(Perl) Sign JSON (or any Text) to Create a Detached PKCS7 Signature

Demonstrates how to sign JSON or any string using a certificate + private key from a .p12/.pfx to create a detached PKCS7 signature. (A detached signature is one that does not embed the original signed data.)

Chilkat Perl Downloads Perl Module for Windows, MacOS, Linux, Alpine Linux, Solaris

use chilkat();

# This example assumes the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

$crypt = chilkat::CkCrypt2->new();

$cert = chilkat::CkCert->new();
$success = $cert->LoadPfxFile("qa_data/pfx/cert_test123.pfx","test123");
if ($success != 1) {
    print $cert->lastErrorText() . "\r\n";
    exit;
}

# Tell the crypt component to use this cert.
$success = $crypt->SetSigningCert($cert);
if ($success != 1) {
    print $crypt->lastErrorText() . "\r\n";
    exit;
}

$crypt->put_HashAlgorithm("sha256");

# By default, all the certs in the chain of authentication are included in the signature.
# If desired, we can choose to only include the signing certificate:
$crypt->put_IncludeCertChain(0);

# Create the detached signature, which does NOT contain the original data.
# To create a PKCS7 signature that contains the original data, see CAdES Sign JSON
$crypt->put_Charset("utf-8");
$detachedSig = chilkat::CkByteData->new();
$stringToSign = "{ \"abc\": 123}";
$success = $crypt->SignString($stringToSign,$detachedSig);
if ($crypt->get_LastMethodSuccess() == 0) {
    print $crypt->lastErrorText() . "\r\n";
    exit;
}

# Verify the signature against the original data.
$verified = $crypt->VerifyString($stringToSign,$detachedSig);
if ($verified == 0) {
    print $crypt->lastErrorText() . "\r\n";
    exit;
}

print "Success!" . "\r\n";