Sample code for 30+ languages & platforms
Tcl

IPS MX Signature - Digitally Sign MX Document

See more XML Digital Signatures Examples

Demonstrates how to digitally sign ISO 20022 SWIFT MX messages.

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# This example assumes the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

set success 1

# First create the XML to be signed, or load it from a file, or a string,

# To load XML from a file:
set xmlToSign [new_CkXml]

set success [CkXml_LoadXmlFile $xmlToSign "c:/someDir/mx_document.xml"]

# Or to load XML from a string
set success [CkXml_LoadXml $xmlToSign "..."]

# Or create the XML directly.
CkXml_Clear $xmlToSign

# Use this online tool to generate code from sample XML: 
# Generate Code to Create XML

CkXml_put_Tag $xmlToSign "DataPDU"
CkXml_AddAttribute $xmlToSign "xmlns" "urn:cma:stp:xsd:stp.1.0"
CkXml_UpdateAttrAt $xmlToSign "Body|AppHdr" 1 "xmlns" "urn:iso:std:iso:20022:tech:xsd:head.001.001.01"
CkXml_UpdateChildContent $xmlToSign "Body|AppHdr|Fr|FIId|FinInstnId|BICFI" "ZZZZZZZZ"
CkXml_UpdateChildContent $xmlToSign "Body|AppHdr|To|FIId|FinInstnId|BICFI" "YYYYYYYYYY"
CkXml_UpdateChildContent $xmlToSign "Body|AppHdr|BizMsgIdr" "ZZZZZZZZAXXX999999999999999999999"
CkXml_UpdateChildContent $xmlToSign "Body|AppHdr|MsgDefIdr" "pacs.008.001.08"
CkXml_UpdateChildContent $xmlToSign "Body|AppHdr|BizSvc" "IPS"
CkXml_UpdateChildContent $xmlToSign "Body|AppHdr|CreDt" "2017-09-13T18:18:00Z"
CkXml_UpdateAttrAt $xmlToSign "Body|Document" 1 "xmlns" "urn:iso:std:iso:20022:tech:xsd:pacs.008.001.08"
CkXml_UpdateChildContent $xmlToSign "Body|Document|FIToFICstmrCdtTrf|GrpHdr|MsgId" "ZZZZZZZZAXXX999999999999999999999"
CkXml_UpdateChildContent $xmlToSign "Body|Document|FIToFICstmrCdtTrf|GrpHdr|CreDtTm" "2017-09-13T18:18:00"
CkXml_UpdateChildContent $xmlToSign "Body|Document|FIToFICstmrCdtTrf|GrpHdr|NbOfTxs" "1"
CkXml_UpdateChildContent $xmlToSign "Body|Document|FIToFICstmrCdtTrf|GrpHdr|SttlmInf|SttlmMtd" "CLRG"
CkXml_UpdateChildContent $xmlToSign "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|PmtId|EndToEndId" "NOTPROVIDED"
CkXml_UpdateChildContent $xmlToSign "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|PmtId|TxId" "ZZZZZZZZAXXX999999999999999999999"
CkXml_UpdateChildContent $xmlToSign "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|PmtTpInf|ClrChanl" "RTNS"
CkXml_UpdateChildContent $xmlToSign "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|PmtTpInf|LclInstrm|Prtry" "CSCT"
CkXml_UpdateChildContent $xmlToSign "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|PmtTpInf|CtgyPurp|Prtry" "001"
CkXml_UpdateAttrAt $xmlToSign "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|IntrBkSttlmAmt" 1 "Ccy" "JOD"
CkXml_UpdateChildContent $xmlToSign "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|IntrBkSttlmAmt" "71.12"
CkXml_UpdateChildContent $xmlToSign "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|IntrBkSttlmDt" "2018-01-14"
CkXml_UpdateChildContent $xmlToSign "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|ChrgBr" "SLEV"
