Chilkat Examples

ChilkatHOMEAndroid™AutoItCC#C++Chilkat2-PythonCkPythonClassic ASPDataFlexDelphi DLLGoJavaJavaScriptNode.jsObjective-CPHP ExtensionPerlPowerBuilderPowerShellPureBasicRubySQL ServerSwiftTclUnicode CUnicode C++VB.NETVBScriptVisual Basic 6.0Visual FoxProXojo Plugin

PureBasic Examples
Web API Categories

AI
ASN.1
AWS KMS
AWS Misc
Amazon EC2
Amazon Glacier
Amazon S3
Amazon S3 (new)
Amazon SES
Amazon SNS
Amazon SQS
Apple Keychain
Async
Azure Cloud Storage
Azure Key Vault
Azure Service Bus
Azure Table Service
Base64
Box
CAdES
CSR
CSV
Cert Store
Certificates
Cloud Signature CSC
Code Signing
Compression
DKIM / DomainKey
DNS
DSA
Diffie-Hellman
Digital Signatures
Dropbox
Dynamics CRM
EBICS
ECC
Ed25519
Email Object
Encryption
FTP
FileAccess
Firebase
GMail REST API
GMail SMTP/IMAP/POP
Geolocation
Google APIs
Google Calendar
Google Cloud SQL
Google Cloud Storage
Google Drive
Google Photos
Google Sheets
Google Tasks
Gzip
HTML-to-XML/Text
HTTP
HTTP Misc
IMAP
JSON
JSON Web Encryption (JWE)
JSON Web Signatures (JWS)
JSON Web Token (JWT)
Java KeyStore (JKS)
JavaScript
MHT / HTML Email
MIME
Markdown
Microsoft Graph
Misc
NTLM
OAuth1
OAuth2
OIDC
Office365
OneDrive
OpenSSL
Outlook
Outlook Calendar
Outlook Contact
PDF Signatures
PEM
PFX/P12
PKCS11
POP3
PRNG
REST
REST Misc
RSA
Regular Expressions
SCP
SCard
SFTP
SMTP
SSH
SSH Key
SSH Tunnel
ScMinidriver
Secrets
SharePoint
Signing in the Cloud
Socket/SSL/TLS
Spider
Stream
Tar Archive
ULID/UUID
Upload
WebSocket
X
XAdES
XML
XML Digital Signatures
XMP
Zip
curl
uncategorized

 

 

 

(PureBasic) Sign PDF using ARSS (Aruba Remote Signing Service)

See more Signing in the Cloud Examples

Demonstrates how to digitally sign a PDF using the Aruba Remote Signing Service (ARSS). The example loads a local PDF and certificate, configures the ARSS cloud signer credentials, specifies the OTP authentication type with typeOtpAuth, and creates an LTV-enabled signed PDF where the private key remains protected on the Aruba signing server.

Note: This example requires Chilkat v11.5.0 or greater.

Chilkat PureBasic Module Download

Chilkat PureBasic Module

IncludeFile "CkCert.pb"
IncludeFile "CkJsonObject.pb"
IncludeFile "CkPdf.pb"

Procedure ChilkatExample()

    success.i = 0

    ; This example requires the Chilkat API to have been previously unlocked.
    ; See Global Unlock Sample for sample code.

    pdf.i = CkPdf::ckCreate()
    If pdf.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    ; Load the PDF that will be digitally signed.
    success = CkPdf::ckLoadFile(pdf,"qa_data/pdf/hello.pdf")
    If success = 0
        Debug CkPdf::ckLastErrorText(pdf)
        CkPdf::ckDispose(pdf)
        ProcedureReturn
    EndIf

    ; Signing options are specified in a JSON object.
    json.i = CkJsonObject::ckCreate()
    If json.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    ; Enable LTV (Long-Term Validation).
    ; When ltvOcsp is true, OCSP validation information is embedded in the PDF
    ; so that signature validation can continue to succeed in the future,
    ; even if the original OCSP responder is no longer available.
    CkJsonObject::ckUpdateBool(json,"ltvOcsp",1)

    ; Specify the visual appearance of the signature on the PDF page.
    CkJsonObject::ckUpdateInt(json,"page",1)
    CkJsonObject::ckUpdateString(json,"appearance.y","top")
    CkJsonObject::ckUpdateString(json,"appearance.x","left")
    CkJsonObject::ckUpdateString(json,"appearance.fontScale","10.0")

    ; Text lines displayed in the visible signature appearance.
    ; Special values such as "cert_cn" and "current_dt" are replaced
    ; with the certificate common name and current date/time.
    CkJsonObject::ckUpdateString(json,"appearance.text[0]","Digitally signed by: cert_cn")
    CkJsonObject::ckUpdateString(json,"appearance.text[1]","current_dt")
    CkJsonObject::ckUpdateString(json,"appearance.text[2]","This is an LTV-enabled signature.")

