Sample code for 30+ languages & platforms
DataFlex

FatturaPA XML Invoice Sign+Encrypt to P7M

See more Digital Signatures Examples

Demonstrates how to create a CAdES BES signed + encrypted invoice.xml.p7m for the Italian FatturaPA exchange system.

Chilkat DataFlex Downloads

DataFlex
Use ChilkatAx-win32.pkg

Procedure Test
    Boolean iSuccess
    Handle hoCrypt
    String sPfxPath
    String sPfxPassword
    Variant vCert
    Handle hoCert
    Handle hoJsonSignedAttrs
    String sInFile
    String sSigFile
    Variant vEncryptCert
    Handle hoEncryptCert
    String sTemp1

    Move False To iSuccess

    // This requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    Get Create (RefClass(cComChilkatCrypt2)) To hoCrypt
    If (Not(IsComObjectCreated(hoCrypt))) Begin
        Send CreateComObject of hoCrypt
    End

    // Use a digital certificate and private key from a PFX file (.pfx or .p12).
    Move "qa_data/pfx/cert_test123.pfx" To sPfxPath
    Move "test123" To sPfxPassword

    Get Create (RefClass(cComChilkatCert)) To hoCert
    If (Not(IsComObjectCreated(hoCert))) Begin
        Send CreateComObject of hoCert
    End
    Get ComLoadPfxFile Of hoCert sPfxPath sPfxPassword To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoCert To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // Provide the signing cert (with associated private key).
    Get pvComObject of hoCert to vCert
    Get ComSetSigningCert Of hoCrypt vCert To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoCrypt To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // Indicate that SHA-256 should be used.
    Set ComHashAlgorithm Of hoCrypt To "sha256"

    // Specify the signed attributes to be included.
    // (This is what makes it CAdES-BES compliant.)
    Get Create (RefClass(cComChilkatJsonObject)) To hoJsonSignedAttrs
    If (Not(IsComObjectCreated(hoJsonSignedAttrs))) Begin
        Send CreateComObject of hoJsonSignedAttrs
    End
    Get ComUpdateInt Of hoJsonSignedAttrs "contentType" 1 To iSuccess
    Get ComUpdateInt Of hoJsonSignedAttrs "signingTime" 1 To iSuccess
    Get ComUpdateInt Of hoJsonSignedAttrs "messageDigest" 1 To iSuccess
    Get ComUpdateInt Of hoJsonSignedAttrs "signingCertificateV2" 1 To iSuccess
    Get ComEmit Of hoJsonSignedAttrs To sTemp1
    Set ComSigningAttributes Of hoCrypt To sTemp1

    Move "qa_data/xml/IT01234567890_11002.xml" To sInFile
    Move "qa_data/fatturapa/signed.p7m" To sSigFile

    // Create the CAdES-BES signature, which contains the original data.
    Get ComCreateP7M Of hoCrypt sInFile sSigFile To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoCrypt To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // Now we'll encrypt what was signed using FatturaPA's certificate (from a PEM file)
    Get Create (RefClass(cComChilkatCert)) To hoEncryptCert
    If (Not(IsComObjectCreated(hoEncryptCert))) Begin
        Send CreateComObject of hoEncryptCert
    End
    Get ComLoadFromFile Of hoEncryptCert "qa_data/certs/fatturapa_cert.pem" To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoEncryptCert To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    Set ComCryptAlgorithm Of hoCrypt To "pki"

    Get pvComObject of hoEncryptCert to vEncryptCert
    Get ComSetEncryptCert Of hoCrypt vEncryptCert To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoCrypt To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // Indicate the underlying bulk encryption algorithm to be used:
    Set ComPkcs7CryptAlg Of hoCrypt To "aes"
    Set ComKeyLength Of hoCrypt To 128

    // There's one last option that could be set.  If is the RSA encryption encryption/padding scheme. 
    // By default, RSAES_PKCS1-V1_5 is used.  If desired, the OaepPadding property could be set to True to
    // use RSAES_OAEP.  (We'll leave it set at the default value of False)
    Set ComOaepPadding Of hoCrypt To False

    // Everything is specified.  Encrypt the .p7m to create a new .p7m (which adds a layer of encryption around the opaque signature).
    // The output is PKCS7 in binary DER format.
    Get ComCkEncryptFile Of hoCrypt sSigFile "qa_output/signed_and_encrypted.p7m" To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoCrypt To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    Showln "Success."


End_Procedure