Sample code for 30+ languages & platforms
PowerShell

Create XAdES using Smart Card or USB Token

See more XAdES Examples

Demonstrates how to create an XAdES signed XML document using a certificate located on a smartcard or USB token.

Chilkat PowerShell Downloads

PowerShell
Add-Type -Path "C:\chilkat\ChilkatDotNet47-x64\ChilkatDotNet47.dll"

$success = $false

# Load the XML to be signed.
$xmlToSign = New-Object Chilkat.Xml
$success = $xmlToSign.LoadXmlFile("qa_data/fattura_electronica/docToSign.xml")
if ($success -eq $false) {
    $($xmlToSign.LastErrorText)
    exit
}

$gen = New-Object Chilkat.XmlDSigGen

$gen.SigLocation = "p:FatturaElettronica"
$gen.SigId = "xmldsig-6f4b994a-7191-4bb1-ab3c-17549515b504"
$gen.SigNamespacePrefix = "ds"
$gen.SigNamespaceUri = "http://www.w3.org/2000/09/xmldsig#"
$gen.SigValueId = "xmldsig-6f4b994a-7191-4bb1-ab3c-17549515b504-sigvalue"
$gen.SignedInfoCanonAlg = "C14N"
$gen.SignedInfoDigestMethod = "sha256"

# Create an Object to be added to the Signature.
# Note: Chilkat will automatically populate the strings indicated by "TO BE GENERATED BY CHILKAT" with actual/correct values
# when the XML is signed.
$object1 = New-Object Chilkat.Xml
$object1.Tag = "xades:QualifyingProperties"
$object1.AddAttribute("xmlns:xades","http://uri.etsi.org/01903/v1.3.2#")
$object1.AddAttribute("xmlns:xades141","http://uri.etsi.org/01903/v1.4.1#")
$object1.AddAttribute("Target","#xmldsig-6f4b994a-7191-4bb1-ab3c-17549515b504")
$object1.UpdateAttrAt("xades:SignedProperties",$true,"Id","xmldsig-6f4b994a-7191-4bb1-ab3c-17549515b504-signedprops")
$object1.UpdateChildContent("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningTime","TO BE GENERATED BY CHILKAT")
$object1.UpdateAttrAt("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestMethod",$true,"Algorithm","http://www.w3.org/2001/04/xmlenc#sha256")
$object1.UpdateChildContent("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestValue","TO BE GENERATED BY CHILKAT")
$object1.UpdateChildContent("xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:IssuerSerialV2","TO BE GENERATED BY CHILKAT")

$gen.AddObject("",$object1.GetXml(),"","")

# -------- Reference 1 --------
$gen.KeyInfoId = "xmldsig-6f4b994a-7191-4bb1-ab3c-17549515b504-keyinfo"
$gen.AddSameDocRef("xmldsig-6f4b994a-7191-4bb1-ab3c-17549515b504-keyinfo","sha256","","","")

# -------- Reference 2 --------
$gen.AddSameDocRef("","sha256","","","")
$gen.SetRefIdAttr("","xmldsig-6f4b994a-7191-4bb1-ab3c-17549515b504-ref0")

# -------- Reference 3 --------
$gen.AddObjectRef("xmldsig-6f4b994a-7191-4bb1-ab3c-17549515b504-signedprops","sha256","","","http://uri.etsi.org/01903#SignedProperties")

# ----------------------------------------------------------------
#  Load a certificate that has been pre-installed on the Windows system
#  This includes certificates on smartcards and USB tokens
$cert = New-Object Chilkat.Cert

#  You may provide the PIN here..
$cert.SmartCardPin = "000000"

# Load the certificate on the smartcard currently in the reader (or on the USB token).
# Pass an empty string to allow Chilkat to automatically choose the CSP (Cryptographi Service Provider).
# See Load Certificate on Smartcard for information about explicitly selecting a particular CSP.
$success = $cert.LoadFromSmartcard("")
if ($success -eq $false) {
    $($cert.LastErrorText)
    exit
}

$gen.SetX509Cert($cert,$true)
$gen.KeyInfoType = "X509Data"
$gen.X509Type = "Certificate"

# Load XML to be signed...
$sbXml = New-Object Chilkat.StringBuilder
$xmlToSign.GetXmlSb($sbXml)

$gen.Behaviors = "IndentedSignature,ForceAddEnvelopedSignatureTransform"

# Sign the XML...
$success = $gen.CreateXmlDSigSb($sbXml)
if ($success -eq $false) {
    $($gen.LastErrorText)
    exit
}

# Save the signed XMl to a file.
$success = $sbXml.WriteFile("qa_output/signedXml.xml","utf-8",$false)

$($sbXml.GetAsString())

# ----------------------------------------
# Verify the signature we just produced...
$verifier = New-Object Chilkat.XmlDSig
$success = $verifier.LoadSignatureSb($sbXml)
if ($success -eq $false) {
    $($verifier.LastErrorText)
    exit
}

$verified = $verifier.VerifySignature($true)
if ($verified -ne $true) {
    $($verifier.LastErrorText)
    exit
}

$("This signature was successfully verified.")