Sample code for 30+ languages & platforms
PureBasic

Create CAdES (p7m) Signature using ARSS (Aruba Remote Signing Service)

See more Signing in the Cloud Examples

Demonstrates creating a CAdES (p7m) signature using the Aruba Remote Signing Service.

Chilkat PureBasic Downloads

PureBasic
IncludeFile "CkCert.pb"
IncludeFile "CkJsonObject.pb"
IncludeFile "CkCrypt2.pb"

Procedure ChilkatExample()

    success.i = 0

    ; This example assumes the Chilkat API to have been previously unlocked.
    ; See Global Unlock Sample for sample code.

    ; Load the certificate used for signing.  The certificate's private key is stored on 
    ; the Aruba.it server and the signing will happen remotely using the
    ; ARSS (Aruba Remote Signing Service).
    ; However, we still need the certificate locally (without private key).
    cert.i = CkCert::ckCreate()
    If cert.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success = CkCert::ckLoadFromFile(cert,"qa_data/certs/myCert.cer")
    If success = 0
        Debug CkCert::ckLastErrorText(cert)
        CkCert::ckDispose(cert)
        ProcedureReturn
    EndIf

    ; To sign using the Aruba Remote Signing Service, 
    ; add the following lines of code to specify your authentication credentials,
    ; and the ID of the certificate w/ private key on the server to be used.
    jsonArss.i = CkJsonObject::ckCreate()
    If jsonArss.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    ; Set the "service" equal to "ARSS" to tell Chilkat to use ARSS for signing.
    CkJsonObject::ckUpdateString(jsonArss,"service","ARSS")
    ; Specify the certificate ID, such as "AS0"
    ; This certificate should match the certificate loaded in the above code.
    CkJsonObject::ckUpdateString(jsonArss,"certID","YOUR_ARSS_CERT_ID")
    CkJsonObject::ckUpdateString(jsonArss,"otpPwd","YOUR_OTP_PWD")

    ; Specifies the OTP authentication environment.
    ; 
    ; Common values are:
    ;   "demoprod" - Demo/Test environment
    ;   "prod"     - Production environment
    ; 
    ; This value is sent to the ARSS service and determines how the OTP
    ; authentication is validated.  The correct value depends on the type
    ; of Aruba account and environment that has been provisioned.
    ; 
    ; If signing fails with an authentication-related error, verify that
    ; the typeOtpAuth value matches the environment associated with the
    ; ARSS account credentials being used.
    CkJsonObject::ckUpdateString(jsonArss,"typeOtpAuth","demoprod")

    CkJsonObject::ckUpdateString(jsonArss,"user","YOUR_ARSS_USERNAME")
    CkJsonObject::ckUpdateString(jsonArss,"userPWD","YOUR_ARSS_PASSWORD")

    ; The "endpoint" can be specified starting in Chilkat v11.5.0
    CkJsonObject::ckUpdateString(jsonArss,"endpoint","https://app1.firma-remota.it/ArubaSignerService/webresources/signerservice")

    success = CkCert::ckSetCloudSigner(cert,jsonArss)

    crypt.i = CkCrypt2::ckCreate()
    If crypt.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success = CkCrypt2::ckSetSigningCert(crypt,cert)
    If success = 0
        Debug CkCrypt2::ckLastErrorText(crypt)
        CkCert::ckDispose(cert)
        CkJsonObject::ckDispose(jsonArss)
        CkCrypt2::ckDispose(crypt)
        ProcedureReturn
    EndIf

    ; The CadesEnabled property applies to all methods that create PKCS7 signatures. 
    ; To create a CAdES-BES signature, set this property equal to true.
    CkCrypt2::setCkCadesEnabled(crypt, 1)

    CkCrypt2::setCkHashAlgorithm(crypt, "sha256")

    signedAttrs.i = CkJsonObject::ckCreate()
    If signedAttrs.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    CkJsonObject::ckUpdateInt(signedAttrs,"contentType",1)
    CkJsonObject::ckUpdateInt(signedAttrs,"signingTime",1)
    CkJsonObject::ckUpdateInt(signedAttrs,"messageDigest",1)
    CkJsonObject::ckUpdateInt(signedAttrs,"signingCertificateV2",1)
    CkCrypt2::setCkSigningAttributes(crypt, CkJsonObject::ckEmit(signedAttrs))

    ; You can sign any type of file..
    inputXmlPath.s = "qa_data/e-Invoice.xml"
    outputP7mPath.s = "qa_output/signed.p7m"

    ; Create the CAdES-BES attached signature, which contains the original data.
    ; Chilkat will build the .p7m locally, but will (internally) use ARSS
    ; to do the RSA signing remotely.
    success = CkCrypt2::ckCreateP7M(crypt,inputXmlPath,outputP7mPath)
    If success = 0
        Debug CkCrypt2::ckLastErrorText(crypt)
        CkCert::ckDispose(cert)
        CkJsonObject::ckDispose(jsonArss)
        CkCrypt2::ckDispose(crypt)
        CkJsonObject::ckDispose(signedAttrs)
        ProcedureReturn
    EndIf

    Debug "Success."


    CkCert::ckDispose(cert)
    CkJsonObject::ckDispose(jsonArss)
    CkCrypt2::ckDispose(crypt)
    CkJsonObject::ckDispose(signedAttrs)


    ProcedureReturn
EndProcedure