Sample code for 30+ languages & platforms
DataFlex

CAdES BES Attached (Opaque) Signature

See more Encryption Examples

Demonstrates how to create a CAdES BES attached signature file (.p7m). This is a PKCS7 signature format (known as an opaque, or "attached" signature) where the file data is embedded within the signature file. The signature verification both verifies the signature and extracts the original data.

(A "detached" signature is where the original data is NOT included within the PKCS7 signature format.)

Chilkat DataFlex Downloads

DataFlex
Use ChilkatAx-win32.pkg

Procedure Test
    Boolean iSuccess
    Handle hoCrypt
    String sPfxPath
    String sPfxPassword
    Variant vCert
    Handle hoCert
    String sInFile
    String sSigFile
    String sExtractedToFilePath
    String sTemp1

    Move False To iSuccess

    // This example assumes the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    Get Create (RefClass(cComChilkatCrypt2)) To hoCrypt
    If (Not(IsComObjectCreated(hoCrypt))) Begin
        Send CreateComObject of hoCrypt
    End

    // Use a digital certificate and private key from a PFX file (.pfx or .p12).
    Move "qa_data/pfx/myCertAndPrivateKey.p12" To sPfxPath
    Move "password" To sPfxPassword

    Get Create (RefClass(cComChilkatCert)) To hoCert
    If (Not(IsComObjectCreated(hoCert))) Begin
        Send CreateComObject of hoCert
    End
    Get ComLoadPfxFile Of hoCert sPfxPath sPfxPassword To iSuccess
    If (iSuccess <> True) Begin
        Get ComLastErrorText Of hoCert To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // Tell the crypt component to use this cert.
    Get pvComObject of hoCert to vCert
    Get ComSetSigningCert Of hoCrypt vCert To iSuccess
    If (iSuccess <> True) Begin
        Get ComLastErrorText Of hoCrypt To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // The CadesEnabled property applies to all methods that create PKCS7 signatures. 
    // To create a CAdES-BES signature, set this property equal to true. 
    Set ComCadesEnabled Of hoCrypt To True

    // To sign with SHA1, set the HashAlgorithm property to "sha1"
    Set ComHashAlgorithm Of hoCrypt To "sha1"

    // To sign with SHA256, set the HashAlgorithm property to "SHA256".
    Set ComHashAlgorithm Of hoCrypt To "sha256"

    // Other hash algorithm choices are "md5", "md2", "sha384", and "sha512"

    // We can sign any type of file, creating a .p7m as output.
    // The .p7m contains the signature and also embeds the data of the file that is signed.
    Move "qa_data/json/sample.json" To sInFile
    Move "qa_output/signature.p7m" To sSigFile

    // -----------------------------------------------------------------------------------------
    // Also see Chilkat's online tool to examine a .p7m and generate code to duplicate the .p7m
    // -----------------------------------------------------------------------------------------

    // Create the CAdES-BES attached signature, which contains the original data.
    Get ComCreateP7M Of hoCrypt sInFile sSigFile To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoCrypt To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // Verify the .p7m file and extract the original file from the .p7m. 
    Move "qa_output/sample.json" To sExtractedToFilePath
    Get ComVerifyP7M Of hoCrypt sSigFile sExtractedToFilePath To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoCrypt To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    Showln "Success!"


End_Procedure