PowerShell
PowerShell
Aadhaar Paperless Offline e-kyc
See more XML Digital Signatures Examples
Opens an encrypted .zip containing Aadhaar Paperless Offline e-KYC XML. Gets the XML and validates the digital signature. Then computes the hash for the mobile number and Email ID.Chilkat PowerShell Downloads
Add-Type -Path "C:\chilkat\ChilkatDotNet47-x64\ChilkatDotNet47.dll"
$success = $false
# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
# Open the .zip containing the Aadhaar Paperless Offline e-KYC XML.
# The .zip is encrypted using the "Share Phrase".
$zip = New-Object Chilkat.Zip
$success = $zip.OpenZip("qa_data/xml_dsig/offline_paperless_kyc.zip")
if ($success -eq $false) {
$($zip.LastErrorText)
exit
}
# The .zip should contain 1 XML file.
$entry = New-Object Chilkat.ZipEntry
$success = $zip.EntryAt(0,$entry)
if ($success -eq $false) {
$($zip.LastErrorText)
exit
}
# To get the contents, we need to specify the Share Phrase.
$sharePhrase = "Lock@487"
$zip.DecryptPassword = $sharePhrase
$bdXml = New-Object Chilkat.BinData
# The XML file will be unzipped into the bdXml object.
$success = $entry.UnzipToBd($bdXml)
if ($success -eq $false) {
$($entry.LastErrorText)
exit
}
# First verify the XML digital signature.
$dsig = New-Object Chilkat.XmlDSig
$success = $dsig.LoadSignatureBd($bdXml)
if ($success -eq $false) {
$($dsig.LastErrorText)
exit
}
# The UIDAI XML signature does not contain the KeyInfo, so we must load the uidai certificate
# and indicate that its public key is to be used for verifying the signature.
$cert = New-Object Chilkat.Cert
$success = $cert.LoadFromFile("qa_data/xml_dsig/uidai_auth_sign_prod_2023.cer")
if ($success -eq $false) {
$($cert.LastErrorText)
exit
}
# Get the certificate's public key.
$pubKey = New-Object Chilkat.PublicKey
$cert.GetPublicKey($pubKey)
$dsig.SetPublicKey($pubKey)
# The XML in this example contains only 1 signature.
$bVerifyReferenceDigests = $true
$bVerified = $dsig.VerifySignature($bVerifyReferenceDigests)
if ($bVerified -eq $false) {
$($dsig.LastErrorText)
$("The signature was not valid.")
exit
}
$("The XML digital signature is valid.")
# Let's compute the hash for the Mobile Number.
# Hashing logic for Mobile Number :
# Sha256(Sha256(Mobile+SharePhrase))*number of times last digit of Aadhaar number
# (Ref ID field contains last 4 digits).
#
# Example :
# Mobile: 1234567890
# Aadhaar Number:XXXX XXXX 3632
# Passcode : Lock@487
# Hash: Sha256(Sha256(1234567890Lock@487))*2
# In case of Aadhaar number ends with Zero we will hashed one time.
$crypt = New-Object Chilkat.Crypt2
$crypt.HashAlgorithm = "sha256"
$crypt.EncodingMode = "hexlower"
$strToHash = "1234567890Lock@487"
$bdHash = New-Object Chilkat.BinData
$success = $bdHash.AppendString($strToHash,"utf-8")
# Hash a number of times equal to the last digit of your Aadhaar number.
# If the Aadhaar number ends with 0, then hash one time.
# For this example, we'll just set the number of times to hash
# for the case where an Aadhaar number ends in "9"
$numTimesToHash = 9
for ($i = 1; $i -le $numTimesToHash; $i++) {
$tmpStr = $crypt.HashBdENC($bdHash)
$bdHash.Clear()
$bdHash.AppendString($tmpStr,"utf-8")
}
$("Computed Mobile hash = " + $bdHash.GetString("utf-8"))
# Let's get the mobile hash stored in the XML and compare it with our computed hash.
$xml = New-Object Chilkat.Xml
$success = $xml.LoadBd($bdXml,$true)
$m_hash = $xml.ChilkatPath("UidData|Poi|(m)")
$("Stored Mobile hash = " + $m_hash)
# Now do the same thing for the email hash:
$strToHash = "abc@gm.comLock@487"
$bdHash.Clear()
$success = $bdHash.AppendString($strToHash,"utf-8")
for ($i = 1; $i -le $numTimesToHash; $i++) {
$tmpStr = $crypt.HashBdENC($bdHash)
$bdHash.Clear()
$bdHash.AppendString($tmpStr,"utf-8")
}
$("Computed Email hash = " + $bdHash.GetString("utf-8"))
$e_hash = $xml.ChilkatPath("UidData|Poi|(e)")
$("Stored Email hash = " + $e_hash)