(Lianja) Create EBICS Signature (XMLDSIG)

See more EBICS Examples

Demonstrates how to create an EBICS signature. (EBICS is the Electronic Banking Internet Communication Standard)

Note: This example requires Chilkat v9.5.0.88 or above.

Chilkat Lianja Extension Download Chilkat Lianja Extension

// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

// This is the sample XML to be signed:

// <?xml version="1.0" encoding="UTF-8"?>
// <ebicsRequest
//   xmlns="urn:org:ebics:H005"
//   xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
//   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
//   xsi:schemaLocation="urn:org:ebics:H005 ebics_request_H005.xsd"
//   Version="H005" Revision="1">
//   <header authenticate="true">
//     <static>
//       <HostID>EBIXHOST</HostID>
//       <Nonce>BDA2312973890654FAC9879A89794E65</Nonce>
//       <Timestamp>2005-01-30T15:30:45.123Z</Timestamp>
//       <PartnerID>CUSTM001</PartnerID>
//       <UserID>USR100</UserID>
//       <Product Language="en" InstituteID="Institute ID">Product Identifier</Product>
//       <OrderDetails>
//         <AdminOrderType>BTU</AdminOrderType>
//         <BTUOrderParams>
//           <Service>
//             <ServiceName>SCT</ServiceName>
//             <MsgName>pain.001</MsgName>
//           </Service>
//         </BTUOrderParams>
//       </OrderDetails>
//       <BankPubKeyDigests>
//         <Authentication Version="X002" Algorithm="http://www.w3.org/2001/04/xmlenc#sha256">1H/rQr2Axe9hYTV2n/tCp+3UIQQ=</Authentication>
//         <Encryption Version="E002" Algorithm="http://www.w3.org/2001/04/xmlenc#sha256">2lwiueWOIER823jSoiOkjl+woeI=</Encryption>
//       </BankPubKeyDigests>
//       <SecurityMedium>0000</SecurityMedium>
//       <NumSegments>2</NumSegments>
//     </static>
//     <mutable>
//       <TransactionPhase>Initialisation</TransactionPhase>
//     </mutable>
//   </header>
//   <body>
//     <PreValidation authenticate="true">
//       <DataDigest SignatureVersion="A006"> MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI=</DataDigest>
//     </PreValidation>
//     <DataTransfer>
//       <DataEncryptionInfo authenticate="true">
//         <EncryptionPubKeyDigest Version="E002" Algorithm="http://www.w3.org/2001/04/xmlenc#sha256">..here hash value of the public bank key for encryption..</EncryptionPubKeyDigest>
//         <TransactionKey>EIGI4En6KEB6ArEzw+iq4N1wm6EptcyxXxStA...</TransactionKey>
//         <HostID>EBIXHOST</HostID>
//       </DataEncryptionInfo>
//       <SignatureData authenticate="true">n6KEB6ArEzw+iq4N1wm6EptcyxXxStAO...</SignatureData>
//       <DataDigest SignatureVersion="A006"> MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI=</DataDigest>
//     </DataTransfer>
//   </body>
// </ebicsRequest>

// Load the above XML from a file.
loSbXml = createobject("CkStringBuilder")
llSuccess = loSbXml.LoadFile("qa_data/xml_dsig/ebics/fileToSign.xml","utf-8")
if (llSuccess = .F.) then
    ? "Failed to load XML input file."
    release loSbXml
    return
endif

loGen = createobject("CkXmlDSigGen")

// We're going to insert the signature between the </header> and the <body>
loGen.SigLocation = "ebicsRequest|header"

// Set the SigLocationMod = 1 to insert *after* the SigLocation
loGen.SigLocationMod = 1

// We wish to use "ds" for the namespace..
loGen.SigNamespacePrefix = "ds"
loGen.SigNamespaceUri = "http://www.w3.org/2000/09/xmldsig#"

// Specify canonicalization and hash algorithms
loGen.SignedInfoCanonAlg = "C14N"
loGen.SignedInfoDigestMethod = "sha256"

// Add the reference.
// For EBICS signatures, we pass the special keyword "EBICS" in the 1st argument.
// This tells Chilkat to create the reference using URI="#xpointer(//*[@authenticate='true'])"
// The "EBICS" keyword was introduced in Chilkat v9.5.0.88.
loGen.AddSameDocRef("EBICS","sha256","C14N","","")

// Provide our certificate + private key. (PFX password is test123)
// (You'll use your own certificate, which can be loaded from many different sources by Chilkat, including smart cards.)
loCert = createobject("CkCert")
llSuccess = loCert.LoadPfxFile("qa_data/pfx/cert_test123.pfx","test123")
if (llSuccess = .F.) then
    ? loCert.LastErrorText
    release loSbXml
    release loGen
    release loCert
    return
endif

llSuccess = loGen.SetX509Cert(loCert,.T.)
if (llSuccess = .F.) then
    ? loGen.LastErrorText
    release loSbXml
    release loGen
    release loCert
    return
endif

// We don't want a KeyInfo to be included.
loGen.KeyInfoType = "None"

// Request an indented signature for readability.
// This can be removed after debugging (for a more compact signature).
loGen.Behaviors = "IndentedSignature"

// Sign the XML.
llSuccess = loGen.CreateXmlDSigSb(loSbXml)
if (llSuccess = .F.) then
    ? loGen.LastErrorText
    release loSbXml
    release loGen
    release loCert
    return
endif

