(Ruby) Sign JSON (or any Text) to Create a Detached PKCS7 Signature

Demonstrates how to sign JSON or any string using a certificate + private key from a .p12/.pfx to create a detached PKCS7 signature. (A detached signature is one that does not embed the original signed data.)

Chilkat Ruby Downloads install from rubygems.org gem install chilkat or download... Ruby Library for Windows, MacOS, Linux, Alpine Linux

require 'chilkat'

# This example assumes the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

crypt = Chilkat::CkCrypt2.new()

cert = Chilkat::CkCert.new()
success = cert.LoadPfxFile("qa_data/pfx/cert_test123.pfx","test123")
if (success != true)
    print cert.lastErrorText() + "\n";
    exit
end

# Tell the crypt component to use this cert.
success = crypt.SetSigningCert(cert)
if (success != true)
    print crypt.lastErrorText() + "\n";
    exit
end

crypt.put_HashAlgorithm("sha256")

# By default, all the certs in the chain of authentication are included in the signature.
# If desired, we can choose to only include the signing certificate:
crypt.put_IncludeCertChain(false)

# Create the detached signature, which does NOT contain the original data.
# To create a PKCS7 signature that contains the original data, see CAdES Sign JSON
crypt.put_Charset("utf-8")
detachedSig = Chilkat::CkByteData.new()
stringToSign = "{ \"abc\": 123}"
success = crypt.SignString(stringToSign,detachedSig)
if (crypt.get_LastMethodSuccess() == false)
    print crypt.lastErrorText() + "\n";
    exit
end

# Verify the signature against the original data.
verified = crypt.VerifyString(stringToSign,detachedSig)
if (verified == false)
    print crypt.lastErrorText() + "\n";
    exit
end

print "Success!" + "\n";