|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(Tcl) Create EBICS Signature (XMLDSIG)See more EBICS ExamplesDemonstrates how to create an EBICS signature. (EBICS is the Electronic Banking Internet Communication Standard) Note: This example requires Chilkat v9.5.0.88 or above.
load ./chilkat.dll # This example assumes the Chilkat API to have been previously unlocked. # See Global Unlock Sample for sample code. # This is the sample XML to be signed: # <?xml version="1.0" encoding="UTF-8"?> # <ebicsRequest # xmlns="urn:org:ebics:H005" # xmlns:ds="http://www.w3.org/2000/09/xmldsig#" # xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" # xsi:schemaLocation="urn:org:ebics:H005 ebics_request_H005.xsd" # Version="H005" Revision="1"> # <header authenticate="true"> # <static> # <HostID>EBIXHOST</HostID> # <Nonce>BDA2312973890654FAC9879A89794E65</Nonce> # <Timestamp>2005-01-30T15:30:45.123Z</Timestamp> # <PartnerID>CUSTM001</PartnerID> # <UserID>USR100</UserID> # <Product Language="en" InstituteID="Institute ID">Product Identifier</Product> # <OrderDetails> # <AdminOrderType>BTU</AdminOrderType> # <BTUOrderParams> # <Service> # <ServiceName>SCT</ServiceName> # <MsgName>pain.001</MsgName> # </Service> # </BTUOrderParams> # </OrderDetails> # <BankPubKeyDigests> # <Authentication Version="X002" Algorithm="http://www.w3.org/2001/04/xmlenc#sha256">1H/rQr2Axe9hYTV2n/tCp+3UIQQ=</Authentication> # <Encryption Version="E002" Algorithm="http://www.w3.org/2001/04/xmlenc#sha256">2lwiueWOIER823jSoiOkjl+woeI=</Encryption> # </BankPubKeyDigests> # <SecurityMedium>0000</SecurityMedium> # <NumSegments>2</NumSegments> # </static> # <mutable> # <TransactionPhase>Initialisation</TransactionPhase> # </mutable> # </header> # <body> # <PreValidation authenticate="true"> # <DataDigest SignatureVersion="A006"> MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI=</DataDigest> # </PreValidation> # <DataTransfer> # <DataEncryptionInfo authenticate="true"> # <EncryptionPubKeyDigest Version="E002" Algorithm="http://www.w3.org/2001/04/xmlenc#sha256">..here hash value of the public bank key for encryption..</EncryptionPubKeyDigest> # <TransactionKey>EIGI4En6KEB6ArEzw+iq4N1wm6EptcyxXxStA...</TransactionKey> # <HostID>EBIXHOST</HostID> # </DataEncryptionInfo> # <SignatureData authenticate="true">n6KEB6ArEzw+iq4N1wm6EptcyxXxStAO...</SignatureData> # <DataDigest SignatureVersion="A006"> MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI=</DataDigest> # </DataTransfer> # </body> # </ebicsRequest> # Load the above XML from a file. set sbXml [new_CkStringBuilder] set success [CkStringBuilder_LoadFile $sbXml "qa_data/xml_dsig/ebics/fileToSign.xml" "utf-8"] if {$success == 0} then { puts "Failed to load XML input file." delete_CkStringBuilder $sbXml exit } set gen [new_CkXmlDSigGen] # We're going to insert the signature between the </header> and the <body> CkXmlDSigGen_put_SigLocation $gen "ebicsRequest|header" # Set the SigLocationMod = 1 to insert *after* the SigLocation CkXmlDSigGen_put_SigLocationMod $gen 1 # We wish to use "ds" for the namespace.. CkXmlDSigGen_put_SigNamespacePrefix $gen "ds" CkXmlDSigGen_put_SigNamespaceUri $gen "http://www.w3.org/2000/09/xmldsig#" # Specify canonicalization and hash algorithms CkXmlDSigGen_put_SignedInfoCanonAlg $gen "C14N" CkXmlDSigGen_put_SignedInfoDigestMethod $gen "sha256" # Add the reference. # For EBICS signatures, we pass the special keyword "EBICS" in the 1st argument. # This tells Chilkat to create the reference using URI="#xpointer(//*[@authenticate='true'])" # The "EBICS" keyword was introduced in Chilkat v9.5.0.88. CkXmlDSigGen_AddSameDocRef $gen "EBICS" "sha256" "C14N" "" "" # Provide our certificate + private key. (PFX password is test123) # (You'll use your own certificate, which can be loaded from many different sources by Chilkat, including smart cards.) set cert [new_CkCert] set success [CkCert_LoadPfxFile $cert "qa_data/pfx/cert_test123.pfx" "test123"] if {$success == 0} then { puts [CkCert_lastErrorText $cert] delete_CkStringBuilder $sbXml delete_CkXmlDSigGen $gen delete_CkCert $cert exit } set success [CkXmlDSigGen_SetX509Cert $gen $cert 1] if {$success == 0} then { puts [CkXmlDSigGen_lastErrorText $gen] delete_CkStringBuilder $sbXml delete_CkXmlDSigGen $gen delete_CkCert $cert exit } # We don't want a KeyInfo to be included. CkXmlDSigGen_put_KeyInfoType $gen "None" # Request an indented signature for readability. # This can be removed after debugging (for a more compact signature). CkXmlDSigGen_put_Behaviors $gen "IndentedSignature" # Sign the XML. set success [CkXmlDSigGen_CreateXmlDSigSb $gen $sbXml] if {$success == 0} then { puts [CkXmlDSigGen_lastErrorText $gen] delete_CkStringBuilder $sbXml delete_CkXmlDSigGen $gen delete_CkCert $cert exit } # This is the XML with the EBICS signature added: # <?xml version="1.0" encoding="UTF-8"?