(Visual FoxPro) Create EBICS Signature (XMLDSIG)

See more EBICS Examples

Demonstrates how to create an EBICS signature. (EBICS is the Electronic Banking Internet Communication Standard)

Note: This example requires Chilkat v11.0.0 or greater.

Chilkat ActiveX Downloads

ActiveX for 32-bit and 64-bit Windows

LOCAL lnSuccess
LOCAL loSbXml
LOCAL loGen
LOCAL loCert
LOCAL loVerifier
LOCAL loPubKey

lnSuccess = 0

* This example assumes the Chilkat API to have been previously unlocked.
* See Global Unlock Sample for sample code.

* This is the sample XML to be signed:

* <?xml version="1.0" encoding="UTF-8"?>
* <ebicsRequest
*   xmlns="urn:org:ebics:H005"
*   xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
*   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
*   xsi:schemaLocation="urn:org:ebics:H005 ebics_request_H005.xsd"
*   Version="H005" Revision="1">
*   <header authenticate="true">
*     <static>
*       <HostID>EBIXHOST</HostID>
*       <Nonce>BDA2312973890654FAC9879A89794E65</Nonce>
*       <Timestamp>2005-01-30T15:30:45.123Z</Timestamp>
*       <PartnerID>CUSTM001</PartnerID>
*       <UserID>USR100</UserID>
*       <Product Language="en" InstituteID="Institute ID">Product Identifier</Product>
*       <OrderDetails>
*         <AdminOrderType>BTU</AdminOrderType>
*         <BTUOrderParams>
*           <Service>
*             <ServiceName>SCT</ServiceName>
*             <MsgName>pain.001</MsgName>
*           </Service>
*         </BTUOrderParams>
*       </OrderDetails>
*       <BankPubKeyDigests>
*         <Authentication Version="X002" Algorithm="http://www.w3.org/2001/04/xmlenc#sha256">1H/rQr2Axe9hYTV2n/tCp+3UIQQ=</Authentication>
*         <Encryption Version="E002" Algorithm="http://www.w3.org/2001/04/xmlenc#sha256">2lwiueWOIER823jSoiOkjl+woeI=</Encryption>
*       </BankPubKeyDigests>
*       <SecurityMedium>0000</SecurityMedium>
*       <NumSegments>2</NumSegments>
*     </static>
*     <mutable>
*       <TransactionPhase>Initialisation</TransactionPhase>
*     </mutable>
*   </header>
*   <body>
*     <PreValidation authenticate="true">
*       <DataDigest SignatureVersion="A006"> MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI=</DataDigest>
*     </PreValidation>
*     <DataTransfer>
*       <DataEncryptionInfo authenticate="true">
*         <EncryptionPubKeyDigest Version="E002" Algorithm="http://www.w3.org/2001/04/xmlenc#sha256">..here hash value of the public bank key for encryption..</EncryptionPubKeyDigest>
*         <TransactionKey>EIGI4En6KEB6ArEzw+iq4N1wm6EptcyxXxStA...</TransactionKey>
*         <HostID>EBIXHOST</HostID>
*       </DataEncryptionInfo>
*       <SignatureData authenticate="true">n6KEB6ArEzw+iq4N1wm6EptcyxXxStAO...</SignatureData>
*       <DataDigest SignatureVersion="A006"> MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI=</DataDigest>
*     </DataTransfer>
*   </body>
* </ebicsRequest>

* Load the above XML from a file.
loSbXml = CreateObject('Chilkat.StringBuilder')
lnSuccess = loSbXml.LoadFile("qa_data/xml_dsig/ebics/fileToSign.xml","utf-8")
IF (lnSuccess = 0) THEN
    ? "Failed to load XML input file."
    RELEASE loSbXml
    CANCEL
ENDIF

loGen = CreateObject('Chilkat.XmlDSigGen')

* We're going to insert the signature between the </header> and the <body>
loGen.SigLocation = "ebicsRequest|header"

* Set the SigLocationMod = 1 to insert *after* the SigLocation
loGen.SigLocationMod = 1

* We wish to use "ds" for the namespace..
loGen.SigNamespacePrefix = "ds"
loGen.SigNamespaceUri = "http://www.w3.org/2000/09/xmldsig#"

* Specify canonicalization and hash algorithms
loGen.SignedInfoCanonAlg = "C14N"
loGen.SignedInfoDigestMethod = "sha256"

* Add the reference.
* For EBICS signatures, we pass the special keyword "EBICS" in the 1st argument.
* This tells Chilkat to create the reference using URI="#xpointer(//*[@authenticate='true'])"
loGen.AddSameDocRef("EBICS","sha256","C14N","","")

* Provide our certificate + private key. (PFX password is test123)
* (You'll use your own certificate, which can be loaded from many different sources by Chilkat, including smart cards.)
loCert = CreateObject('Chilkat.Cert')
lnSuccess = loCert.LoadPfxFile("qa_data/pfx/cert_test123.pfx","test123")
IF (lnSuccess = 0) THEN
    ? loCert.LastErrorText
    RELEASE loSbXml
    RELEASE loGen
    RELEASE loCert
    CANCEL
ENDIF

lnSuccess = loGen.SetX509Cert(loCert,1)
IF (lnSuccess = 0) THEN
    ? loGen.LastErrorText
    RELEASE loSbXml
    RELEASE loGen
    RELEASE loCert
    CANCEL
ENDIF

* We don't want a KeyInfo to be included.
loGen.KeyInfoType = "None"

* Request an indented signature for readability.
* This can be removed after debugging (for a more compact signature).
loGen.Behaviors = "IndentedSignature"

