Sample code for 30+ languages & platforms
Tcl

Alliance Access LAU Sign Message (XML Signature using HMAC-SHA-256)

See more XML Digital Signatures Examples

Demonstrates how to sign XML according to the requirements for Alliance Access LAU (Local Authentication) using HMAC-SHA-256.

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

# We begin with this message:

# <?xml version="1.0" encoding="utf-8"?>
# <Saa:DataPDU xmlns:Saa="urn:swift:saa:xsd:saa.2.0" xmlns:Sw="urn:swift:snl:ns.Sw"
#   xmlns:SwGbl="urn:swift:snl:ns.SwGbl" xmlns:SwInt="urn:swift:snl:ns:SwInt" xmlns:SwSec="url:swift:snl:ns.SwSec">
#     <Saa:Revision>2.0.7</Saa:Revision>
#     <Saa:Header>
#         <Saa:Message>
# 			<test>blah blah</test>
#         </Saa:Message>
#     </Saa:Header>
#     <Saa:Body>...</Saa:Body>
#     <Saa:LAU>
#     </Saa:LAU>
# </Saa:DataPDU>

# And we want so sign to create this as the result:
# The signed XML we'll create will not be indented and pretty-printed like this.
# Instead, we'll use the "CompactSignedXml" behavior to produce compact single-line XML.

# <?xml version="1.0" encoding="utf-8"?>
# <Saa:DataPDU xmlns:Saa="urn:swift:saa:xsd:saa.2.0" xmlns:Sw="urn:swift:snl:ns.Sw"
#   xmlns:SwGbl="urn:swift:snl:ns.SwGbl" xmlns:SwInt="urn:swift:snl:ns:SwInt" xmlns:SwSec="url:swift:snl:ns.SwSec">
#     <Saa:Revision>2.0.7</Saa:Revision>
#     <Saa:Header>
#         <Saa:Message>
# 			<test>blah blah</test>
#         </Saa:Message>
#     </Saa:Header>
#     <Saa:Body>...</Saa:Body>
#     <Saa:LAU>
#         <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
#             <ds:SignedInfo>
#                 <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
#                 <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"/>
#                 <ds:Reference URI="">
#                     <ds:Transforms>
#                         <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
#                         <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
#                     </ds:Transforms>
#                     <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
#                     <ds:DigestValue>Y7oScHnYOUQvni/TSzZbDec+HR+mWIFH149GXpwj1Ws=</ds:DigestValue>
#                 </ds:Reference>
#             </ds:SignedInfo>
#             <ds:SignatureValue>6ynF/FcwbPsHrtlj3h2agJigdnvpbO6hOzKSRGzqkw0=</ds:SignatureValue>
#         </ds:Signature>
#     </Saa:LAU>
# </Saa:DataPDU>

set success 1

# Create the XML to be signed...

# (The XML does not need to be created this way.  It can be loaded from a file or a string.)
# Also, use this online tool to generate code from sample XML: 
# Generate Code to Create XML

set xmlToSign [new_CkXml]

CkXml_put_Tag $xmlToSign "Saa:DataPDU"
CkXml_AddAttribute $xmlToSign "xmlns:Saa" "urn:swift:saa:xsd:saa.2.0"
CkXml_AddAttribute $xmlToSign "xmlns:Sw" "urn:swift:snl:ns.Sw"
CkXml_AddAttribute $xmlToSign "xmlns:SwGbl" "urn:swift:snl:ns.SwGbl"
CkXml_AddAttribute $xmlToSign "xmlns:SwInt" "urn:swift:snl:ns:SwInt"
CkXml_AddAttribute $xmlToSign "xmlns:SwSec" "url:swift:snl:ns.SwSec"
CkXml_UpdateChildContent $xmlToSign "Saa:Revision" "2.0.7"
CkXml_UpdateChildContent $xmlToSign "Saa:Header|Saa:Message|test" "blah blah"
CkXml_UpdateChildContent $xmlToSign "Saa:Body" "..."
CkXml_UpdateChildContent $xmlToSign "Saa:LAU" ""

set gen [new_CkXmlDSigGen]

CkXmlDSigGen_put_SigLocation $gen "Saa:DataPDU|Saa:LAU"
CkXmlDSigGen_put_SigLocationMod $gen 0
CkXmlDSigGen_put_SigNamespacePrefix $gen "ds"
CkXmlDSigGen_put_SigNamespaceUri $gen "http://www.w3.org/2000/09/xmldsig#"
CkXmlDSigGen_put_SignedInfoCanonAlg $gen "EXCL_C14N"
CkXmlDSigGen_put_SignedInfoDigestMethod $gen "sha256"

# You may alternatively choose "IndentedSignature" instead of "CompactSignedXml"
CkXmlDSigGen_put_Behaviors $gen "CompactSignedXml"

CkXmlDSigGen_AddSameDocRef $gen "" "sha256" "EXCL_C14N" "" ""

# Specify the HMAC key.
# For example, if the HMAC key is to be the us-ascii bytes of the string "secret",
# the HMAC key can be set in any of the following ways (and also more ways not shown here..)
CkXmlDSigGen_SetHmacKey $gen "secret" "ascii"
# or
CkXmlDSigGen_SetHmacKey $gen "c2VjcmV0" "base64"
# or
CkXmlDSigGen_SetHmacKey $gen "736563726574" "hex"

# Sign the XML..
set sbXml [new_CkStringBuilder]

CkXml_GetXmlSb $xmlToSign $sbXml
set success [CkXmlDSigGen_CreateXmlDSigSb $gen $sbXml]
if {$success != 1} then {
    puts [CkXmlDSigGen_lastErrorText $gen]
    delete_CkXml $xmlToSign
    delete_CkXmlDSigGen $gen
    delete_CkStringBuilder $sbXml
    exit
}

# Save the signed XML to a file.
set success [CkStringBuilder_WriteFile $sbXml "qa_output/signedXml.xml" "utf-8" 0]

# Show the signed XML.
puts [CkStringBuilder_getAsString $sbXml]

delete_CkXml $xmlToSign
delete_CkXmlDSigGen $gen
delete_CkStringBuilder $sbXml