XmlDSig', @dsig OUT

    -- First load the XML containing the signatures to be verified.
    -- Note that this particular Signature already contains the RSA public key that will be used
    -- for verification.
    EXEC sp_OAMethod @dsig, 'LoadSignatureSb', @success OUT, @sbXml
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @dsig, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @http
        EXEC @hr = sp_OADestroy @sbXml
        EXEC @hr = sp_OADestroy @dsig
        RETURN
      END

    -- The XML in this example contains only 1 signature.
    -- It's possible that an XML document can contain multiple signatures.
    -- Each can be verified as follows:
    DECLARE @i int
    SELECT @i = 0
    EXEC sp_OAGetProperty @dsig, 'NumSignatures', @iTmp0 OUT
    WHILE @i < @iTmp0
      BEGIN
        -- Select the Nth signature by setting the Selector property.
        EXEC sp_OASetProperty @dsig, 'Selector', @i

        -- The bVerifyReferenceDigests argument determines if we want
        -- to also verify each reference digest.  If set to 0,
        -- then only the SignedInfo part of the Signature is verified.
        DECLARE @bVerifyReferenceDigests int
        SELECT @bVerifyReferenceDigests = 1
        DECLARE @bVerified int
        EXEC sp_OAMethod @dsig, 'VerifySignature', @bVerified OUT, @bVerifyReferenceDigests


        PRINT 'Signature ' + @i + 1 + ' verified = ' + @bVerified

        SELECT @i = @i + 1
      END

    EXEC @hr = sp_OADestroy @http
    EXEC @hr = sp_OADestroy @sbXml
    EXEC @hr = sp_OADestroy @dsig


END
GO