Sample code for 30+ languages & platforms
DataFlex

Encrypt a file to a PKCS7 encrypted message using multiple certificates from different users

See more Encryption Examples

Demonstrates how to encrypt a file to a PKCS7 encrypted message using multiple certificates from different users. Any one of the users can decrypt using his/her own certificate + private key.

Note: When doing public key encryption, it is the public key that is used to encrypt. The private key is required for decryption.

Chilkat DataFlex Downloads

DataFlex
Use ChilkatAx-win32.pkg

Procedure Test
    Boolean iSuccess
    Handle hoCrypt
    Variant vCert1
    Handle hoCert1
    Variant vCert2
    Handle hoCert2
    Variant vCert3
    Handle hoCert3
    Variant vFileData
    Handle hoFileData
    String sTemp1

    Move False To iSuccess

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    Get Create (RefClass(cComChilkatCrypt2)) To hoCrypt
    If (Not(IsComObjectCreated(hoCrypt))) Begin
        Send CreateComObject of hoCrypt
    End

    // Tell the crypt object to use 3 certificates.
    // Do this by calling AddEncryptCert for each certificate.

    // Load a digital certificate. 
    // We don't need the private key for encryption.
    // Only the public key is needed (which is included in a certificate).
    Get Create (RefClass(cComChilkatCert)) To hoCert1
    If (Not(IsComObjectCreated(hoCert1))) Begin
        Send CreateComObject of hoCert1
    End
    Get ComLoadFromFile Of hoCert1 "qa_data/user1/cert_user1.pem" To iSuccess
    // Assume success for the example, but make sure your application checks for success/failure...
    Get pvComObject of hoCert1 to vCert1
    Send ComAddEncryptCert To hoCrypt vCert1

    Get Create (RefClass(cComChilkatCert)) To hoCert2
    If (Not(IsComObjectCreated(hoCert2))) Begin
        Send CreateComObject of hoCert2
    End
    Get ComLoadFromFile Of hoCert2 "qa_data/user2/cert_user2.pem" To iSuccess
    Get pvComObject of hoCert2 to vCert2
    Send ComAddEncryptCert To hoCrypt vCert2

    Get Create (RefClass(cComChilkatCert)) To hoCert3
    If (Not(IsComObjectCreated(hoCert3))) Begin
        Send CreateComObject of hoCert3
    End
    Get ComLoadFromFile Of hoCert3 "qa_data/user3/cert_user3.pem" To iSuccess
    Get pvComObject of hoCert3 to vCert3
    Send ComAddEncryptCert To hoCrypt vCert3

    // Indicate that we want PKI encryption (i.e. public-key infrastructure)
    // to produce a CMS message (Cryptographic Message Syntax/PKCS7),
    // that is be created with RSAES-OAEP padding, SHA256, and AES-128 for the
    // bulk encryption.
    Set ComCryptAlgorithm Of hoCrypt To "pki"
    Set ComPkcs7CryptAlg Of hoCrypt To "aes"
    Set ComKeyLength Of hoCrypt To 128
    Set ComOaepHash Of hoCrypt To "sha256"
    Set ComOaepPadding Of hoCrypt To True

    // Load the file to be encrypted...
    Get Create (RefClass(cComChilkatBinData)) To hoFileData
    If (Not(IsComObjectCreated(hoFileData))) Begin
        Send CreateComObject of hoFileData
    End
    Get ComLoadFile Of hoFileData "qa_data/jpg/penguins.jpg" To iSuccess
    // Your app should check for success/failure..

    // Encrypt the data.  The contents of the fileData object are replaced with the PKCS7 encrypted message.
    Get pvComObject of hoFileData to vFileData
    Get ComEncryptBd Of hoCrypt vFileData To iSuccess
    If (iSuccess <> True) Begin
        Get ComLastErrorText Of hoCrypt To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // Save the PKCS7 encrypted message to a file..
    Get ComWriteFile Of hoFileData "qa_output/pkcs7_encrypted.p7" To iSuccess

    // Now indicate that the PKCS7 output is to be returned in the base64 encoding.
    Set ComEncodingMode Of hoCrypt To "base64"

    Showln "OK."


End_Procedure