Sample code for 30+ languages & platforms
PureBasic

RSASSA-PSS Sign String to Create Base64 PCKS7 Signature

See more Digital Signatures Examples

Signs a string to create a PKCS7 signature in the base64 encoding. The signature algorithm is RSASSA-PSS with SHA256.

Chilkat PureBasic Downloads

PureBasic
IncludeFile "CkCert.pb"
IncludeFile "CkPfx.pb"
IncludeFile "CkCrypt2.pb"

Procedure ChilkatExample()

    success.i = 0

    ; This example requires the Chilkat API to have been previously unlocked.
    ; See Global Unlock Sample for sample code.

    crypt.i = CkCrypt2::ckCreate()
    If crypt.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    ; Get a digital certificate with private key from a .pfx
    ; (Chilkat has many different ways to provide a cert + private key for siging.
    ; Using a PFX is just one possible option.)
    pfx.i = CkPfx::ckCreate()
    If pfx.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success = CkPfx::ckLoadPfxFile(pfx,"qa_data/rsassa-pss/privatekey.pfx","PFX_PASSWORD")
    If success = 0
        Debug CkPfx::ckLastErrorText(pfx)
        CkCrypt2::ckDispose(crypt)
        CkPfx::ckDispose(pfx)
        ProcedureReturn
    EndIf

    ; Get the certificate to be used for signing.
    ; (The typical case for a PFX is that it contains a cert with an associated private key,
    ; as well as other certificates in the chain of authentication.  The cert with the private
    ; key should be in the first position at index 0.)

    cert.i = CkCert::ckCreate()
    If cert.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success = CkPfx::ckCertAt(pfx,0,cert)
    If success = 0
        Debug CkPfx::ckLastErrorText(pfx)
        CkCrypt2::ckDispose(crypt)
        CkPfx::ckDispose(pfx)
        CkCert::ckDispose(cert)
        ProcedureReturn
    EndIf

    CkCrypt2::ckSetSigningCert(crypt,cert)

    ; Indicate that RSASSA-PSS with SHA256 should be used.
    CkCrypt2::setCkSigningAlg(crypt, "pss")
    CkCrypt2::setCkHashAlgorithm(crypt, "sha256")

    CkCrypt2::setCkEncodingMode(crypt, "base64")

    ; Sign a string and return the base64 PKCS7 detached signature
    originalText.s = "This is a test"
    pkcs7sig.s = CkCrypt2::ckSignStringENC(crypt,originalText)
    Debug "Detached Signature:"
    Debug pkcs7sig

    ; This signature looks like this:
    ; MIIG5wYJKoZIhvcNAQcCoIIG2DCCBtQCAQExDzANBgl .. YToLqEwTdU87ox5g7rvw==

    ; The ASN.1 of the signature can be examined by browsing to https://lapo.it/asn1js/ ,
    ; then copy-and-paste the Base64 signature into the form and decode..

    ; The signature can be verified against the original data like this:
    success = CkCrypt2::ckVerifyStringENC(crypt,originalText,pkcs7sig)
    Debug "Signature verified: " + Str(success)
    success = CkCrypt2::ckVerifyStringENC(crypt,"Not the original text",pkcs7sig)
    Debug "Signature verified: " + Str(success)

    ; Now we'll create an opaque signature (the opposite of a detached signature). 
    ; An opaque signature is a PKCS7 message that contains both the original data and
    ; the signature.  The verification process extracts the original data.
    opaqueSig.s = CkCrypt2::ckOpaqueSignStringENC(crypt,originalText)
    Debug "Opaque Signature:"
    Debug opaqueSig

    ; The ASN.1 of the signature can be examined by browsing to https://lapo.it/asn1js/ ,
    ; then copy-and-paste the Base64 signature into the form and decode..

    ; We can verify and extract the original data:
    origTxt.s = CkCrypt2::ckOpaqueVerifyStringENC(crypt,opaqueSig)
    If CkCrypt2::ckLastMethodSuccess(crypt) <> 1
        Debug "Signature verification failed."
        Debug CkCrypt2::ckLastErrorText(crypt)
        CkCrypt2::ckDispose(crypt)
        CkPfx::ckDispose(pfx)
        CkCert::ckDispose(cert)
        ProcedureReturn
    EndIf

    Debug "Signature verified."
    Debug "Extracted text:" + origTxt


    CkCrypt2::ckDispose(crypt)
    CkPfx::ckDispose(pfx)
    CkCert::ckDispose(cert)


    ProcedureReturn
EndProcedure