Sample code for 30+ languages & platforms
AutoIt

Create and Verify an Opaque PKCS7/CMS Signature

See more Digital Signatures Examples

Demonstrates how to create a PKCS7 opaque signature, and also how to verify an opaque signature. An opaque signature is different than a detached PKCS7 signature in that it contains the original data. Verifying an opaque signature retrieves the original content.

Chilkat AutoIt Downloads

AutoIt
Local $bSuccess = False

; This example assumes the Chilkat API to have been previously unlocked.
; See Global Unlock Sample for sample code.

$oCrypt = ObjCreate("Chilkat.Crypt2")

; A certificate and private key is needed to create a signature.
; Chilkat provides many different ways to load a certificate and private key, such
; as from a PFX/.p12, Java keystore, JWK, Windows registry-based certificate stores, and other sources.
; This example will load the certificate from a .crt and the private key from a .key file

$oCert = ObjCreate("Chilkat.Cert")
; The LoadFromFile method will automatically detect the format and load it.
$bSuccess = $oCert.LoadFromFile("qa_data/certs/test_12345678a.cer")
If ($bSuccess <> True) Then
    ConsoleWrite($oCert.LastErrorText & @CRLF)
    Exit
EndIf

; Our private key is in an encrypted PKCS8 format.
; If you don't know the format of your key, but you do know it's encrypted,
; and requires a password, then just call any of the Chilkat methods that load
; a private key w/ a password argument.  Chilkat will auto-detect the format
; and load it correctly even if it's not the format indicated by the method name..
$oPrivKey = ObjCreate("Chilkat.PrivateKey")
Local $sPassword = "12345678a"
$bSuccess = $oPrivKey.LoadPkcs8EncryptedFile("qa_data/certs/test_12345678a.key",$sPassword)
If ($bSuccess <> True) Then
    ConsoleWrite($oPrivKey.LastErrorText & @CRLF)
    Exit
EndIf

; Set properties required for signing.

; Tell it to use the cert and private key we've loaded.
$bSuccess = $oCrypt.SetSigningCert2($oCert,$oPrivKey)
If ($bSuccess <> True) Then
    ConsoleWrite($oCrypt.LastErrorText & @CRLF)
    Exit
EndIf

; Indicate we want the opaque signature in base64 format:
$oCrypt.EncodingMode = "base64"

; Sign the string using the "utf-8" byte representation:
$oCrypt.Charset = "utf-8"

; Create the opaque signature:
Local $sOriginalData = "This is the string to be signed."
Local $sOpaqueSig = $oCrypt.OpaqueSignStringENC($sOriginalData)
If ($oCrypt.LastMethodSuccess <> True) Then
    ConsoleWrite($oCrypt.LastErrorText & @CRLF)
    Exit
EndIf

ConsoleWrite($sOpaqueSig & @CRLF)

; The output looks like this:
; MIIPgQYJKoZIhvcNAQcCoIIPcjCCD24CAQExCzAJBgUrDgMCGgUAMC8GCSqGSIb3DQEHAaAiBCBUaGlzIGlzIHRoZSBzdHJpbmcgdG8gYmUgc...

; ----------------------------------------------------------------------------------------------
; Now let's verify the signature and retrieve the original data.
; We'll use a new Crypt2 object to keep things completely separate...

$oVCrypt = ObjCreate("Chilkat.Crypt2")

$oVCrypt.EncodingMode = "base64"
$oVCrypt.Charset = "utf-8"

Local $sExtractedData = $oVCrypt.OpaqueVerifyStringENC($sOpaqueSig)
If ($oVCrypt.LastMethodSuccess <> True) Then
    ConsoleWrite($oVCrypt.LastErrorText & @CRLF)
    Exit
EndIf

ConsoleWrite("The extracted data: " & $sExtractedData & @CRLF)

; The output is:
; The extracted data: This is the string to be signed.