Sample code for 30+ languages & platforms
AutoIt

Aadhaar Paperless Offline e-kyc

See more XML Digital Signatures Examples

Opens an encrypted .zip containing Aadhaar Paperless Offline e-KYC XML. Gets the XML and validates the digital signature. Then computes the hash for the mobile number and Email ID.

Chilkat AutoIt Downloads

AutoIt
Local $bSuccess = False

; This example requires the Chilkat API to have been previously unlocked.
; See Global Unlock Sample for sample code.

; Open the .zip containing the Aadhaar Paperless Offline e-KYC XML.
; The .zip is encrypted using the "Share Phrase".
$oZip = ObjCreate("Chilkat.Zip")
$bSuccess = $oZip.OpenZip("qa_data/xml_dsig/offline_paperless_kyc.zip")
If ($bSuccess = False) Then
    ConsoleWrite($oZip.LastErrorText & @CRLF)
    Exit
EndIf

; The .zip should contain 1 XML file.
$oEntry = ObjCreate("Chilkat.ZipEntry")
$bSuccess = $oZip.EntryAt(0,$oEntry)
If ($bSuccess = False) Then
    ConsoleWrite($oZip.LastErrorText & @CRLF)
    Exit
EndIf

; To get the contents, we need to specify the Share Phrase.
Local $sharePhrase = "Lock@487"
$oZip.DecryptPassword = $sharePhrase

$oBdXml = ObjCreate("Chilkat.BinData")
; The XML file will be unzipped into the bdXml object.
$bSuccess = $oEntry.UnzipToBd($oBdXml)
If ($bSuccess = False) Then
    ConsoleWrite($oEntry.LastErrorText & @CRLF)
    Exit
EndIf

; First verify the XML digital signature.
$oDsig = ObjCreate("Chilkat.XmlDSig")
$bSuccess = $oDsig.LoadSignatureBd($oBdXml)
If ($bSuccess = False) Then
    ConsoleWrite($oDsig.LastErrorText & @CRLF)
    Exit
EndIf

; The UIDAI XML signature does not contain the KeyInfo, so we must load the uidai certificate
; and indicate that its public key is to be used for verifying the signature.
$oCert = ObjCreate("Chilkat.Cert")
$bSuccess = $oCert.LoadFromFile("qa_data/xml_dsig/uidai_auth_sign_prod_2023.cer")
If ($bSuccess = False) Then
    ConsoleWrite($oCert.LastErrorText & @CRLF)
    Exit
EndIf

; Get the certificate's public key.
$oPubKey = ObjCreate("Chilkat.PublicKey")
$oCert.GetPublicKey($oPubKey)

$oDsig.SetPublicKey($oPubKey)

; The XML in this example contains only 1 signature.
Local $bVerifyReferenceDigests = True
Local $bVerified = $oDsig.VerifySignature($bVerifyReferenceDigests)
If ($bVerified = False) Then
    ConsoleWrite($oDsig.LastErrorText & @CRLF)
    ConsoleWrite("The signature was not valid." & @CRLF)
    Exit
EndIf

ConsoleWrite("The XML digital signature is valid." & @CRLF)

; Let's compute the hash for the Mobile Number.

; 	Hashing logic for Mobile Number :
; 	Sha256(Sha256(Mobile+SharePhrase))*number of times last digit of Aadhaar number
; 	(Ref ID field contains last 4 digits).
; 
; 	Example :
; 	Mobile: 1234567890
; 	Aadhaar Number:XXXX XXXX 3632
; 	Passcode : Lock@487
; 	Hash: Sha256(Sha256(1234567890Lock@487))*2
; 	In case of Aadhaar number ends with Zero we will hashed one time.

$oCrypt = ObjCreate("Chilkat.Crypt2")
$oCrypt.HashAlgorithm = "sha256"
$oCrypt.EncodingMode = "hexlower"

Local $strToHash = "1234567890Lock@487"
$oBdHash = ObjCreate("Chilkat.BinData")
$bSuccess = $oBdHash.AppendString($strToHash,"utf-8")

; Hash a number of times equal to the last digit of your Aadhaar number.
; If the Aadhaar number ends with 0, then hash one time.
; For this example, we'll just set the number of times to hash
; for the case where an Aadhaar number ends in "9"
Local $iNumTimesToHash = 9
Local $i
For $i = 1 To $iNumTimesToHash
Local $sTmpStr = $oCrypt.HashBdENC($oBdHash)
    $oBdHash.Clear()
    $oBdHash.AppendString($sTmpStr,"utf-8")
Next

ConsoleWrite("Computed Mobile hash = " & $oBdHash.GetString("utf-8") & @CRLF)

; Let's get the mobile hash stored in the XML and compare it with our computed hash.
$oXml = ObjCreate("Chilkat.Xml")
$bSuccess = $oXml.LoadBd($oBdXml,True)
Local $sM_hash = $oXml.ChilkatPath("UidData|Poi|(m)")

ConsoleWrite("Stored Mobile hash   = " & $sM_hash & @CRLF)

; Now do the same thing for the email hash:

$strToHash = "abc@gm.comLock@487"
$oBdHash.Clear()
$bSuccess = $oBdHash.AppendString($strToHash,"utf-8")

For $i = 1 To $iNumTimesToHash
Local $sTmpStr = $oCrypt.HashBdENC($oBdHash)
    $oBdHash.Clear()
    $oBdHash.AppendString($sTmpStr,"utf-8")
Next

ConsoleWrite("Computed Email hash = " & $oBdHash.GetString("utf-8") & @CRLF)

Local $sE_hash = $oXml.ChilkatPath("UidData|Poi|(e)")
ConsoleWrite("Stored Email hash   = " & $sE_hash & @CRLF)