(PowerBuilder) RSASSA-PSS Sign String to Create Base64 PCKS7 Signature

Signs a string to create a PKCS7 signature in the base64 encoding. The signature algorithm is RSASSA-PSS with SHA256.

Note: This example requires Chilkat v9.5.0.67 or greater.

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows

integer li_rc
oleobject loo_Crypt
oleobject loo_Pfx
integer li_Success
oleobject loo_Cert
string ls_OriginalText
string ls_Pkcs7sig
string ls_OpaqueSig
string ls_OrigTxt

// This example requires the Chilkat Crypt API to have been previously unlocked.
// See Unlock Chilkat Crypt for sample code.

loo_Crypt = create oleobject
// Use "Chilkat_9_5_0.Crypt2" for versions of Chilkat < 10.0.0
li_rc = loo_Crypt.ConnectToNewObject("Chilkat.Crypt2")
if li_rc < 0 then
    destroy loo_Crypt
    MessageBox("Error","Connecting to COM object failed")
    return
end if

// Get a digital certificate with private key from a .pfx
// (Chilkat has many different ways to provide a cert + private key for siging.
// Using a PFX is just one possible option.)
loo_Pfx = create oleobject
// Use "Chilkat_9_5_0.Pfx" for versions of Chilkat < 10.0.0
li_rc = loo_Pfx.ConnectToNewObject("Chilkat.Pfx")

li_Success = loo_Pfx.LoadPfxFile("qa_data/rsassa-pss/privatekey.pfx","PFX_PASSWORD")
if li_Success <> 1 then
    Write-Debug loo_Pfx.LastErrorText
    destroy loo_Crypt
    destroy loo_Pfx
    return
end if

// Get the certificate to be used for signing.
// (The typical case for a PFX is that it contains a cert with an associated private key,
// as well as other certificates in the chain of authentication.  The cert with the private
// key should be in the first position at index 0.)
loo_Cert = loo_Pfx.GetCert(0)
if loo_Pfx.LastMethodSuccess <> 1 then
    Write-Debug loo_Pfx.LastErrorText
    destroy loo_Crypt
    destroy loo_Pfx
    return
end if

loo_Crypt.SetSigningCert(loo_Cert)

// Indicate that RSASSA-PSS with SHA256 should be used.
loo_Crypt.SigningAlg = "pss"
loo_Crypt.HashAlgorithm = "sha256"

loo_Crypt.EncodingMode = "base64"

// Sign a string and return the base64 PKCS7 detached signature
ls_OriginalText = "This is a test"
ls_Pkcs7sig = loo_Crypt.SignStringENC(ls_OriginalText)
Write-Debug "Detached Signature:"
Write-Debug ls_Pkcs7sig

// This signature looks like this:
// MIIG5wYJKoZIhvcNAQcCoIIG2DCCBtQCAQExDzANBgl .. YToLqEwTdU87ox5g7rvw==

// The ASN.1 of the signature can be examined by browsing to https://lapo.it/asn1js/ ,
// then copy-and-paste the Base64 signature into the form and decode..

// The signature can be verified against the original data like this:
li_Success = loo_Crypt.VerifyStringENC(ls_OriginalText,ls_Pkcs7sig)
Write-Debug "Signature verified: " + string(li_Success)
li_Success = loo_Crypt.VerifyStringENC("Not the original text",ls_Pkcs7sig)
Write-Debug "Signature verified: " + string(li_Success)

// Now we'll create an opaque signature (the opposite of a detached signature). 
// An opaque signature is a PKCS7 message that contains both the original data and
// the signature.  The verification process extracts the original data.
ls_OpaqueSig = loo_Crypt.OpaqueSignStringENC(ls_OriginalText)
Write-Debug "Opaque Signature:"
Write-Debug ls_OpaqueSig

// The ASN.1 of the signature can be examined by browsing to https://lapo.it/asn1js/ ,
// then copy-and-paste the Base64 signature into the form and decode..

// We can verify and extract the original data:
ls_OrigTxt = loo_Crypt.OpaqueVerifyStringENC(ls_OpaqueSig)
if loo_Crypt.LastMethodSuccess <> 1 then
    Write-Debug "Signature verification failed."
    Write-Debug loo_Crypt.LastErrorText
    destroy loo_Cert
    destroy loo_Crypt
    destroy loo_Pfx
    return
end if

Write-Debug "Signature verified."
Write-Debug "Extracted text:" + ls_OrigTxt

destroy loo_Cert


destroy loo_Crypt
destroy loo_Pfx