PureBasic
PureBasic
PKCS11 Sign PDF using Certificate and Private Key on Smart Card / USB Token
See more PKCS11 Examples
Sample code showing how to use PKCS11 to sign a PDF with a certificate and private key stored on a smart card or USB token.Note: This example requires Chilkat v9.5.0.96 or later.
Chilkat PureBasic Downloads
IncludeFile "CkPkcs11.pb"
IncludeFile "CkCert.pb"
IncludeFile "CkPdf.pb"
IncludeFile "CkJsonObject.pb"
Procedure ChilkatExample()
success.i = 0
; This example requires the Chilkat API to have been previously unlocked.
; See Global Unlock Sample for sample code.
; Note: Chilkat's PKCS11 implementation runs on Windows, Linux, Mac OS X, and other supported operating systems.
pkcs11.i = CkPkcs11::ckCreate()
If pkcs11.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
CkPkcs11::setCkSharedLibPath(pkcs11, "C:/Program Files (x86)/Gemalto/IDGo 800 PKCS#11/IDPrimePKCS1164.dll")
pin.s = "0000"
userType.i = 1
; Establish a PKCS11 logged-on session using the driver (.so, .dylib, or .dll) as specified in the SharedLibPath above.
success = CkPkcs11::ckQuickSession(pkcs11,userType,pin)
If success = 0
Debug CkPkcs11::ckLastErrorText(pkcs11)
CkPkcs11::ckDispose(pkcs11)
ProcedureReturn
EndIf
; Get the certificate (on the smart card) that has a private key.
; There are other ways to locate a certificate on the HSM.
; This example assumes there is a single certificate w/ private key.
cert.i = CkCert::ckCreate()
If cert.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
success = CkPkcs11::ckFindCert(pkcs11,"privateKey","",cert)
If success = 1
Debug "Cert with private key: " + CkCert::ckSubjectCN(cert)
Else
Debug "No certificates having a private key were found."
success = CkPkcs11::ckCloseSession(pkcs11)
CkPkcs11::ckDispose(pkcs11)
CkCert::ckDispose(cert)
ProcedureReturn
EndIf
; --------------------------------------------------------------------------
; At this point, we have the cert to be used for signing.
; Our PDF signing code is the same as for a cert obtained from any other source..
pdf.i = CkPdf::ckCreate()
If pdf.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
; Load a PDF to be signed.
success = CkPdf::ckLoadFile(pdf,"qa_data/pdf/hello.pdf")
If success = 0
Debug CkPdf::ckLastErrorText(pdf)
success = CkPkcs11::ckCloseSession(pkcs11)
CkPkcs11::ckDispose(pkcs11)
CkCert::ckDispose(cert)
CkPdf::ckDispose(pdf)
ProcedureReturn
EndIf
json.i = CkJsonObject::ckCreate()
If json.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
CkJsonObject::ckUpdateInt(json,"page",1)
CkJsonObject::ckUpdateString(json,"appearance.y","top")
CkJsonObject::ckUpdateString(json,"appearance.x","left")
CkJsonObject::ckUpdateString(json,"appearance.fontScale","10.0")
CkJsonObject::ckUpdateString(json,"signingAlgorithm","pss")
CkJsonObject::ckUpdateString(json,"hashAlgorithm","sha256")
i.i = 0
CkJsonObject::setCkI(json, i)
CkJsonObject::ckUpdateString(json,"appearance.text[i]","Digitaly signed by: Xyz Widgets, Inc.")
i = i + 1
CkJsonObject::setCkI(json, i)
CkJsonObject::ckUpdateString(json,"appearance.text[i]","current_dt")
i = i + 1
CkJsonObject::setCkI(json, i)
CkJsonObject::ckUpdateString(json,"appearance.text[i]","blah blah blah")
; The certificate is internally linked to the Pkcs11 object, which is currently in an authenticated session.
success = CkPdf::ckSetSigningCert(pdf,cert)
success = CkPdf::ckSignPdf(pdf,json,"qa_output/out.pdf")
If success = 0
Debug CkPdf::ckLastErrorText(pdf)
success = CkPkcs11::ckCloseSession(pkcs11)
CkPkcs11::ckDispose(pkcs11)
CkCert::ckDispose(cert)
CkPdf::ckDispose(pdf)
CkJsonObject::ckDispose(json)
ProcedureReturn
EndIf
; --------------------------------------------------------------------------
; Revert to an unauthenticated session by calling Logout.
success = CkPkcs11::ckLogout(pkcs11)
If success = 0
Debug CkPkcs11::ckLastErrorText(pkcs11)
success = CkPkcs11::ckCloseSession(pkcs11)
CkPkcs11::ckDispose(pkcs11)
CkCert::ckDispose(cert)
CkPdf::ckDispose(pdf)
CkJsonObject::ckDispose(json)
ProcedureReturn
EndIf
; When finished, close the session.
; It is important to close the session (memory leaks will occur if the session is not properly closed).
success = CkPkcs11::ckCloseSession(pkcs11)
If success = 0
Debug CkPkcs11::ckLastErrorText(pkcs11)
CkPkcs11::ckDispose(pkcs11)
CkCert::ckDispose(cert)
CkPdf::ckDispose(pdf)
CkJsonObject::ckDispose(json)
ProcedureReturn
EndIf
Debug "Success."
CkPkcs11::ckDispose(pkcs11)
CkCert::ckDispose(cert)
CkPdf::ckDispose(pdf)
CkJsonObject::ckDispose(json)
ProcedureReturn
EndProcedure