Sample code for 30+ languages & platforms
Tcl

Aadhaar Paperless Offline e-kyc

See more XML Digital Signatures Examples

Opens an encrypted .zip containing Aadhaar Paperless Offline e-KYC XML. Gets the XML and validates the digital signature. Then computes the hash for the mobile number and Email ID.

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

# Open the .zip containing the Aadhaar Paperless Offline e-KYC XML.
# The .zip is encrypted using the "Share Phrase".
set zip [new_CkZip]

set success [CkZip_OpenZip $zip "qa_data/xml_dsig/offline_paperless_kyc.zip"]
if {$success == 0} then {
    puts [CkZip_lastErrorText $zip]
    delete_CkZip $zip
    exit
}

# The .zip should contain 1 XML file.
set entry [new_CkZipEntry]

set success [CkZip_EntryAt $zip 0 $entry]
if {$success == 0} then {
    puts [CkZip_lastErrorText $zip]
    delete_CkZip $zip
    delete_CkZipEntry $entry
    exit
}

# To get the contents, we need to specify the Share Phrase.
set sharePhrase "Lock@487"
CkZip_put_DecryptPassword $zip $sharePhrase

set bdXml [new_CkBinData]

# The XML file will be unzipped into the bdXml object.
set success [CkZipEntry_UnzipToBd $entry $bdXml]
if {$success == 0} then {
    puts [CkZipEntry_lastErrorText $entry]
    delete_CkZip $zip
    delete_CkZipEntry $entry
    delete_CkBinData $bdXml
    exit
}

# First verify the XML digital signature.
set dsig [new_CkXmlDSig]

set success [CkXmlDSig_LoadSignatureBd $dsig $bdXml]
if {$success == 0} then {
    puts [CkXmlDSig_lastErrorText $dsig]
    delete_CkZip $zip
    delete_CkZipEntry $entry
    delete_CkBinData $bdXml
    delete_CkXmlDSig $dsig
    exit
}

# The UIDAI XML signature does not contain the KeyInfo, so we must load the uidai certificate
# and indicate that its public key is to be used for verifying the signature.
set cert [new_CkCert]

set success [CkCert_LoadFromFile $cert "qa_data/xml_dsig/uidai_auth_sign_prod_2023.cer"]
if {$success == 0} then {
    puts [CkCert_lastErrorText $cert]
    delete_CkZip $zip
    delete_CkZipEntry $entry
    delete_CkBinData $bdXml
    delete_CkXmlDSig $dsig
    delete_CkCert $cert
    exit
}

# Get the certificate's public key.
set pubKey [new_CkPublicKey]

CkCert_GetPublicKey $cert $pubKey

CkXmlDSig_SetPublicKey $dsig $pubKey

# The XML in this example contains only 1 signature.
set bVerifyReferenceDigests 1
set bVerified [CkXmlDSig_VerifySignature $dsig $bVerifyReferenceDigests]
if {$bVerified == 0} then {
    puts [CkXmlDSig_lastErrorText $dsig]
    puts "The signature was not valid."
    delete_CkZip $zip
    delete_CkZipEntry $entry
    delete_CkBinData $bdXml
    delete_CkXmlDSig $dsig
    delete_CkCert $cert
    delete_CkPublicKey $pubKey
    exit
}

puts "The XML digital signature is valid."

# Let's compute the hash for the Mobile Number.

# 	Hashing logic for Mobile Number :
# 	Sha256(Sha256(Mobile+SharePhrase))*number of times last digit of Aadhaar number
# 	(Ref ID field contains last 4 digits).
# 
# 	Example :
# 	Mobile: 1234567890
# 	Aadhaar Number:XXXX XXXX 3632
# 	Passcode : Lock@487
# 	Hash: Sha256(Sha256(1234567890Lock@487))*2
# 	In case of Aadhaar number ends with Zero we will hashed one time.

set crypt [new_CkCrypt2]

CkCrypt2_put_HashAlgorithm $crypt "sha256"
CkCrypt2_put_EncodingMode $crypt "hexlower"

set strToHash "1234567890Lock@487"
set bdHash [new_CkBinData]

set success [CkBinData_AppendString $bdHash $strToHash "utf-8"]

# Hash a number of times equal to the last digit of your Aadhaar number.
# If the Aadhaar number ends with 0, then hash one time.
# For this example, we'll just set the number of times to hash
# for the case where an Aadhaar number ends in "9"
set numTimesToHash 9

for {set i 1} {$i <= $numTimesToHash} {incr i} {
    set tmpStr [CkCrypt2_hashBdENC $crypt $bdHash]
    CkBinData_Clear $bdHash
    CkBinData_AppendString $bdHash $tmpStr "utf-8"
}

puts "Computed Mobile hash = [CkBinData_getString $bdHash utf-8]"

# Let's get the mobile hash stored in the XML and compare it with our computed hash.
set xml [new_CkXml]

set success [CkXml_LoadBd $xml $bdXml 1]
set m_hash [CkXml_chilkatPath $xml "UidData|Poi|(m)"]

puts "Stored Mobile hash   = $m_hash"

# Now do the same thing for the email hash:

set strToHash "abc@gm.comLock@487"
CkBinData_Clear $bdHash
set success [CkBinData_AppendString $bdHash $strToHash "utf-8"]

for {set i 1} {$i <= $numTimesToHash} {incr i} {
    set tmpStr [CkCrypt2_hashBdENC $crypt $bdHash]
    CkBinData_Clear $bdHash
    CkBinData_AppendString $bdHash $tmpStr "utf-8"
}

puts "Computed Email hash = [CkBinData_getString $bdHash utf-8]"

set e_hash [CkXml_chilkatPath $xml "UidData|Poi|(e)"]
puts "Stored Email hash   = $e_hash"

delete_CkZip $zip
delete_CkZipEntry $entry
delete_CkBinData $bdXml
delete_CkXmlDSig $dsig
delete_CkCert $cert
delete_CkPublicKey $pubKey
delete_CkCrypt2 $crypt
delete_CkBinData $bdHash
delete_CkXml $xml