CkXml_UpdateChildContent $xmlToSign "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|InstgAgt|FinInstnId|BICFI" "ZZZZZZZZ"
CkXml_UpdateChildContent $xmlToSign "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|InstdAgt|FinInstnId|BICFI" "UBSIJOA0"
CkXml_UpdateChildContent $xmlToSign "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|Dbtr|Nm" "John Johnson"
CkXml_UpdateChildContent $xmlToSign "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|DbtrAcct|Id|IBAN" "JO22CITI00000000000555555555"
CkXml_UpdateChildContent $xmlToSign "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|DbtrAgt|FinInstnId|BICFI" "ZZZZZZZZ"
CkXml_UpdateChildContent $xmlToSign "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|DbtrAgt|FinInstnId|Othr|Id" "200004"
CkXml_UpdateChildContent $xmlToSign "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|DbtrAgt|FinInstnId|Othr|SchmeNm|Prtry" "1700099999"
CkXml_UpdateChildContent $xmlToSign "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|DbtrAgtAcct|Id|IBAN" "JO66CITI22222222222222222222"
CkXml_UpdateChildContent $xmlToSign "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|CdtrAgt|FinInstnId|BICFI" "UBSIJOA0"
CkXml_UpdateChildContent $xmlToSign "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|CdtrAgt|FinInstnId|Othr|Id" "210027"
CkXml_UpdateChildContent $xmlToSign "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|CdtrAgt|FinInstnId|Othr|SchmeNm|Prtry" "1400199999"
CkXml_UpdateChildContent $xmlToSign "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|CdtrAgtAcct|Id|IBAN" "JO44UBSI33333333333333333333"
CkXml_UpdateChildContent $xmlToSign "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|Cdtr|Nm" "Omega Jones"
CkXml_UpdateChildContent $xmlToSign "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|CdtrAcct|Id|IBAN" "JO95UBSI00000000000777777777"
CkXml_UpdateChildContent $xmlToSign "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|InstrForNxtAgt|InstrInf" "/BNF/Details"
CkXml_UpdateChildContent $xmlToSign "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|Purp|Prtry" "5814"
CkXml_UpdateChildContent $xmlToSign "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|RgltryRptg|Dtls|Inf" "SOMEINFORMATIONABOUTPAYMENT-1"
CkXml_UpdateChildContent $xmlToSign "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|RgltryRptg|Dtls|Inf[1]" "SOMEINFORMATIONABOUTPAYMENT-2"
CkXml_UpdateChildContent $xmlToSign "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|RgltryRptg|Dtls|Inf[2]" "SOMEINFORMATIONABOUTPAYMENT-3"
CkXml_UpdateChildContent $xmlToSign "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|Tax|Cdtr|TaxId" "9900083901"
CkXml_UpdateChildContent $xmlToSign "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|Tax|Dbtr|TaxId" "1000387561"
CkXml_UpdateChildContent $xmlToSign "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|RmtInf|Ustrd" "EDV UCUN ODENIR"
CkXml_UpdateChildContent $xmlToSign "Body|Document|FIToFICstmrCdtTrf|CdtTrfTxInf|RmtInf|Ustrd[1]" "EXTRA INFO"

