Sample code for 30+ languages & platforms
AutoIt

IPS MX Signature - Digitally Sign MX Document

See more XML Digital Signatures Examples

Demonstrates how to digitally sign ISO 20022 SWIFT MX messages.

Chilkat AutoIt Downloads

AutoIt
Local $bSuccess = False

; This example assumes the Chilkat API to have been previously unlocked.
; See Global Unlock Sample for sample code.

$bSuccess = True

; First create the XML to be signed, or load it from a file, or a string,

; To load XML from a file:
$oXmlToSign = ObjCreate("Chilkat.Xml")
$bSuccess = $oXmlToSign.LoadXmlFile("c:/someDir/mx_document.xml")

; Or to load XML from a string
$bSuccess = $oXmlToSign.LoadXml("...")

; Or create the XML directly.
$oXmlToSign.Clear 

; Use this online tool to generate code from sample XML: 
; Generate Code to Create XML

$oXmlToSign.Tag = "DataPDU"
$oXmlToSign.AddAttribute("xmlns","urn:cma:stp:xsd:stp.1.0")
$oXmlToSign.UpdateAttrAt("Body|AppHdr",True,"xmlns","urn:iso:std:iso:20022:tech:xsd:head.001.001.01")
$oXmlToSign.UpdateChildContent "Body|AppHdr|Fr|FIId|FinInstnId|BICFI","ZZZZZZZZ"
$oXmlToSign.UpdateChildContent "Body|AppHdr|To|FIId|FinInstnId|BICFI","YYYYYYYYYY"
$oXmlToSign.UpdateChildContent "Body|AppHdr|BizMsgIdr","ZZZZZZZZAXXX999999999999999999999"
$oXmlToSign.UpdateChildContent "Body|AppHdr|MsgDefIdr","pacs.008.001.08"
$oXmlToSign.UpdateChildContent "Body|AppHdr|BizSvc","IPS"
$oXmlToSign.UpdateChildContent "Body|AppHdr|CreDt","2017-09-13T18:18:00Z"
$oXmlToSign.UpdateAttrAt("Body|Document",True,"xmlns","urn:iso:std:iso:20022:tech:xsd:pacs.008.001.08")
$oXmlToSign.UpdateChildContent "Body|Document|FIToFICstmrCdtTrf|GrpHdr|MsgId","ZZZZZZZZAXXX999999999999999999999"
$oXmlToSign.UpdateChildContent "Body|Document|FIToFICstmrCdtTrf|GrpHdr|CreDtTm","2017-09-13T18:18:00"
$oXmlToSign.UpdateChildContent "Body|Document|FIToFICstmrCdtTrf|GrpHdr|NbOfTxs","1"
$oXmlToSign.UpdateChildContent "Body|Document|FIToFICstmrCdtTrf|GrpHdr|SttlmInf|SttlmMtd","CLRG"
$oXmlToSign.UpdateChildContent "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|PmtId|EndToEndId","NOTPROVIDED"
$oXmlToSign.UpdateChildContent "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|PmtId|TxId","ZZZZZZZZAXXX999999999999999999999"
$oXmlToSign.UpdateChildContent "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|PmtTpInf|ClrChanl","RTNS"
$oXmlToSign.UpdateChildContent "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|PmtTpInf|LclInstrm|Prtry","CSCT"
$oXmlToSign.UpdateChildContent "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|PmtTpInf|CtgyPurp|Prtry","001"
$oXmlToSign.UpdateAttrAt("Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|IntrBkSttlmAmt",True,"Ccy","JOD")
$oXmlToSign.UpdateChildContent "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|IntrBkSttlmAmt","71.12"
$oXmlToSign.UpdateChildContent "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|IntrBkSttlmDt","2018-01-14"