* Sign the XML.
lnSuccess = loGen.CreateXmlDSigSb(loSbXml)
IF (lnSuccess = 0) THEN
    ? loGen.LastErrorText
    RELEASE loSbXml
    RELEASE loGen
    RELEASE loCert
    CANCEL
ENDIF

* This is the XML with the EBICS signature added:

* <?xml version="1.0" encoding="UTF-8"?>
* <ebicsRequest
* xmlns="urn:org:ebics:H005"
* xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
* xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
* xsi:schemaLocation="urn:org:ebics:H005 ebics_request_H005.xsd"
* Version="H005" Revision="1">
*   <header authenticate="true">
*     <static>
*       <HostID>EBIXHOST</HostID>
*       <Nonce>BDA2312973890654FAC9879A89794E65</Nonce>
*       <Timestamp>2005-01-30T15:30:45.123Z</Timestamp>
*       <PartnerID>CUSTM001</PartnerID>
*       <UserID>USR100</UserID>
*       <Product Language="en" InstituteID="Institute ID">Product Identifier</Product>
*       <OrderDetails>
*         <AdminOrderType>BTU</AdminOrderType>
*         <BTUOrderParams>
*           <Service>
*             <ServiceName>SCT</ServiceName>
*             <MsgName>pain.001</MsgName>
*           </Service>
*         </BTUOrderParams>
*       </OrderDetails>
*       <BankPubKeyDigests>
*         <Authentication Version="X002" Algorithm="http://www.w3.org/2001/04/xmlenc#sha256">1H/rQr2Axe9hYTV2n/tCp+3UIQQ=</Authentication>
*         <Encryption Version="E002" Algorithm="http://www.w3.org/2001/04/xmlenc#sha256">2lwiueWOIER823jSoiOkjl+woeI=</Encryption>
*       </BankPubKeyDigests>
*       <SecurityMedium>0000</SecurityMedium>
*       <NumSegments>2</NumSegments>
*     </static>
*     <mutable>
*       <TransactionPhase>Initialisation</TransactionPhase>
*     </mutable>
*   </header><AuthSignature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
*   <ds:SignedInfo>
*     <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
*     <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
*     <ds:Reference URI="#xpointer(//*[@authenticate='true'])">
*       <ds:Transforms>
*         <ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
*       </ds:Transforms>
*       <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
*       <ds:DigestValue>jjLD90BedcIVxFENHse6pOnRubVUlHpKjXUF5BUd00k=</ds:DigestValue>
*     </ds:Reference>
*   </ds:SignedInfo>
*   <ds:SignatureValue>TlVgCXGf+3kKZ4LLwqxKoMaDZSBdiDRcGpdKB+tFZ7MZse9jDqtCai7PxcvRLC7yRGRj3XWrAB6IVqXh6tXGqiAtRfa7XjezvJTmUdMEJ3hTEgKqm7cKjjZX5C+lN5XTJghOy0X1bZBl/NBJu/aqY9s8PKsD5Cpm8bFkl2ReBBTCTSF5CRK3XZr+fvWuUX2sFrFS5UDXG8/cmhaKHT15LBOJgYuLYr80dtL251Jy20rIJ5KK8xUz9gpexE61Y/ml6mUPLm8YgdACRdNvCOPRLjCqYwFbnfgaVO6MtSRG819rWyNtBhqVxdzbntiV1UobKbwFiJ1LMMHF0NCo2LGLCw==</ds:SignatureValue>
* </AuthSignature>
*   <body>
*     <PreValidation authenticate="true">
*       <DataDigest SignatureVersion="A006"> MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI=</DataDigest>
*     </PreValidation>
*     <DataTransfer>
*       <DataEncryptionInfo authenticate="true">
*         <EncryptionPubKeyDigest Version="E002" Algorithm="http://www.w3.org/2001/04/xmlenc#sha256">..here hash value of the public bank key for encryption..</EncryptionPubKeyDigest>
*         <TransactionKey>EIGI4En6KEB6ArEzw+iq4N1wm6EptcyxXxStA...</TransactionKey>
*         <HostID>EBIXHOST</HostID>
*       </DataEncryptionInfo>
*       <SignatureData authenticate="true">n6KEB6ArEzw+iq4N1wm6EptcyxXxStAO...</SignatureData>
*       <DataDigest SignatureVersion="A006"> MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI=</DataDigest>
*     </DataTransfer>
*   </body>
* </ebicsRequest>

? "Here's the EBICS signed XML:"
? loSbXml.GetAsString()
? "----"

* Verify the signature we just produced...
loVerifier = CreateObject('Chilkat.XmlDSig')
lnSuccess = loVerifier.LoadSignatureSb(loSbXml)
IF (lnSuccess = 0) THEN
    ? loVerifier.LastErrorText
    RELEASE loSbXml
    RELEASE loGen
    RELEASE loCert
    RELEASE loVerifier
    CANCEL
ENDIF

* The signature has no KeyInfo, so we must externally provide the key.
loPubKey = CreateObject('Chilkat.PublicKey')
loCert.GetPublicKey(loPubKey)

lnSuccess = loVerifier.SetPublicKey(loPubKey)
IF (lnSuccess = 0) THEN
    ? loVerifier.LastErrorText
    RELEASE loSbXml
    RELEASE loGen
    RELEASE loCert
    RELEASE loVerifier
    RELEASE loPubKey
    CANCEL
ENDIF

lnSuccess = loVerifier.VerifySignature(1)
IF (lnSuccess = 0) THEN
    ? loVerifier.LastErrorText
    RELEASE loSbXml
    RELEASE loGen
    RELEASE loCert
    RELEASE loVerifier
    RELEASE loPubKey
    CANCEL
ENDIF

? "EBICS signature verified."

RELEASE loSbXml
RELEASE loGen
RELEASE loCert
RELEASE loVerifier
RELEASE loPubKey