# The following XML is to be signed:

# <?xml version="1.0" encoding="UTF-8"?>
# <DataPDU xmlns="urn:cma:stp:xsd:stp.1.0">
# 	<Body>
# 		<AppHdr xmlns="urn:iso:std:iso:20022:tech:xsd:head.001.001.01">
# 			<Fr>
# 				<FIId>
# 					<FinInstnId>
# 						<BICFI>ZZZZZZZZ</BICFI>
# 					</FinInstnId>
# 				</FIId>
# 			</Fr>
# 			<To>
# 				<FIId>
# 					<FinInstnId>
# 						<BICFI>YYYYYYYYYY</BICFI>
# 					</FinInstnId>
# 				</FIId>
# 			</To>
# 			<BizMsgIdr>ZZZZZZZZAXXX999999999999999999999</BizMsgIdr>
# 			<MsgDefIdr>pacs.008.001.08</MsgDefIdr>
# 			<BizSvc>IPS</BizSvc>
# 			<CreDt>2017-09-13T18:18:00Z</CreDt>
# 		</AppHdr>
# 		<Document xmlns="urn:iso:std:iso:20022:tech:xsd:pacs.008.001.08">
# 			<FIToFICstmrCdtTrf>
# 				<GrpHdr>
# 					<MsgId>ZZZZZZZZAXXX999999999999999999999</MsgId>
# 					<CreDtTm>2017-09-13T18:18:00</CreDtTm>
# 					<NbOfTxs>1</NbOfTxs>
# 					<SttlmInf>
# 						<SttlmMtd>CLRG</SttlmMtd>
# 					</SttlmInf>
# 				</GrpHdr>
# 				<CdtTrfTxInf>
# 					<PmtId>
# 						<EndToEndId>NOTPROVIDED</EndToEndId>
# 						<TxId>ZZZZZZZZAXXX999999999999999999999</TxId>
# 					</PmtId>
# 					<PmtTpInf>
# 						<ClrChanl>RTNS</ClrChanl>
# 						<LclInstrm>
# 							<Prtry>CSCT</Prtry>
# 						</LclInstrm>
# 						<CtgyPurp>
# 							<Prtry>001</Prtry>
# 						</CtgyPurp>
# 					</PmtTpInf>
# 					<IntrBkSttlmAmt Ccy="JOD">71.12</IntrBkSttlmAmt>
# 					<IntrBkSttlmDt>2018-01-14</IntrBkSttlmDt>
# 					<ChrgBr>SLEV</ChrgBr>
# 					<InstgAgt>
# 						<FinInstnId>
# 							<BICFI>ZZZZZZZZ</BICFI>
# 						</FinInstnId>
# 					</InstgAgt>
# 					<InstdAgt>
# 						<FinInstnId>
# 							<BICFI>UBSIJOA0</BICFI>
# 						</FinInstnId>
# 					</InstdAgt>
# 					<Dbtr>
# 						<Nm>John Johnson</Nm>
# 					</Dbtr>
# 					<DbtrAcct>
# 						<Id>
# 							<IBAN>JO22CITI00000000000555555555</IBAN>
# 						</Id>
# 					</DbtrAcct>
# 					<DbtrAgt>
# 						<FinInstnId>
# 							<BICFI>ZZZZZZZZ</BICFI>
# 							<Othr>
# 								<Id>200004</Id>
# 								<SchmeNm>
# 									<Prtry>1700089999</Prtry>
# 								</SchmeNm>
# 							</Othr>
# 						</FinInstnId>
# 					</DbtrAgt>
# 					<DbtrAgtAcct>
# 						<Id>
# 							<IBAN>JO66CITI22222222222222222222</IBAN>
# 						</Id>
# 					</DbtrAgtAcct>
# 					<CdtrAgt>
# 						<FinInstnId>
# 							<BICFI>UBSIJOA0</BICFI>
# 							<Othr>
# 								<Id>210027</Id>
# 								<SchmeNm>
# 									<Prtry>1400199999</Prtry>
# 								</SchmeNm>
# 							</Othr>
# 						</FinInstnId>
# 					</CdtrAgt>
# 					<CdtrAgtAcct>
# 						<Id>
# 							<IBAN>JO44UBSI33333333333333333333</IBAN>
# 						</Id>
# 					</CdtrAgtAcct>
# 					<Cdtr>
# 						<Nm>Omega Jones</Nm>
# 					</Cdtr>
# 					<CdtrAcct>
# 						<Id>
# 							<IBAN>JO95UBSI00000000000777777777</IBAN>
# 						</Id>
# 					</CdtrAcct>
# 					<InstrForNxtAgt>
# 						<InstrInf>/BNF/Details</InstrInf>
# 					</InstrForNxtAgt>
# 					<Purp>
# 						<Prtry>5814</Prtry>
# 					</Purp>
# 					<RgltryRptg>
# 						<Dtls>
# 							<Inf>SOMEINFORMATIONABOUTPAYMENT-1</Inf>
# 							<Inf>SOMEINFORMATIONABOUTPAYMENT-2</Inf>
# 							<Inf>SOMEINFORMATIONABOUTPAYMENT-3</Inf>
# 						</Dtls>
# 					</RgltryRptg>
# 					<Tax>
# 						<Cdtr>
# 							<TaxId>9900083901</TaxId>
# 						</Cdtr>
# 						<Dbtr>
# 							<TaxId>1000387561</TaxId>
# 						</Dbtr>
# 					</Tax>
# 					<RmtInf>
# 						<Ustrd>EDV UCUN ODENIR</Ustrd>
# 						<Ustrd>EXTRA INFO</Ustrd>
# 					</RmtInf>
# 				</CdtTrfTxInf>
# 			</FIToFICstmrCdtTrf>
# 		</Document>
# 	</Body>
# </DataPDU>

set gen [new_CkXmlDSigGen]

