Chilkat HOME .NET Core C# Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi ActiveX Delphi DLL Go Java Lianja Mono C# Node.js Objective-C PHP ActiveX PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(PureBasic) Verify Opaque Signature and Retrieve Signing CertificatesDemonstrates how to verify a PCKS7 opaque digital signature (signed data), extract the original file/data, and then extract the certificate(s) that were used to sign.
IncludeFile "CkBinData.pb" IncludeFile "CkCert.pb" IncludeFile "CkCertChain.pb" IncludeFile "CkCrypt2.pb" Procedure ChilkatExample() ; This example assumes the Chilkat API to have been previously unlocked. ; See Global Unlock Sample for sample code. crypt.i = CkCrypt2::ckCreate() If crypt.i = 0 Debug "Failed to create object." ProcedureReturn EndIf ; Verify a PKCS7 signed-data (opaque signature) file and extract the original content to a file. success.i = CkCrypt2::ckVerifyP7M(crypt,"qa_data/p7m/opaqueSig.p7","qa_output/originalData.dat") If success <> 1 Debug CkCrypt2::ckLastErrorText(crypt) CkCrypt2::ckDispose(crypt) ProcedureReturn EndIf ; Alternatively, we can do it in memory... binData.i = CkBinData::ckCreate() If binData.i = 0 Debug "Failed to create object." ProcedureReturn EndIf success = CkBinData::ckLoadFile(binData,"qa_data/p7m/opaqueSig.p7") ; Your app should check for success, but we'll skip the check for brevity.. ; If verified, the signature is unwrapped and binData is replaced with the original data that was signed. success = CkCrypt2::ckOpaqueVerifyBd(crypt,binData) If success <> 1 Debug CkCrypt2::ckLastErrorText(crypt) CkCrypt2::ckDispose(crypt) CkBinData::ckDispose(binData) ProcedureReturn EndIf ; For our testing, we signed some text, so we can get it from the binData.. Debug "Original Data:" Debug CkBinData::ckGetString(binData,"utf-8") ; After any method call that verifies a signature, the crypt object will contain the certificate(s) ; that were used for signing (assuming the X.509 certs were available in the signature, which is typically the case). ; Get the number of signing certificates, and get each.. numCerts.i = CkCrypt2::ckNumSignerCerts(crypt) i.i = 0 While i < numCerts cert.i = CkCrypt2::ckGetSignerCert(crypt,i) Debug CkCert::ckSubjectDN(cert) CkCert::ckDispose(cert) i = i + 1 Wend ; We could also get the complete certificate chain of each signer cert, ; assuming the certs in the chain of authentication to the trusted root ; are available on the system, or provided to Chilkat by some other means ; (such as via the XmlCertVault class, the TrustedRoots class, etc.) i = 0 While i < numCerts certChain.i = CkCrypt2::ckGetSignerCertChain(crypt,i) ; You can examine the various properties and methods for certChain in the online ; reference documentation... CkCertChain::ckDispose(certChain) i = i + 1 Wend CkCrypt2::ckDispose(crypt) CkBinData::ckDispose(binData) ProcedureReturn EndProcedure |
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.