Sample code for 30+ languages & platforms
Tcl

CoSign PKCS7/CMS Signed Data

See more Digital Signatures Examples

Demonstrates how to add a 2nd signature to a CMS SignedData. This is to add an additional signature, SignerInfo and certificate(s) to an existing CMS signed data.

In this example, we cosign an existing pdf.p7s

Note: The CoSign method is added in Chilkat v9.5.0.89.

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# This example assumes the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

set crypt [new_CkCrypt2]

set cert [new_CkCert]

# If loading from a smart card, set the smartcard PIN.
CkCert_put_SmartCardPin $cert "0000"

# Load a certificate in some way, such as from a smart card.
# Chilkat provides other methods to load from a .pfx, .pem, or from the Windows certificate stores..
set success [CkCert_LoadFromSmartcard $cert ""]
if {$success == 0} then {
    puts [CkCert_lastErrorText $cert]
    delete_CkCrypt2 $crypt
    delete_CkCert $cert
    exit
}

set success [CkCrypt2_SetSigningCert $crypt $cert]
if {$success == 0} then {
    puts [CkCrypt2_lastErrorText $crypt]
    delete_CkCrypt2 $crypt
    delete_CkCert $cert
    exit
}

# Load the file to be co-signed.
# NOTE:  This is to cosign a PDF file contained within a CMS (PKCS7) message.
# (In other words, the PDF is contained within the CMS SignedData, rather than the other way around
# where a CMS signature is contained within a PDF.  Use Chilkat's PDF class to sign a PDF, which is
# to embed a CMS signature within the PDF.)
set bd [new_CkBinData]

set success [CkBinData_LoadFile $bd "qa_data/p7s/cosign/sample.pdf.p7s"]
if {$success == 0} then {
    puts "Failed to load pdf.p7s input file."
    delete_CkCrypt2 $crypt
    delete_CkCert $cert
    delete_CkBinData $bd
    exit
}

# bd2 will contain the co-signed result.
set bd2 [new_CkBinData]

set success [CkCrypt2_CoSign $crypt $bd $cert $bd2]
if {$success == 0} then {
    puts [CkCrypt2_lastErrorText $crypt]
    delete_CkCrypt2 $crypt
    delete_CkCert $cert
    delete_CkBinData $bd
    delete_CkBinData $bd2
    exit
}

set success [CkBinData_WriteFile $bd "qa_output/cosigned.pdf.p7s"]
if {$success == 0} then {
    puts "Failed to save pdf.p7s output file."
    delete_CkCrypt2 $crypt
    delete_CkCert $cert
    delete_CkBinData $bd
    delete_CkBinData $bd2
    exit
}

puts "Success!"

delete_CkCrypt2 $crypt
delete_CkCert $cert
delete_CkBinData $bd
delete_CkBinData $bd2