Sample code for 30+ languages & platforms
PHP Extension

Create XAdES using Smart Card or USB Token

See more XAdES Examples

Demonstrates how to create an XAdES signed XML document using a certificate located on a smartcard or USB token.

Chilkat PHP Extension Downloads

PHP Extension
<?php

include("chilkat.php");

$success = false;

// Load the XML to be signed.
$xmlToSign = new CkXml();
$success = $xmlToSign->LoadXmlFile('qa_data/fattura_electronica/docToSign.xml');
if ($success == false) {
    print $xmlToSign->lastErrorText() . "\n";
    exit;
}

$gen = new CkXmlDSigGen();

$gen->put_SigLocation('p:FatturaElettronica');
$gen->put_SigId('xmldsig-6f4b994a-7191-4bb1-ab3c-17549515b504');
$gen->put_SigNamespacePrefix('ds');
$gen->put_SigNamespaceUri('http://www.w3.org/2000/09/xmldsig#');
$gen->put_SigValueId('xmldsig-6f4b994a-7191-4bb1-ab3c-17549515b504-sigvalue');
$gen->put_SignedInfoCanonAlg('C14N');
$gen->put_SignedInfoDigestMethod('sha256');

// Create an Object to be added to the Signature.
// Note: Chilkat will automatically populate the strings indicated by "TO BE GENERATED BY CHILKAT" with actual/correct values
// when the XML is signed.
$object1 = new CkXml();
$object1->put_Tag('xades:QualifyingProperties');
$object1->AddAttribute('xmlns:xades','http://uri.etsi.org/01903/v1.3.2#');
$object1->AddAttribute('xmlns:xades141','http://uri.etsi.org/01903/v1.4.1#');
$object1->AddAttribute('Target','#xmldsig-6f4b994a-7191-4bb1-ab3c-17549515b504');
$object1->UpdateAttrAt('xades:SignedProperties',true,'Id','xmldsig-6f4b994a-7191-4bb1-ab3c-17549515b504-signedprops');
$object1->UpdateChildContent('xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningTime','TO BE GENERATED BY CHILKAT');
$object1->UpdateAttrAt('xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestMethod',true,'Algorithm','http://www.w3.org/2001/04/xmlenc#sha256');
$object1->UpdateChildContent('xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestValue','TO BE GENERATED BY CHILKAT');
$object1->UpdateChildContent('xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:IssuerSerialV2','TO BE GENERATED BY CHILKAT');

$gen->AddObject('',$object1->getXml(),'','');

// -------- Reference 1 --------
$gen->put_KeyInfoId('xmldsig-6f4b994a-7191-4bb1-ab3c-17549515b504-keyinfo');
$gen->AddSameDocRef('xmldsig-6f4b994a-7191-4bb1-ab3c-17549515b504-keyinfo','sha256','','','');

// -------- Reference 2 --------
$gen->AddSameDocRef('','sha256','','','');
$gen->SetRefIdAttr('','xmldsig-6f4b994a-7191-4bb1-ab3c-17549515b504-ref0');

// -------- Reference 3 --------
$gen->AddObjectRef('xmldsig-6f4b994a-7191-4bb1-ab3c-17549515b504-signedprops','sha256','','','http://uri.etsi.org/01903#SignedProperties');

// ----------------------------------------------------------------
//  Load a certificate that has been pre-installed on the Windows system
//  This includes certificates on smartcards and USB tokens
$cert = new CkCert();

//  You may provide the PIN here..
$cert->put_SmartCardPin('000000');

// Load the certificate on the smartcard currently in the reader (or on the USB token).
// Pass an empty string to allow Chilkat to automatically choose the CSP (Cryptographi Service Provider).
// See Load Certificate on Smartcard for information about explicitly selecting a particular CSP.
$success = $cert->LoadFromSmartcard('');
if ($success == false) {
    print $cert->lastErrorText() . "\n";
    exit;
}

$gen->SetX509Cert($cert,true);
$gen->put_KeyInfoType('X509Data');
$gen->put_X509Type('Certificate');

// Load XML to be signed...
$sbXml = new CkStringBuilder();
$xmlToSign->GetXmlSb($sbXml);

$gen->put_Behaviors('IndentedSignature,ForceAddEnvelopedSignatureTransform');

// Sign the XML...
$success = $gen->CreateXmlDSigSb($sbXml);
if ($success == false) {
    print $gen->lastErrorText() . "\n";
    exit;
}

// Save the signed XMl to a file.
$success = $sbXml->WriteFile('qa_output/signedXml.xml','utf-8',false);

print $sbXml->getAsString() . "\n";

// ----------------------------------------
// Verify the signature we just produced...
$verifier = new CkXmlDSig();
$success = $verifier->LoadSignatureSb($sbXml);
if ($success == false) {
    print $verifier->lastErrorText() . "\n";
    exit;
}

$verified = $verifier->VerifySignature(true);
if ($verified != true) {
    print $verifier->lastErrorText() . "\n";
    exit;
}

print 'This signature was successfully verified.' . "\n";

?>