Sample code for 30+ languages & platforms
Delphi ActiveX

CADES-BES Signature using ePass2003 Token

See more Egypt ITIDA Examples

Demonstrates using a certificate and private key located on an ePass2003 USB token to create a CADES-BES signature.

(Demonstrates how to create a .p7s signature that fits Egypt's ITIDA requirements where Chilkat automatically does the ITIDA JSON canonicalization.)

Chilkat Delphi ActiveX Downloads

Delphi ActiveX
uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Chilkat_TLB;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Integer;
scmd: TChilkatScMinidriver;
readerName: WideString;
retval: Integer;
certPart: WideString;
partValue: WideString;
cert: TChilkatCert;
crypt: TChilkatCrypt2;
cmsOptions: TChilkatJsonObject;
jsonSigningAttrs: TChilkatJsonObject;
json: TChilkatJsonObject;
sigBase64: WideString;

begin
success := 0;

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

scmd := TChilkatScMinidriver.Create(Self);

// Reader names (smart card readers or USB tokens) can be discovered
// via List Readers or Find Smart Cards
readerName := 'FS USB Token 0';
success := scmd.AcquireContext(readerName);
if (success = 0) then
  begin
    Memo1.Lines.Add(scmd.LastErrorText);
    Exit;
  end;

// If successful, the name of the currently inserted smart card is available:
Memo1.Lines.Add('Card name: ' + scmd.CardName);

// If desired, perform regular PIN authentication with the smartcard.
// For more details about smart card PIN authentication, see the Smart Card PIN Authentication Example
retval := scmd.PinAuthenticate('user','12345678');
if (retval <> 0) then
  begin
    Memo1.Lines.Add('PIN Authentication failed.');
  end;

// You can find a cerficate using any of the following certificate parts:
// "subjectDN" -- The full distinguished name of the cert.
// "subjectDN_withTags" -- Same as above, but in a format that includes the subject part tags, such as the "CN=" in "CN=something"
// "subjectCN" -- The common name part (CN) of the certificate's subject.
// "serial" -- The certificate serial number.
// "serial:issuerCN" -- The certificate serial number + the issuer's common name, delimited with a colon char.
// These are the same certificate parts that can be retrieved by listing certificates on the smart card (or USB token).
// See List Certificates on Smart Card Example
certPart := 'subjectCN';
partValue := 'Matt';

// If the certificate is found, it is loaded into the cert object.
// Note: We imported this certificate from a .p12/.pfx using code such as this Example to Import a .pfx/.p12 onto a Smart Card
cert := TChilkatCert.Create(Self);
success := scmd.FindCert(certPart,partValue,cert.ControlInterface);
if (success = 0) then
  begin
    Memo1.Lines.Add('Failed to find the certificate.');
    scmd.DeleteContext();
    Exit;
  end;

Memo1.Lines.Add('Successfully loaded the cert object from the smart card / USB token.');

// Note: When successful, the cert object is internally linked to the ScMinidriver object's authenticated session.
// The cert object can now be used to sign or do other cryptographic operations that occur on the smart card / USB token.
// If your application calls PinDeauthenticate or DeleteContext, the cert will no longer be able to sign on the smart card
// because the smart card ScMinidriver session will no longer be authenticated or deleted.

// ------------------------------------------------------------------------------------------------------------

// Here we have to code to create the CADES-BES signature using Chilkat Crypt2..
crypt := TChilkatCrypt2.Create(Self);

// Tell the crypt class to use the cert on the ePass2003 token.
success := crypt.SetSigningCert(cert.ControlInterface);
if (success <> 1) then
  begin
    Memo1.Lines.Add(crypt.LastErrorText);
    Exit;
  end;

cmsOptions := TChilkatJsonObject.Create(Self);
// Setting "DigestData" causes OID 1.2.840.113549.1.7.5 (digestData) to be used.
cmsOptions.UpdateBool('DigestData',1);
cmsOptions.UpdateBool('OmitAlgorithmIdNull',1);

// Indicate that we are passing normal JSON and we want Chilkat do automatically
// do the ITIDA JSON canonicalization:
cmsOptions.UpdateBool('CanonicalizeITIDA',1);

crypt.CmsOptions := cmsOptions.Emit();

// The CadesEnabled property applies to all methods that create CMS/PKCS7 signatures. 
// To create a CAdES-BES signature, set this property equal to true. 
crypt.CadesEnabled := 1;

crypt.HashAlgorithm := 'sha256';

jsonSigningAttrs := TChilkatJsonObject.Create(Self);
jsonSigningAttrs.UpdateInt('contentType',1);
jsonSigningAttrs.UpdateInt('signingTime',1);
jsonSigningAttrs.UpdateInt('messageDigest',1);
jsonSigningAttrs.UpdateInt('signingCertificateV2',1);
crypt.SigningAttributes := jsonSigningAttrs.Emit();

// By default, all the certs in the chain of authentication are included in the signature.
// If desired, we can choose to only include the signing certificate:
crypt.IncludeCertChain := 0;

// Pass a JSON document such as the following.  Chilkat will do the ITIDA canonicalization.
// (It is the canonicalized JSON that gets signed.)

