Classic ASP
Classic ASP
Signing HTTP Messages
See more RSA Examples
Demonstrates how to sign HTTP messages per draft-cavage-http-signatures-10Chilkat Classic ASP Downloads
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<%
success = 0
' This example requires the Chilkat API to have been previously unlocked.
' See Global Unlock Sample for sample code.
bCrlf = 1
set sbPublicKeyPem = Server.CreateObject("Chilkat.StringBuilder")
success = sbPublicKeyPem.AppendLine("-----BEGIN PUBLIC KEY-----",bCrlf)
success = sbPublicKeyPem.AppendLine("MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCFENGw33yGihy92pDjZQhl0C3",bCrlf)
success = sbPublicKeyPem.AppendLine("6rPJj+CvfSC8+q28hxA161QFNUd13wuCTUcq0Qd2qsBe/2hFyc2DCJJg0h1L78+6",bCrlf)
success = sbPublicKeyPem.AppendLine("Z4UMR7EOcpfdUE9Hf3m/hs+FUR45uBJeDK1HSFHD8bHKD6kv8FPGfJTotc+2xjJw",bCrlf)
success = sbPublicKeyPem.AppendLine("oYi+1hqp1fIekaxsyQIDAQAB",bCrlf)
success = sbPublicKeyPem.AppendLine("-----END PUBLIC KEY-----",bCrlf)
set pubKey = Server.CreateObject("Chilkat.PublicKey")
success = pubKey.LoadFromString(sbPublicKeyPem.GetAsString())
set sbPrivateKeyPem = Server.CreateObject("Chilkat.StringBuilder")
success = sbPrivateKeyPem.AppendLine("-----BEGIN RSA PRIVATE KEY-----",bCrlf)
success = sbPrivateKeyPem.AppendLine("MIICXgIBAAKBgQDCFENGw33yGihy92pDjZQhl0C36rPJj+CvfSC8+q28hxA161QF",bCrlf)
success = sbPrivateKeyPem.AppendLine("NUd13wuCTUcq0Qd2qsBe/2hFyc2DCJJg0h1L78+6Z4UMR7EOcpfdUE9Hf3m/hs+F",bCrlf)
success = sbPrivateKeyPem.AppendLine("UR45uBJeDK1HSFHD8bHKD6kv8FPGfJTotc+2xjJwoYi+1hqp1fIekaxsyQIDAQAB",bCrlf)
success = sbPrivateKeyPem.AppendLine("AoGBAJR8ZkCUvx5kzv+utdl7T5MnordT1TvoXXJGXK7ZZ+UuvMNUCdN2QPc4sBiA",bCrlf)
success = sbPrivateKeyPem.AppendLine("QWvLw1cSKt5DsKZ8UETpYPy8pPYnnDEz2dDYiaew9+xEpubyeW2oH4Zx71wqBtOK",bCrlf)
success = sbPrivateKeyPem.AppendLine("kqwrXa/pzdpiucRRjk6vE6YY7EBBs/g7uanVpGibOVAEsqH1AkEA7DkjVH28WDUg",bCrlf)
success = sbPrivateKeyPem.AppendLine("f1nqvfn2Kj6CT7nIcE3jGJsZZ7zlZmBmHFDONMLUrXR/Zm3pR5m0tCmBqa5RK95u",bCrlf)
success = sbPrivateKeyPem.AppendLine("412jt1dPIwJBANJT3v8pnkth48bQo/fKel6uEYyboRtA5/uHuHkZ6FQF7OUkGogc",bCrlf)
success = sbPrivateKeyPem.AppendLine("mSJluOdc5t6hI1VsLn0QZEjQZMEOWr+wKSMCQQCC4kXJEsHAve77oP6HtG/IiEn7",bCrlf)
success = sbPrivateKeyPem.AppendLine("kpyUXRNvFsDE0czpJJBvL/aRFUJxuRK91jhjC68sA7NsKMGg5OXb5I5Jj36xAkEA",bCrlf)
success = sbPrivateKeyPem.AppendLine("gIT7aFOYBFwGgQAQkWNKLvySgKbAZRTeLBacpHMuQdl1DfdntvAyqpAZ0lY0RKmW",bCrlf)
success = sbPrivateKeyPem.AppendLine("G6aFKaqQfOXKCyWoUiVknQJAXrlgySFci/2ueKlIE1QqIiLSZ8V8OlpFLRnb1pzI",bCrlf)
success = sbPrivateKeyPem.AppendLine("7U1yQXnTAEFYM560yJlzUpOb1V4cScGd365tiSMvxLOvTA==",bCrlf)
success = sbPrivateKeyPem.AppendLine("-----END RSA PRIVATE KEY-----",bCrlf)
set privKey = Server.CreateObject("Chilkat.PrivateKey")
success = privKey.LoadPem(sbPrivateKeyPem.GetAsString())
' All examples use this request:
'
' POST /foo?param=value&pet=dog HTTP/1.1
' Host: example.com
' Date: Sun, 05 Jan 2014 21:31:40 GMT
' Content-Type: application/json
' Digest: SHA-256=X48E9qOokqqrvdts8nOJRJN3OWDUoyWxBf7kbu9DBPE=
' Content-Length: 18
'
' {"hello": "world"}
' C.1. Default Test