$oXmlToSign.UpdateChildContent "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|ChrgBr","SLEV"
$oXmlToSign.UpdateChildContent "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|InstgAgt|FinInstnId|BICFI","ZZZZZZZZ"
$oXmlToSign.UpdateChildContent "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|InstdAgt|FinInstnId|BICFI","UBSIJOA0"
$oXmlToSign.UpdateChildContent "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|Dbtr|Nm","John Johnson"
$oXmlToSign.UpdateChildContent "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|DbtrAcct|Id|IBAN","JO22CITI00000000000555555555"
$oXmlToSign.UpdateChildContent "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|DbtrAgt|FinInstnId|BICFI","ZZZZZZZZ"
$oXmlToSign.UpdateChildContent "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|DbtrAgt|FinInstnId|Othr|Id","200004"
$oXmlToSign.UpdateChildContent "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|DbtrAgt|FinInstnId|Othr|SchmeNm|Prtry","1700099999"
$oXmlToSign.UpdateChildContent "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|DbtrAgtAcct|Id|IBAN","JO66CITI22222222222222222222"
$oXmlToSign.UpdateChildContent "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|CdtrAgt|FinInstnId|BICFI","UBSIJOA0"
$oXmlToSign.UpdateChildContent "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|CdtrAgt|FinInstnId|Othr|Id","210027"
$oXmlToSign.UpdateChildContent "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|CdtrAgt|FinInstnId|Othr|SchmeNm|Prtry","1400199999"
$oXmlToSign.UpdateChildContent "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|CdtrAgtAcct|Id|IBAN","JO44UBSI33333333333333333333"
$oXmlToSign.UpdateChildContent "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|Cdtr|Nm","Omega Jones"
$oXmlToSign.UpdateChildContent "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|CdtrAcct|Id|IBAN","JO95UBSI00000000000777777777"
$oXmlToSign.UpdateChildContent "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|InstrForNxtAgt|InstrInf","/BNF/Details"
$oXmlToSign.UpdateChildContent "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|Purp|Prtry","5814"
$oXmlToSign.UpdateChildContent "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|RgltryRptg|Dtls|Inf","SOMEINFORMATIONABOUTPAYMENT-1"
$oXmlToSign.UpdateChildContent "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|RgltryRptg|Dtls|Inf[1]","SOMEINFORMATIONABOUTPAYMENT-2"
$oXmlToSign.UpdateChildContent "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|RgltryRptg|Dtls|Inf[2]","SOMEINFORMATIONABOUTPAYMENT-3"
$oXmlToSign.UpdateChildContent "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|Tax|Cdtr|TaxId","9900083901"
$oXmlToSign.UpdateChildContent "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|Tax|Dbtr|TaxId","1000387561"
$oXmlToSign.UpdateChildContent "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|RmtInf|Ustrd","EDV UCUN ODENIR"
$oXmlToSign.UpdateChildContent "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|RmtInf|Ustrd[1]","EXTRA INFO"

