PureBasic
PureBasic
Create and Verify an Opaque PKCS7/CMS Signature
See more Digital Signatures Examples
Demonstrates how to create a PKCS7 opaque signature, and also how to verify an opaque signature. An opaque signature is different than a detached PKCS7 signature in that it contains the original data. Verifying an opaque signature retrieves the original content.Chilkat PureBasic Downloads
IncludeFile "CkCert.pb"
IncludeFile "CkPrivateKey.pb"
IncludeFile "CkCrypt2.pb"
Procedure ChilkatExample()
success.i = 0
; This example assumes the Chilkat API to have been previously unlocked.
; See Global Unlock Sample for sample code.
crypt.i = CkCrypt2::ckCreate()
If crypt.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
; A certificate and private key is needed to create a signature.
; Chilkat provides many different ways to load a certificate and private key, such
; as from a PFX/.p12, Java keystore, JWK, Windows registry-based certificate stores, and other sources.
; This example will load the certificate from a .crt and the private key from a .key file
cert.i = CkCert::ckCreate()
If cert.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
; The LoadFromFile method will automatically detect the format and load it.
success = CkCert::ckLoadFromFile(cert,"qa_data/certs/test_12345678a.cer")
If success <> 1
Debug CkCert::ckLastErrorText(cert)
CkCrypt2::ckDispose(crypt)
CkCert::ckDispose(cert)
ProcedureReturn
EndIf
; Our private key is in an encrypted PKCS8 format.
; If you don't know the format of your key, but you do know it's encrypted,
; and requires a password, then just call any of the Chilkat methods that load
; a private key w/ a password argument. Chilkat will auto-detect the format
; and load it correctly even if it's not the format indicated by the method name..
privKey.i = CkPrivateKey::ckCreate()
If privKey.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
password.s = "12345678a"
success = CkPrivateKey::ckLoadPkcs8EncryptedFile(privKey,"qa_data/certs/test_12345678a.key",password)
If success <> 1
Debug CkPrivateKey::ckLastErrorText(privKey)
CkCrypt2::ckDispose(crypt)
CkCert::ckDispose(cert)
CkPrivateKey::ckDispose(privKey)
ProcedureReturn
EndIf
; Set properties required for signing.
; Tell it to use the cert and private key we've loaded.
success = CkCrypt2::ckSetSigningCert2(crypt,cert,privKey)
If success <> 1
Debug CkCrypt2::ckLastErrorText(crypt)
CkCrypt2::ckDispose(crypt)
CkCert::ckDispose(cert)
CkPrivateKey::ckDispose(privKey)
ProcedureReturn
EndIf
; Indicate we want the opaque signature in base64 format:
CkCrypt2::setCkEncodingMode(crypt, "base64")
; Sign the string using the "utf-8" byte representation:
CkCrypt2::setCkCharset(crypt, "utf-8")
; Create the opaque signature:
originalData.s = "This is the string to be signed."
opaqueSig.s = CkCrypt2::ckOpaqueSignStringENC(crypt,originalData)
If CkCrypt2::ckLastMethodSuccess(crypt) <> 1
Debug CkCrypt2::ckLastErrorText(crypt)
CkCrypt2::ckDispose(crypt)
CkCert::ckDispose(cert)
CkPrivateKey::ckDispose(privKey)
ProcedureReturn
EndIf
Debug opaqueSig
; The output looks like this:
; MIIPgQYJKoZIhvcNAQcCoIIPcjCCD24CAQExCzAJBgUrDgMCGgUAMC8GCSqGSIb3DQEHAaAiBCBUaGlzIGlzIHRoZSBzdHJpbmcgdG8gYmUgc...
; ----------------------------------------------------------------------------------------------
; Now let's verify the signature and retrieve the original data.
; We'll use a new Crypt2 object to keep things completely separate...
vCrypt.i = CkCrypt2::ckCreate()
If vCrypt.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
CkCrypt2::setCkEncodingMode(vCrypt, "base64")
CkCrypt2::setCkCharset(vCrypt, "utf-8")
extractedData.s = CkCrypt2::ckOpaqueVerifyStringENC(vCrypt,opaqueSig)
If CkCrypt2::ckLastMethodSuccess(vCrypt) <> 1
Debug CkCrypt2::ckLastErrorText(vCrypt)
CkCrypt2::ckDispose(crypt)
CkCert::ckDispose(cert)
CkPrivateKey::ckDispose(privKey)
CkCrypt2::ckDispose(vCrypt)
ProcedureReturn
EndIf
Debug "The extracted data: " + extractedData
; The output is:
; The extracted data: This is the string to be signed.
CkCrypt2::ckDispose(crypt)
CkCert::ckDispose(cert)
CkPrivateKey::ckDispose(privKey)
CkCrypt2::ckDispose(vCrypt)
ProcedureReturn
EndProcedure