'
' If a list of headers is not included, the date is the only header
' that is signed by default. The string to sign would be:
'
' date: Sun, 05 Jan 2014 21:31:40 GMT
'
' The Authorization header would be:
'
' Authorization: Signature keyId="Test",algorithm="rsa-sha256",
' signature="SjWJWbWN7i0wzBvtPl8rbASWz5xQW6mcJmn+ibttBqtifLN7Sazz
' 6m79cNfwwb8DMJ5cou1s7uEGKKCs+FLEEaDV5lp7q25WqS+lavg7T8hc0GppauB
' 6hbgEKTwblDHYGEtbGmtdHgVCk9SuS13F0hZ8FD0k/5OxEPXe5WozsbM="
'
' The Signature header would be:
'
' Signature: keyId="Test",algorithm="rsa-sha256",
' signature="SjWJWbWN7i0wzBvtPl8rbASWz5xQW6mcJmn+ibttBqtifLN7Sazz
' 6m79cNfwwb8DMJ5cou1s7uEGKKCs+FLEEaDV5lp7q25WqS+lavg7T8hc0GppauB
' 6hbgEKTwblDHYGEtbGmtdHgVCk9SuS13F0hZ8FD0k/5OxEPXe5WozsbM="
'
set dtNow = Server.CreateObject("Chilkat.CkDateTime")
success = dtNow.SetFromCurrentSystemTime()
dateStr = dtNow.GetAsRfc822(0)
' To duplicate the above result, we'll hard-code the date string.
dateStr = "Sun, 05 Jan 2014 21:31:40 GMT"
set rsa = Server.CreateObject("Chilkat.Rsa")
success = rsa.UsePrivateKey(privKey)
If (success = 0) Then
Response.Write "<pre>" & Server.HTMLEncode( rsa.LastErrorText) & "</pre>"
Response.End
End If
set sbStringToSign = Server.CreateObject("Chilkat.StringBuilder")
success = sbStringToSign.Append("date: ")
success = sbStringToSign.Append(dateStr)
rsa.EncodingMode = "base64"
b64Signature = rsa.SignStringENC(sbStringToSign.GetAsString(),"SHA256")
Response.Write "<pre>" & Server.HTMLEncode( b64Signature) & "</pre>"
Response.Write "<pre>" & Server.HTMLEncode( "---------------------------") & "</pre>"
' The result should be:
' SjWJWbWN7i0wzBvtPl8rbASW ... FD0k/5OxEPXe5WozsbM=
' ----------------------------------------------------------------------------------------------------
' C.2. Basic Test
'
' The minimum recommended data to sign is the (request-target), host,
' and date. In this case, the string to sign would be:
'
' (request-target): post /foo?param=value&pet=dog
' host: example.com
' date: Sun, 05 Jan 2014 21:31:40 GMT
'
' The Authorization header would be:
'
' Authorization: Signature keyId="Test",algorithm="rsa-sha256",
' headers="(request-target) host date", signature="qdx+H7PHHDZgy4
' y/Ahn9Tny9V3GP6YgBPyUXMmoxWtLbHpUnXS2mg2+SbrQDMCJypxBLSPQR2aAjn
' 7ndmw2iicw3HMbe8VfEdKFYRqzic+efkb3nndiv/x1xSHDJWeSWkx3ButlYSuBs
' kLu6kd9Fswtemr3lgdDEmn04swr2Os0="
sbStringToSign.Clear
success = sbStringToSign.Append("(request-target): ")
success = sbStringToSign.AppendLine("post /foo?param=value&pet=dog",0)
success = sbStringToSign.Append("host: ")
success = sbStringToSign.AppendLine("example.com",0)
success = sbStringToSign.Append("date: ")
success = sbStringToSign.Append(dateStr)
Response.Write "<pre>" & Server.HTMLEncode( "StringToSign:") & "</pre>"
Response.Write "<pre>" & Server.HTMLEncode( sbStringToSign.GetAsString()) & "</pre>"
b64Signature = rsa.SignStringENC(sbStringToSign.GetAsString(),"SHA256")
Response.Write "<pre>" & Server.HTMLEncode( b64Signature) & "</pre>"
Response.Write "<pre>" & Server.HTMLEncode( "---------------------------") & "</pre>"
' The result should be:
' qdx+H7PHHDZgy4y/Ahn ... mn04swr2Os0=
%>
</body>
</html>