Tcl
Tcl
Aadhaar Paperless Offline e-kyc
See more XML Digital Signatures Examples
Opens an encrypted .zip containing Aadhaar Paperless Offline e-KYC XML. Gets the XML and validates the digital signature. Then computes the hash for the mobile number and Email ID.Chilkat Tcl Downloads
load ./chilkat.dll
set success 0
# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
# Open the .zip containing the Aadhaar Paperless Offline e-KYC XML.
# The .zip is encrypted using the "Share Phrase".
set zip [new_CkZip]
set success [CkZip_OpenZip $zip "qa_data/xml_dsig/offline_paperless_kyc.zip"]
if {$success == 0} then {
puts [CkZip_lastErrorText $zip]
delete_CkZip $zip
exit
}
# The .zip should contain 1 XML file.
set entry [new_CkZipEntry]
set success [CkZip_EntryAt $zip 0 $entry]
if {$success == 0} then {
puts [CkZip_lastErrorText $zip]
delete_CkZip $zip
delete_CkZipEntry $entry
exit
}
# To get the contents, we need to specify the Share Phrase.
set sharePhrase "Lock@487"
CkZip_put_DecryptPassword $zip $sharePhrase
set bdXml [new_CkBinData]
# The XML file will be unzipped into the bdXml object.
set success [CkZipEntry_UnzipToBd $entry $bdXml]
if {$success == 0} then {
puts [CkZipEntry_lastErrorText $entry]
delete_CkZip $zip
delete_CkZipEntry $entry
delete_CkBinData $bdXml
exit
}
# First verify the XML digital signature.
set dsig [new_CkXmlDSig]
set success [CkXmlDSig_LoadSignatureBd $dsig $bdXml]
if {$success == 0} then {
puts [CkXmlDSig_lastErrorText $dsig]
delete_CkZip $zip
delete_CkZipEntry $entry
delete_CkBinData $bdXml
delete_CkXmlDSig $dsig
exit
}
# The UIDAI XML signature does not contain the KeyInfo, so we must load the uidai certificate
# and indicate that its public key is to be used for verifying the signature.
set cert [new_CkCert]
set success [CkCert_LoadFromFile $cert "qa_data/xml_dsig/uidai_auth_sign_prod_2023.cer"]
if {$success == 0} then {
puts [CkCert_lastErrorText $cert]
delete_CkZip $zip
delete_CkZipEntry $entry
delete_CkBinData $bdXml
delete_CkXmlDSig $dsig
delete_CkCert $cert
exit
}
# Get the certificate's public key.
set pubKey [new_CkPublicKey]
CkCert_GetPublicKey $cert $pubKey
CkXmlDSig_SetPublicKey $dsig $pubKey
# The XML in this example contains only 1 signature.
set bVerifyReferenceDigests 1
set bVerified [CkXmlDSig_VerifySignature $dsig $bVerifyReferenceDigests]
if {$bVerified == 0} then {
puts [CkXmlDSig_lastErrorText $dsig]
puts "The signature was not valid."
delete_CkZip $zip
delete_CkZipEntry $entry
delete_CkBinData $bdXml
delete_CkXmlDSig $dsig
delete_CkCert $cert
delete_CkPublicKey $pubKey
exit
}
puts "The XML digital signature is valid."
# Let's compute the hash for the Mobile Number.
# Hashing logic for Mobile Number :
# Sha256(Sha256(Mobile+SharePhrase))*number of times last digit of Aadhaar number
# (Ref ID field contains last 4 digits).
#
# Example :
# Mobile: 1234567890
# Aadhaar Number:XXXX XXXX 3632
# Passcode : Lock@487
# Hash: Sha256(Sha256(1234567890Lock@487))*2
# In case of Aadhaar number ends with Zero we will hashed one time.
set crypt [new_CkCrypt2]
CkCrypt2_put_HashAlgorithm $crypt "sha256"
CkCrypt2_put_EncodingMode $crypt "hexlower"
set strToHash "1234567890Lock@487"
set bdHash [new_CkBinData]
set success [CkBinData_AppendString $bdHash $strToHash "utf-8"]
# Hash a number of times equal to the last digit of your Aadhaar number.
# If the Aadhaar number ends with 0, then hash one time.
# For this example, we'll just set the number of times to hash
# for the case where an Aadhaar number ends in "9"
set numTimesToHash 9
for {set i 1} {$i <= $numTimesToHash} {incr i} {
set tmpStr [CkCrypt2_hashBdENC $crypt $bdHash]
CkBinData_Clear $bdHash
CkBinData_AppendString $bdHash $tmpStr "utf-8"
}
puts "Computed Mobile hash = [CkBinData_getString $bdHash utf-8]"
# Let's get the mobile hash stored in the XML and compare it with our computed hash.
set xml [new_CkXml]
set success [CkXml_LoadBd $xml $bdXml 1]
set m_hash [CkXml_chilkatPath $xml "UidData|Poi|(m)"]
puts "Stored Mobile hash = $m_hash"
# Now do the same thing for the email hash:
set strToHash "abc@gm.comLock@487"
CkBinData_Clear $bdHash
set success [CkBinData_AppendString $bdHash $strToHash "utf-8"]
for {set i 1} {$i <= $numTimesToHash} {incr i} {
set tmpStr [CkCrypt2_hashBdENC $crypt $bdHash]
CkBinData_Clear $bdHash
CkBinData_AppendString $bdHash $tmpStr "utf-8"
}
puts "Computed Email hash = [CkBinData_getString $bdHash utf-8]"
set e_hash [CkXml_chilkatPath $xml "UidData|Poi|(e)"]
puts "Stored Email hash = $e_hash"
delete_CkZip $zip
delete_CkZipEntry $entry
delete_CkBinData $bdXml
delete_CkXmlDSig $dsig
delete_CkCert $cert
delete_CkPublicKey $pubKey
delete_CkCrypt2 $crypt
delete_CkBinData $bdHash
delete_CkXml $xml