> # <ebicsRequest # xmlns="urn:org:ebics:H005" # xmlns:ds="http://www.w3.org/2000/09/xmldsig#" # xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" # xsi:schemaLocation="urn:org:ebics:H005 ebics_request_H005.xsd" # Version="H005" Revision="1"> # <header authenticate="true"> # <static> # <HostID>EBIXHOST</HostID> # <Nonce>BDA2312973890654FAC9879A89794E65</Nonce> # <Timestamp>2005-01-30T15:30:45.123Z</Timestamp> # <PartnerID>CUSTM001</PartnerID> # <UserID>USR100</UserID> # <Product Language="en" InstituteID="Institute ID">Product Identifier</Product> # <OrderDetails> # <AdminOrderType>BTU</AdminOrderType> # <BTUOrderParams> # <Service> # <ServiceName>SCT</ServiceName> # <MsgName>pain.001</MsgName> # </Service> # </BTUOrderParams> # </OrderDetails> # <BankPubKeyDigests> # <Authentication Version="X002" Algorithm="http://www.w3.org/2001/04/xmlenc#sha256">1H/rQr2Axe9hYTV2n/tCp+3UIQQ=</Authentication> # <Encryption Version="E002" Algorithm="http://www.w3.org/2001/04/xmlenc#sha256">2lwiueWOIER823jSoiOkjl+woeI=</Encryption> # </BankPubKeyDigests> # <SecurityMedium>0000</SecurityMedium> # <NumSegments>2</NumSegments> # </static> # <mutable> # <TransactionPhase>Initialisation</TransactionPhase> # </mutable> # </header><AuthSignature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> # <ds:SignedInfo> # <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> # <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> # <ds:Reference URI="#xpointer(//*[@authenticate='true'])"> # <ds:Transforms> # <ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> # </ds:Transforms> # <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> # <ds:DigestValue>jjLD90BedcIVxFENHse6pOnRubVUlHpKjXUF5BUd00k=</ds:DigestValue> # </ds:Reference> # </ds:SignedInfo> # <ds:SignatureValue>TlVgCXGf+3kKZ4LLwqxKoMaDZSBdiDRcGpdKB+tFZ7MZse9jDqtCai7PxcvRLC7yRGRj3XWrAB6IVqXh6tXGqiAtRfa7XjezvJTmUdMEJ3hTEgKqm7cKjjZX5C+lN5XTJghOy0X1bZBl/NBJu/aqY9s8PKsD5Cpm8bFkl2ReBBTCTSF5CRK3XZr+fvWuUX2sFrFS5UDXG8/cmhaKHT15LBOJgYuLYr80dtL251Jy20rIJ5KK8xUz9gpexE61Y/ml6mUPLm8YgdACRdNvCOPRLjCqYwFbnfgaVO6MtSRG819rWyNtBhqVxdzbntiV1UobKbwFiJ1LMMHF0NCo2LGLCw==</ds:SignatureValue> # </AuthSignature> # <body> # <PreValidation authenticate="true"> # <DataDigest SignatureVersion="A006"> MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI=</DataDigest> # </PreValidation> # <DataTransfer> # <DataEncryptionInfo authenticate="true"> # <EncryptionPubKeyDigest Version="E002" Algorithm="http://www.w3.org/2001/04/xmlenc#sha256">..here hash value of the public bank key for encryption..</EncryptionPubKeyDigest> # <TransactionKey>EIGI4En6KEB6ArEzw+iq4N1wm6EptcyxXxStA...</TransactionKey> # <HostID>EBIXHOST</HostID> # </DataEncryptionInfo> # <SignatureData authenticate="true">n6KEB6ArEzw+iq4N1wm6EptcyxXxStAO...</SignatureData> # <DataDigest SignatureVersion="A006"> MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI=</DataDigest> # </DataTransfer> # </body> # </ebicsRequest> puts "Here's the EBICS signed XML:" puts [CkStringBuilder_getAsString $sbXml] puts "----" # Verify the signature we just produced... set verifier [new_CkXmlDSig] set success [CkXmlDSig_LoadSignatureSb $verifier $sbXml] if {$success == 0} then { puts [CkXmlDSig_lastErrorText $verifier] delete_CkStringBuilder $sbXml delete_CkXmlDSigGen $gen delete_CkCert $cert delete_CkXmlDSig $verifier exit } # The signature has no KeyInfo, so we must externally provide the key. # pubKey is a CkPublicKey set pubKey [CkCert_ExportPublicKey $cert] set success [CkXmlDSig_SetPublicKey $verifier $pubKey] if {$success == 0} then { puts [CkXmlDSig_lastErrorText $verifier] delete_CkPublicKey $pubKey delete_CkStringBuilder $sbXml delete_CkXmlDSigGen $gen delete_CkCert $cert delete_CkXmlDSig $verifier exit } delete_CkPublicKey $pubKey set success [CkXmlDSig_VerifySignature $verifier 1] if {$success == 0} then { puts [CkXmlDSig_lastErrorText $verifier] delete_CkStringBuilder $sbXml delete_CkXmlDSigGen $gen delete_CkCert $cert delete_CkXmlDSig $verifier exit } puts "EBICS signature verified." delete_CkStringBuilder $sbXml delete_CkXmlDSigGen $gen delete_CkCert $cert delete_CkXmlDSig $verifier |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.