; The following XML is to be signed:

; <?xml version="1.0" encoding="UTF-8"?>
; <DataPDU xmlns="urn:cma:stp:xsd:stp.1.0">
; 	<Body>
; 		<AppHdr xmlns="urn:iso:std:iso:20022:tech:xsd:head.001.001.01">
; 			<Fr>
; 				<FIId>
; 					<FinInstnId>
; 						<BICFI>ZZZZZZZZ</BICFI>
; 					</FinInstnId>
; 				</FIId>
; 			</Fr>
; 			<To>
; 				<FIId>
; 					<FinInstnId>
; 						<BICFI>YYYYYYYYYY</BICFI>
; 					</FinInstnId>
; 				</FIId>
; 			</To>
; 			<BizMsgIdr>ZZZZZZZZAXXX999999999999999999999</BizMsgIdr>
; 			<MsgDefIdr>pacs.008.001.08</MsgDefIdr>
; 			<BizSvc>IPS</BizSvc>
; 			<CreDt>2017-09-13T18:18:00Z</CreDt>
; 		</AppHdr>
; 		<Document xmlns="urn:iso:std:iso:20022:tech:xsd:pacs.008.001.08">
; 			<FIToFICstmrCdtTrf>
; 				<GrpHdr>
; 					<MsgId>ZZZZZZZZAXXX999999999999999999999</MsgId>
; 					<CreDtTm>2017-09-13T18:18:00</CreDtTm>
; 					<NbOfTxs>1</NbOfTxs>
; 					<SttlmInf>
; 						<SttlmMtd>CLRG</SttlmMtd>
; 					</SttlmInf>
; 				</GrpHdr>
; 				<CdtTrfTxInf>
; 					<PmtId>
; 						<EndToEndId>NOTPROVIDED</EndToEndId>
; 						<TxId>ZZZZZZZZAXXX999999999999999999999</TxId>
; 					</PmtId>
; 					<PmtTpInf>
; 						<ClrChanl>RTNS</ClrChanl>
; 						<LclInstrm>
; 							<Prtry>CSCT</Prtry>
; 						</LclInstrm>
; 						<CtgyPurp>
; 							<Prtry>001</Prtry>
; 						</CtgyPurp>
; 					</PmtTpInf>
; 					<IntrBkSttlmAmt Ccy="JOD">71.12</IntrBkSttlmAmt>
; 					<IntrBkSttlmDt>2018-01-14</IntrBkSttlmDt>
; 					<ChrgBr>SLEV</ChrgBr>
; 					<InstgAgt>
; 						<FinInstnId>
; 							<BICFI>ZZZZZZZZ</BICFI>
; 						</FinInstnId>
; 					</InstgAgt>
; 					<InstdAgt>
; 						<FinInstnId>
; 							<BICFI>UBSIJOA0</BICFI>
; 						</FinInstnId>
; 					</InstdAgt>
; 					<Dbtr>
; 						<Nm>John Johnson</Nm>
; 					</Dbtr>
; 					<DbtrAcct>
; 						<Id>
; 							<IBAN>JO22CITI00000000000555555555</IBAN>
; 						</Id>
; 					</DbtrAcct>
; 					<DbtrAgt>
; 						<FinInstnId>
; 							<BICFI>ZZZZZZZZ</BICFI>
; 							<Othr>
; 								<Id>200004</Id>
; 								<SchmeNm>
; 									<Prtry>1700089999</Prtry>
; 								</SchmeNm>
; 							</Othr>
; 						</FinInstnId>
; 					</DbtrAgt>
; 					<DbtrAgtAcct>
; 						<Id>
; 							<IBAN>JO66CITI22222222222222222222</IBAN>
; 						</Id>
; 					</DbtrAgtAcct>
; 					<CdtrAgt>
; 						<FinInstnId>
; 							<BICFI>UBSIJOA0</BICFI>
; 							<Othr>
; 								<Id>210027</Id>
; 								<SchmeNm>
; 									<Prtry>1400199999</Prtry>
; 								</SchmeNm>
; 							</Othr>
; 						</FinInstnId>
; 					</CdtrAgt>
; 					<CdtrAgtAcct>
; 						<Id>
; 							<IBAN>JO44UBSI33333333333333333333</IBAN>
; 						</Id>
; 					</CdtrAgtAcct>
; 					<Cdtr>
; 						<Nm>Omega Jones</Nm>
; 					</Cdtr>
; 					<CdtrAcct>
; 						<Id>
; 							<IBAN>JO95UBSI00000000000777777777</IBAN>
; 						</Id>
; 					</CdtrAcct>
; 					<InstrForNxtAgt>
; 						<InstrInf>/BNF/Details</InstrInf>
; 					</InstrForNxtAgt>
; 					<Purp>
; 						<Prtry>5814</Prtry>
; 					</Purp>
; 					<RgltryRptg>
; 						<Dtls>
; 							<Inf>SOMEINFORMATIONABOUTPAYMENT-1</Inf>
; 							<Inf>SOMEINFORMATIONABOUTPAYMENT-2</Inf>
; 							<Inf>SOMEINFORMATIONABOUTPAYMENT-3</Inf>
; 						</Dtls>
; 					</RgltryRptg>
; 					<Tax>
; 						<Cdtr>
; 							<TaxId>9900083901</TaxId>
; 						</Cdtr>
; 						<Dbtr>
; 							<TaxId>1000387561</TaxId>
; 						</Dbtr>
; 					</Tax>
; 					<RmtInf>
; 						<Ustrd>EDV UCUN ODENIR</Ustrd>
; 						<Ustrd>EXTRA INFO</Ustrd>
; 					</RmtInf>
; 				</CdtTrfTxInf>
; 			</FIToFICstmrCdtTrf>
; 		</Document>
; 	</Body>
; </DataPDU>

$oGen = ObjCreate("Chilkat.XmlDSigGen")

$oGen.SigLocation = "DataPDU|Body|AppHdr|Sgntr"
$oGen.SigLocationMod = 0
$oGen.SigNamespacePrefix = "ds"
$oGen.SigNamespaceUri = "http://www.w3.org/2000/09/xmldsig#"
$oGen.SignedInfoCanonAlg = "EXCL_C14N"
$oGen.SignedInfoDigestMethod = "sha256"