    ; Load the signing certificate.
    ; 
    ; The private key is NOT stored locally.  Instead, the private key is
    ; stored and protected on the Aruba Remote Signing Service (ARSS).
    ; 
    ; Even though the signing operation will occur remotely, Chilkat still
    ; needs the corresponding public certificate locally so that it can
    ; construct the CMS/PAdES signature and embed the certificate chain
    ; in the signed PDF.
    cert.i = CkCert::ckCreate()
    If cert.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success = CkCert::ckLoadFromFile(cert,"qa_data/certs/myCert.cer")
    If success = 0
        Debug CkCert::ckLastErrorText(cert)
        CkPdf::ckDispose(pdf)
        CkJsonObject::ckDispose(json)
        CkCert::ckDispose(cert)
        ProcedureReturn
    EndIf

    ; Configure Aruba Remote Signing Service (ARSS) credentials.
    ; 
    ; When SetCloudSigner is called, Chilkat is instructed to perform
    ; cryptographic signing operations through the ARSS web service.
    ; The PDF is assembled locally, but the actual RSA signature operation
    ; is performed remotely using the private key held by Aruba.
    jsonArss.i = CkJsonObject::ckCreate()
    If jsonArss.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    ; Required.  Indicates that the cloud signing provider is ARSS.
    CkJsonObject::ckUpdateString(jsonArss,"service","ARSS")

    ; The ARSS certificate identifier (for example, "AS0").
    ; This identifies which remote certificate/private key pair should be used.
    ; The remote certificate should correspond to the certificate loaded above.
    CkJsonObject::ckUpdateString(jsonArss,"certID","YOUR_ARSS_CERT_ID")

    ; OTP password associated with the Aruba remote-signing account.
    ; Depending on the ARSS configuration, an OTP may be required to
    ; authorize each signing operation.
    CkJsonObject::ckUpdateString(jsonArss,"otpPwd","YOUR_OTP_PWD")

    ; Specifies the OTP authentication environment.
    ; 
    ; Common values are:
    ;   "demoprod" - Demo/Test environment
    ;   "prod"     - Production environment
    ; 
    ; This value is sent to the ARSS service and determines how the OTP
    ; authentication is validated.  The correct value depends on the type
    ; of Aruba account and environment that has been provisioned.
    ; 
    ; If signing fails with an authentication-related error, verify that
    ; the typeOtpAuth value matches the environment associated with the
    ; ARSS account credentials being used.
    CkJsonObject::ckUpdateString(jsonArss,"typeOtpAuth","demoprod")

    ; ARSS account username.
    CkJsonObject::ckUpdateString(jsonArss,"user","YOUR_ARSS_USERNAME")

    ; ARSS account password.
    CkJsonObject::ckUpdateString(jsonArss,"userPWD","YOUR_ARSS_PASSWORD")

    ; Beginning with Chilkat v11.5.0, the ARSS endpoint can be explicitly
    ; specified.  This allows the application to target a particular
    ; Aruba signing service endpoint when required.
    CkJsonObject::ckUpdateString(jsonArss,"endpoint","https://app1.firma-remota.it/ArubaSignerService/webresources/signerservice")

    success = CkCert::ckSetCloudSigner(cert,jsonArss)
    If success = 0
        Debug CkCert::ckLastErrorText(cert)
        CkPdf::ckDispose(pdf)
        CkJsonObject::ckDispose(json)
        CkCert::ckDispose(cert)
        CkJsonObject::ckDispose(jsonArss)
        ProcedureReturn
    EndIf

    ; Associate the certificate with the PDF object.
    ; All subsequent signing operations will use this certificate.
    success = CkPdf::ckSetSigningCert(pdf,cert)
    If success = 0
        Debug CkPdf::ckLastErrorText(pdf)
        CkPdf::ckDispose(pdf)
        CkJsonObject::ckDispose(json)
        CkCert::ckDispose(cert)
        CkJsonObject::ckDispose(jsonArss)
        ProcedureReturn
    EndIf

    ; Create the signed PDF.
    ; 
    ; Chilkat performs all PDF processing locally.  When the time comes
    ; to generate the cryptographic signature value, Chilkat sends the
    ; hash to ARSS, which signs it using the remote private key and returns
    ; the signature.  The private key never leaves the Aruba service.
    success = CkPdf::ckSignPdf(pdf,json,"qa_output/hello_ltv_signed.pdf")
    If success = 0
        Debug CkPdf::ckLastErrorText(pdf)
        CkPdf::ckDispose(pdf)
        CkJsonObject::ckDispose(json)
        CkCert::ckDispose(cert)
        CkJsonObject::ckDispose(jsonArss)
        ProcedureReturn
    EndIf

    Debug "The PDF has been successfully cryptographically signed with long-term validation."


    CkPdf::ckDispose(pdf)
    CkJsonObject::ckDispose(json)
    CkCert::ckDispose(cert)
    CkJsonObject::ckDispose(jsonArss)


    ProcedureReturn
EndProcedure
 

© 2000-2026 Chilkat Software, Inc. All Rights Reserved.