AutoIt
AutoIt
A3/A4 Certificate to Create and Verify an Opaque PKCS7/CMS Signature
See more Digital Signatures Examples
Demonstrates how to use an A3 or A4 certificate w/ private key on a smartcard or token to create a PKCS7 opaque signature, and also how to verify an opaque signature.An opaque signature is different than a detached PKCS7 signature in that it contains the original data. Verifying an opaque signature retrieves the original content.
Chilkat AutoIt Downloads
Local $bSuccess = False
; This example assumes the Chilkat API to have been previously unlocked.
; See Global Unlock Sample for sample code.
$oCrypt = ObjCreate("Chilkat.Crypt2")
; A certificate and private key is needed to create a signature.
; Chilkat provides many different ways to load a certificate and private key, such
; as from a smartcards and hardware tokens, PFX/.p12, Java keystore, JWK, Windows registry-based certificate stores, and other sources.
; This example will load the default certificate from the smartcard that is currently in
; the smartcard reader.
$oCert = ObjCreate("Chilkat.Cert")
; If the smartcard or token requires a PIN, we can set it here to avoid the dialog...
$oCert.SmartCardPin = "000000"
$bSuccess = $oCert.LoadFromSmartcard("")
If ($bSuccess <> True) Then
ConsoleWrite($oCert.LastErrorText & @CRLF)
Exit
EndIf
; Tell it to use the cert and private key we've loaded.
$bSuccess = $oCrypt.SetSigningCert($oCert)
If ($bSuccess <> True) Then
ConsoleWrite($oCrypt.LastErrorText & @CRLF)
Exit
EndIf
; Indicate we want the opaque signature in base64 format:
$oCrypt.EncodingMode = "base64"
; Sign the string using the "utf-8" byte representation:
$oCrypt.Charset = "utf-8"
; Create the opaque signature:
Local $sOriginalData = "This is the string to be signed."
Local $sOpaqueSig = $oCrypt.OpaqueSignStringENC($sOriginalData)
If ($oCrypt.LastMethodSuccess <> True) Then
ConsoleWrite($oCrypt.LastErrorText & @CRLF)
Exit
EndIf
ConsoleWrite($sOpaqueSig & @CRLF)
; The output looks like this:
; MIIPgQYJKoZIhvcNAQcCoIIPcjCCD24CAQExCzAJBgUrDgMCGgUAMC8GCSqGSIb3DQEHAaAiBCBUaGlzIGlzIHRoZSBzdHJpbmcgdG8gYmUgc...
; ----------------------------------------------------------------------------------------------
; Now let's verify the signature and retrieve the original data.
; We'll use a new Crypt2 object to keep things completely separate...
$oVCrypt = ObjCreate("Chilkat.Crypt2")
; We only need the certificate to verify a signature (and extract the data from
; an opaque signature). The public key is always embedded within a certificate.
$bSuccess = $oVCrypt.SetVerifyCert($oCert)
If ($bSuccess <> True) Then
ConsoleWrite($oVCrypt.LastErrorText & @CRLF)
Exit
EndIf
$oVCrypt.EncodingMode = "base64"
$oVCrypt.Charset = "utf-8"
Local $sExtractedData = $oVCrypt.OpaqueVerifyStringENC($sOpaqueSig)
If ($oVCrypt.LastMethodSuccess <> True) Then
ConsoleWrite($oVCrypt.LastErrorText & @CRLF)
Exit
EndIf
ConsoleWrite("The extracted data: " & $sExtractedData & @CRLF)
; The output is:
; The extracted data: This is the string to be signed.