Sample code for 30+ languages & platforms
Tcl

Create P7M Using Pre-Installed Windows Certificate

See more Digital Signatures Examples

Demonstrates how to sign a file creating a .p7m file as output. The .p7m contains the signed contents of the original file. It can be verified and restored by calling VerifyP7M.

This example is for Windows only. It automatically searches and locates the desired certificate in the Current User or Local Machine certificate stores. (The certificate must have been pre-installed on the Windows machine, and it must have the private key available. The private key can be located on a USB Authentication Token / Smart Card. If so, then Chilkat *should* automatically use the private key located on the device.)

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# This example assumes the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

set crypt [new_CkCrypt2]

set certSubjectCN "Matt"

set cert [new_CkCert]

# Locate and load the certificate by the common name (subject CN).
# This searches the Windows registry-based Current User and Local Machine
# certificate stores for the certificate.  
set success [CkCert_LoadByCommonName $cert $certSubjectCN]
if {$success != 1} then {
    puts "Failed to find certificate."
    delete_CkCrypt2 $crypt
    delete_CkCert $cert
    exit
}

# Make sure a private key is available.
if {[CkCert_HasPrivateKey $cert] != 1} then {
    puts "This certificate does not have a private key located in the Windows protected store, or on a USB device."
    delete_CkCrypt2 $crypt
    delete_CkCert $cert
    exit
}

# Specify the cert (and implicitly the private key) to be used for signing.
set success [CkCrypt2_SetSigningCert $crypt $cert]

# -----------------------------------------------------------------------------------------
# Also see Chilkat's online tool to examine a .p7m and generate code to duplicate the .p7m
# -----------------------------------------------------------------------------------------

# We can sign any type of file, creating a .p7m as output:
set inFile "qa_data/pdf/fishing.pdf"
set outputFile "qa_output/fishing.pdf.p7m"
set success [CkCrypt2_CreateP7M $crypt $inFile $outputFile]
if {$success != 1} then {
    puts [CkCrypt2_lastErrorText $crypt]
    delete_CkCrypt2 $crypt
    delete_CkCert $cert
    exit
}

# Verify and restore the original file:
set success [CkCrypt2_SetVerifyCert $crypt $cert]

set inFile $outputFile
set outputFile "qa_output/restored.pdf"

set success [CkCrypt2_VerifyP7M $crypt $inFile $outputFile]
if {$success == 0} then {
    puts [CkCrypt2_lastErrorText $crypt]
    delete_CkCrypt2 $crypt
    delete_CkCert $cert
    exit
}

puts "Success!"

delete_CkCrypt2 $crypt
delete_CkCert $cert