//       {
//          "issuer":{
//             "address":{
//                "branchID":"0",
//                "country":"EG",
//                "regionCity":"Cairo",
//                "postalCode":"",
//                "buildingNumber":"0",
//                "street":"123rd Street",
//                "governate":"GOVERNATE"
//             },
//             "type":"B",
//             "id":"209999899",
//             "name":"Xyz SAE"
//          },
//          "receiver":{
//             "address":{
//                "country":"EG",
//                "regionCity":"CAIRO",
//                "postalCode":"11435",
//                "buildingNumber":"0",
//                "street":"Autostrad Road Abc",
//                "governate":"GOVERNATE"
//             },
//             "type":"B",
//             "id":"999999999",
//             "name":"XYZ EGYPT FOR TRADE"
//          },
//          "documentType":"I",
//          "documentTypeVersion":"1.0",
//          "dateTimeIssued":"2020-11-15T11:04:53Z",
//          "taxpayerActivityCode":"1073",
//          "internalID":"ZZZZ999",
//          "purchaseOrderReference":"2009199918",
//          "salesOrderReference":"",
//          "payment":{
//             "bankName":"",
//             "bankAddress":"",
//             "bankAccountNo":"",
//             "bankAccountIBAN":"",
//             "swiftCode":"",
//             "terms":""
//          },
//          "delivery":{
//             "approach":"",
//             "packaging":"",
//             "dateValidity":"",
//             "exportPort":"",
//             "countryOfOrigin":"EG",
//             "grossWeight":0,
//             "netWeight":0,
//             "terms":""
//          },
//          "invoiceLines":[
//             {
//                "description":"CDM Widget 48GX99X12BA",
//                "itemType":"GS1",
//                "itemCode":"7622213335056",
//                "unitType":"CS",
//                "quantity":1.00,
//                "unitValue":{
//                   "currencySold":"EGP",
//                   "amountEGP":588.67,
//                   "amountSold":0,
//                   "currencyExchangeRate":0
//                },
//                "salesTotal":588.67,
//                "total":603.97,
//                "valueDifference":0,
//                "totalTaxableFees":0,
//                "netTotal":529.8,
//                "itemsDiscount":0,
//                "discount":{
//                   "rate":10.00,
//                   "amount":58.87
//                },
//                "taxableItems":[
//                   {
//                      "taxType":"T1",
//                      "amount":74.17,
//                      "subType":"No sub",
//                      "rate":14.00
//                   }
//                ],
//                "internalCode":"9099994"
//             }
//          ],
//          "totalSales":588.67,
//          "totalSalesAmount":588.67,
//          "totalDiscountAmount":58.87,
//          "netAmount":529.80,
//          "taxTotals":[
//             {
//                "taxType":"T1",
//                "amount":74.17
//             }
//          ],
//          "extraDiscountAmount":0,
//          "totalItemsDiscountAmount":0,
//          "totalAmount":603.97,
//       }
// 

json := TChilkatJsonObject.Create(Self);
success := json.LoadFile('qa_data/itida/sdk.invoicing.eta.gov.eg/files/one-doc.json');
if (success = 0) then
  begin
    Memo1.Lines.Add(json.LastErrorText);
    Exit;
  end;
json.EmitCompact := 0;

// Create the CAdES-BES signature.
crypt.EncodingMode := 'base64';

// Make sure we sign the utf-8 byte representation of the JSON string
crypt.Charset := 'utf-8';

sigBase64 := crypt.SignStringENC(json.Emit());
if (crypt.LastMethodSuccess = 0) then
  begin
    Memo1.Lines.Add(crypt.LastErrorText);
    Exit;
  end;

Memo1.Lines.Add('Base64 signature:');
Memo1.Lines.Add(sigBase64);

// Add the signature to the JSON.
json.UpdateString('signatures[0].signatureType','I');
json.UpdateString('signatures[0].value',sigBase64);

Memo1.Lines.Add('JSON with signature added:');
Memo1.Lines.Add(json.Emit());

// ------------------------------------------------------------------------------------------------------------
// Cleanup our ScMinidriver session...

// When finished with operations that required authentication, you may if you wish, deauthenticate the session.
success := scmd.PinDeauthenticate('user');
if (success = 0) then
  begin
    Memo1.Lines.Add(scmd.LastErrorText);
  end;

// Delete the context when finished with the card.
success := scmd.DeleteContext();
if (success = 0) then
  begin
    Memo1.Lines.Add(scmd.LastErrorText);
  end;
end;