Sample code for 30+ languages & platforms
Tcl

Create Enveloping XML Digital Signature

See more XML Digital Signatures Examples

This example creates an enveloping digital signature.
An enveloping signature is where the signed data is contained within the Signature within an Object element.
This example signs non-XML text data where the XML signature constitutes the entire output.

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

# Let's use the ECDSA private key at https://www.chilkatsoft.com/exampleData/secp256r1-key.zip
# for signing.
set http [new_CkHttp]

set zipFile [new_CkBinData]

set keyUrl "https://www.chilkatsoft.com/exampleData/secp256r1-key.zip"

set success [CkHttp_QuickGetBd $http $keyUrl $zipFile]
if {$success == 0} then {
    puts [CkHttp_lastErrorText $http]
    delete_CkHttp $http
    delete_CkBinData $zipFile
    exit
}

set zip [new_CkZip]

set success [CkZip_OpenBd $zip $zipFile]

set entry [new_CkZipEntry]

set success [CkZip_EntryMatching $zip "*.pem" $entry]
if {$success == 0} then {
    puts [CkZip_lastErrorText $zip]
    delete_CkHttp $http
    delete_CkBinData $zipFile
    delete_CkZip $zip
    delete_CkZipEntry $entry
    exit
}

set ecKey [new_CkPrivateKey]

set success [CkPrivateKey_LoadPem $ecKey [CkZipEntry_unzipToString $entry 0 "utf-8"]]
if {$success != 1} then {
    puts [CkPrivateKey_lastErrorText $ecKey]
    delete_CkHttp $http
    delete_CkBinData $zipFile
    delete_CkZip $zip
    delete_CkZipEntry $entry
    delete_CkPrivateKey $ecKey
    exit
}

# ----------------------------------------------------------------------------
set gen [new_CkXmlDSigGen]

# Provide the ECDSA key to the XML Digital Signature generator
CkXmlDSigGen_SetPrivateKey $gen $ecKey

# Add an enveloped reference to the content to be signed.
set sbContent [new_CkStringBuilder]

CkStringBuilder_Append $sbContent "This is the content that is signed."
CkXmlDSigGen_AddEnvelopedRef $gen "abc123" $sbContent "sha256" "C14N" ""

# Generate the XML digital signature.
# Notice that in other examples, the sbXml passed to CreateXmlDSigSb
# already contains XML, and the XML signature is inserted at the location
# specified by the SigLocation property.  In this case, both SigLocation
# and sbXml are empty.  The result is that sbXml will contain just the Signature.
set sbXml [new_CkStringBuilder]

set success [CkXmlDSigGen_CreateXmlDSigSb $gen $sbXml]
if {$success == 0} then {
    puts [CkXmlDSigGen_lastErrorText $gen]
    delete_CkHttp $http
    delete_CkBinData $zipFile
    delete_CkZip $zip
    delete_CkZipEntry $entry
    delete_CkPrivateKey $ecKey
    delete_CkXmlDSigGen $gen
    delete_CkStringBuilder $sbContent
    delete_CkStringBuilder $sbXml
    exit
}

# Examine the enveloped signature, where the data is contained within the XML Signature
puts [CkStringBuilder_getAsString $sbXml]

# The Signature returned is compact and in a single line, like this:
# <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/><ds:Reference URI="#abc123"><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>tEVrbXXjeTXjF3tIojul4/sgeEGN49E1dxr/GMs8GNE=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>/pILUshwrzgdGc4bPgp85TDfbUiM9pn8EIPNRVWKuoVEtPsv4XRthUrv9aDDvajmyl2okLwTakANgtaxO1ULMw==</ds:SignatureValue><ds:KeyInfo><ds:KeyValue><ds:ECKeyValue xmlns="http://www.w3.org/2009/xmldsig11#"><ds:NamedCurve URI="urn:oid:1.2.840.10045.3.1.7" /><ds:PublicKey>BOVKaiLPKEDChhkA64UEBOXTv/VFHnhrUPN+bXqCvEl7rroAYpH5tKzbiGTtMSlp4JO9Pxg44zeX7EoWDvOrpD0=</ds:PublicKey></ds:ECKeyValue></ds:KeyValue></ds:KeyInfo><ds:Object Id="abc123">This is the content that is signed.</ds:Object></ds:Signature>

# XML pretty-printed, the signature is as follows, but pretty-printing introductes whitespace that breaks the signature..

# <?xml version="1.0" encoding="utf-8" ?>
# <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
#     <ds:SignedInfo>
#         <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
#         <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256" />
#         <ds:Reference URI="#abc123">
#             <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
#             <ds:DigestValue>tEVrbXXjeTXjF3tIojul4/sgeEGN49E1dxr/GMs8GNE=</ds:DigestValue>
#         </ds:Reference>
#     </ds:SignedInfo>
#     <ds:SignatureValue>/pILUshwrzgdGc4bPgp85TDfbUiM9pn8EIPNRVWKuoVEtPsv4XRthUrv9aDDvajmyl2okLwTakANgtaxO1ULMw==</ds:SignatureValue>
#     <ds:KeyInfo>
#         <ds:KeyValue>
#             <ds:ECKeyValue xmlns="http://www.w3.org/2009/xmldsig11#">
#                 <ds:NamedCurve URI="urn:oid:1.2.840.10045.3.1.7" />
#                 <ds:PublicKey>BOVKaiLPKEDChhkA64UEBOXTv/VFHnhrUPN+bXqCvEl7rroAYpH5tKzbiGTtMSlp4JO9Pxg44zeX7EoWDvOrpD0=</ds:PublicKey>
#             </ds:ECKeyValue>
#         </ds:KeyValue>
#     </ds:KeyInfo>
#     <ds:Object Id="abc123">This is the content that is signed.</ds:Object>
# </ds:Signature>
# 

delete_CkHttp $http
delete_CkBinData $zipFile
delete_CkZip $zip
delete_CkZipEntry $entry
delete_CkPrivateKey $ecKey
delete_CkXmlDSigGen $gen
delete_CkStringBuilder $sbContent
delete_CkStringBuilder $sbXml