; Set the KeyInfoId before adding references..
$oGen.KeyInfoId = "_f9f2c543-e50a-4a50-bd91-50155d27f7e2"

; Create an Object to be added to the Signature.
$oObject1 = ObjCreate("Chilkat.Xml")
$oObject1.Tag = "xades:QualifyingProperties"
$oObject1.AddAttribute("xmlns:xades","http://uri.etsi.org/01903/v1.3.2#")
$oObject1.UpdateAttrAt("xades:SignedProperties",True,"Id","_4ed8e0ed-f47c-4262-909b-0458532ce7aa-signedprops")
$oObject1.UpdateChildContent "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningTime","TO BE GENERATED BY CHILKAT"

$oGen.AddObject("",$oObject1.GetXml(),"","")

; -------- Reference 1 --------
$oGen.AddSameDocRef("_f9f2c543-e50a-4a50-bd91-50155d27f7e2","sha256","EXCL_C14N","","")

; -------- Reference 2 --------
$oGen.AddObjectRef("_4ed8e0ed-f47c-4262-909b-0458532ce7aa-signedprops","sha256","EXCL_C14N","","http://uri.etsi.org/01903/v1.3.2#SignedProperties")

; -------- Reference 3 --------
$oGen.AddSameDocRef("","sha256","EXCL_C14N","","")

; Provide a certificate + private key. (PFX password is test123)
$oCert = ObjCreate("Chilkat.Cert")
$bSuccess = $oCert.LoadPfxFile("qa_data/pfx/cert_test123.pfx","test123")
If ($bSuccess = False) Then
    ConsoleWrite($oCert.LastErrorText & @CRLF)
    Exit
EndIf

$oGen.SetX509Cert($oCert,True)

$oGen.KeyInfoType = "X509Data"
$oGen.X509Type = "IssuerSerial"

; Load XML to be signed...
$oSbXml = ObjCreate("Chilkat.StringBuilder")
$oXmlToSign.GetXmlSb($oSbXml)

; Can alternatively use "CompactSignedXml"
$oGen.Behaviors = "IndentedSignature,LocalSigningTime"

; Sign the XML...
$bSuccess = $oGen.CreateXmlDSigSb($oSbXml)
If ($bSuccess = False) Then
    ConsoleWrite($oGen.LastErrorText & @CRLF)
    Exit
EndIf

; -----------------------------------------------

; Save the signed XML to a file.
$bSuccess = $oSbXml.WriteFile("qa_output/mx_signed.xml","utf-8",False)

ConsoleWrite($oSbXml.GetAsString() & @CRLF)

; ----------------------------------------
; Verify the signatures we just produced...
$oVerifier = ObjCreate("Chilkat.XmlDSig")
$bSuccess = $oVerifier.LoadSignatureSb($oSbXml)
If ($bSuccess = False) Then
    ConsoleWrite($oVerifier.LastErrorText & @CRLF)
    Exit
EndIf

; Important: The above signature did not include the full X.509 certificate.
; You must call verifier.SetPublicKey to provide the public key of the certificate required for validation.

$oVerifyCert = ObjCreate("Chilkat.Cert")
$bSuccess = $oVerifyCert.LoadFromFile("qa_data/certs/cert_test123.cer")
If ($bSuccess = False) Then
    ConsoleWrite($oVerifyCert.LastErrorText & @CRLF)
    Exit
EndIf

$oPubKey = ObjCreate("Chilkat.PublicKey")
$oVerifyCert.GetPublicKey($oPubKey)

$oVerifier.SetPublicKey($oPubKey)

Local $iNumSigs = $oVerifier.NumSignatures
Local $iVerifyIdx = 0
While $iVerifyIdx < $iNumSigs
    $oVerifier.Selector = $iVerifyIdx
Local $bVerified = $oVerifier.VerifySignature(True)
    If ($bVerified <> True) Then
        ConsoleWrite($oVerifier.LastErrorText & @CRLF)
        Exit
    EndIf

    $iVerifyIdx = $iVerifyIdx + 1
Wend
ConsoleWrite("All signatures were successfully verified." & @CRLF)