// This is the XML with the EBICS signature added:

// <?xml version="1.0" encoding="UTF-8"?>
// <ebicsRequest
// xmlns="urn:org:ebics:H005"
// xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
// xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
// xsi:schemaLocation="urn:org:ebics:H005 ebics_request_H005.xsd"
// Version="H005" Revision="1">
//   <header authenticate="true">
//     <static>
//       <HostID>EBIXHOST</HostID>
//       <Nonce>BDA2312973890654FAC9879A89794E65</Nonce>
//       <Timestamp>2005-01-30T15:30:45.123Z</Timestamp>
//       <PartnerID>CUSTM001</PartnerID>
//       <UserID>USR100</UserID>
//       <Product Language="en" InstituteID="Institute ID">Product Identifier</Product>
//       <OrderDetails>
//         <AdminOrderType>BTU</AdminOrderType>
//         <BTUOrderParams>
//           <Service>
//             <ServiceName>SCT</ServiceName>
//             <MsgName>pain.001</MsgName>
//           </Service>
//         </BTUOrderParams>
//       </OrderDetails>
//       <BankPubKeyDigests>
//         <Authentication Version="X002" Algorithm="http://www.w3.org/2001/04/xmlenc#sha256">1H/rQr2Axe9hYTV2n/tCp+3UIQQ=</Authentication>
//         <Encryption Version="E002" Algorithm="http://www.w3.org/2001/04/xmlenc#sha256">2lwiueWOIER823jSoiOkjl+woeI=</Encryption>
//       </BankPubKeyDigests>
//       <SecurityMedium>0000</SecurityMedium>
//       <NumSegments>2</NumSegments>
//     </static>
//     <mutable>
//       <TransactionPhase>Initialisation</TransactionPhase>
//     </mutable>
//   </header><AuthSignature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
//   <ds:SignedInfo>
//     <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
//     <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
//     <ds:Reference URI="#xpointer(//*[@authenticate='true'])">
//       <ds:Transforms>
//         <ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
//       </ds:Transforms>
//       <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
//       <ds:DigestValue>jjLD90BedcIVxFENHse6pOnRubVUlHpKjXUF5BUd00k=</ds:DigestValue>
//     </ds:Reference>
//   </ds:SignedInfo>
//   <ds:SignatureValue>TlVgCXGf+3kKZ4LLwqxKoMaDZSBdiDRcGpdKB+tFZ7MZse9jDqtCai7PxcvRLC7yRGRj3XWrAB6IVqXh6tXGqiAtRfa7XjezvJTmUdMEJ3hTEgKqm7cKjjZX5C+lN5XTJghOy0X1bZBl/NBJu/aqY9s8PKsD5Cpm8bFkl2ReBBTCTSF5CRK3XZr+fvWuUX2sFrFS5UDXG8/cmhaKHT15LBOJgYuLYr80dtL251Jy20rIJ5KK8xUz9gpexE61Y/ml6mUPLm8YgdACRdNvCOPRLjCqYwFbnfgaVO6MtSRG819rWyNtBhqVxdzbntiV1UobKbwFiJ1LMMHF0NCo2LGLCw==</ds:SignatureValue>
// </AuthSignature>
//   <body>
//     <PreValidation authenticate="true">
//       <DataDigest SignatureVersion="A006"> MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI=</DataDigest>
//     </PreValidation>
//     <DataTransfer>
//       <DataEncryptionInfo authenticate="true">
//         <EncryptionPubKeyDigest Version="E002" Algorithm="http://www.w3.org/2001/04/xmlenc#sha256">..here hash value of the public bank key for encryption..</EncryptionPubKeyDigest>
//         <TransactionKey>EIGI4En6KEB6ArEzw+iq4N1wm6EptcyxXxStA...</TransactionKey>
//         <HostID>EBIXHOST</HostID>
//       </DataEncryptionInfo>
//       <SignatureData authenticate="true">n6KEB6ArEzw+iq4N1wm6EptcyxXxStAO...</SignatureData>
//       <DataDigest SignatureVersion="A006"> MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI=</DataDigest>
//     </DataTransfer>
//   </body>
// </ebicsRequest>

? "Here's the EBICS signed XML:"
? loSbXml.GetAsString()
? "----"

// Verify the signature we just produced...
loVerifier = createobject("CkXmlDSig")
llSuccess = loVerifier.LoadSignatureSb(loSbXml)
if (llSuccess = .F.) then
    ? loVerifier.LastErrorText
    release loSbXml
    release loGen
    release loCert
    release loVerifier
    return
endif

// The signature has no KeyInfo, so we must externally provide the key.
loPubKey = loCert.ExportPublicKey()
llSuccess = loVerifier.SetPublicKey(loPubKey)
if (llSuccess = .F.) then
    ? loVerifier.LastErrorText
    release loPubKey
    release loSbXml
    release loGen
    release loCert
    release loVerifier
    return
endif

release loPubKey

llSuccess = loVerifier.VerifySignature(.T.)
if (llSuccess = .F.) then
    ? loVerifier.LastErrorText
    release loSbXml
    release loGen
    release loCert
    release loVerifier
    return
endif

? "EBICS signature verified."


release loSbXml
release loGen
release loCert
release loVerifier