CkXmlDSigGen_put_SigLocation $gen "DataPDU|Body|AppHdr|Sgntr"
CkXmlDSigGen_put_SigLocationMod $gen 0
CkXmlDSigGen_put_SigNamespacePrefix $gen "ds"
CkXmlDSigGen_put_SigNamespaceUri $gen "http://www.w3.org/2000/09/xmldsig#"
CkXmlDSigGen_put_SignedInfoCanonAlg $gen "EXCL_C14N"
CkXmlDSigGen_put_SignedInfoDigestMethod $gen "sha256"

# Set the KeyInfoId before adding references..
CkXmlDSigGen_put_KeyInfoId $gen "_f9f2c543-e50a-4a50-bd91-50155d27f7e2"

# Create an Object to be added to the Signature.
set object1 [new_CkXml]

CkXml_put_Tag $object1 "xades:QualifyingProperties"
CkXml_AddAttribute $object1 "xmlns:xades" "http://uri.etsi.org/01903/v1.3.2#"
CkXml_UpdateAttrAt $object1 "xades:SignedProperties" 1 "Id" "_4ed8e0ed-f47c-4262-909b-0458532ce7aa-signedprops"
CkXml_UpdateChildContent $object1 "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningTime" "TO BE GENERATED BY CHILKAT"

CkXmlDSigGen_AddObject $gen "" [CkXml_getXml $object1] "" ""

# -------- Reference 1 --------
CkXmlDSigGen_AddSameDocRef $gen "_f9f2c543-e50a-4a50-bd91-50155d27f7e2" "sha256" "EXCL_C14N" "" ""

# -------- Reference 2 --------
CkXmlDSigGen_AddObjectRef $gen "_4ed8e0ed-f47c-4262-909b-0458532ce7aa-signedprops" "sha256" "EXCL_C14N" "" "http://uri.etsi.org/01903/v1.3.2#SignedProperties"

# -------- Reference 3 --------
CkXmlDSigGen_AddSameDocRef $gen "" "sha256" "EXCL_C14N" "" ""

# Provide a certificate + private key. (PFX password is test123)
set cert [new_CkCert]

set success [CkCert_LoadPfxFile $cert "qa_data/pfx/cert_test123.pfx" "test123"]
if {$success == 0} then {
    puts [CkCert_lastErrorText $cert]
    delete_CkXml $xmlToSign
    delete_CkXmlDSigGen $gen
    delete_CkXml $object1
    delete_CkCert $cert
    exit
}

CkXmlDSigGen_SetX509Cert $gen $cert 1

CkXmlDSigGen_put_KeyInfoType $gen "X509Data"
CkXmlDSigGen_put_X509Type $gen "IssuerSerial"

# Load XML to be signed...
set sbXml [new_CkStringBuilder]

CkXml_GetXmlSb $xmlToSign $sbXml

# Can alternatively use "CompactSignedXml"
CkXmlDSigGen_put_Behaviors $gen "IndentedSignature,LocalSigningTime"

# Sign the XML...
set success [CkXmlDSigGen_CreateXmlDSigSb $gen $sbXml]
if {$success == 0} then {
    puts [CkXmlDSigGen_lastErrorText $gen]
    delete_CkXml $xmlToSign
    delete_CkXmlDSigGen $gen
    delete_CkXml $object1
    delete_CkCert $cert
    delete_CkStringBuilder $sbXml
    exit
}

# -----------------------------------------------

# Save the signed XML to a file.
set success [CkStringBuilder_WriteFile $sbXml "qa_output/mx_signed.xml" "utf-8" 0]

puts [CkStringBuilder_getAsString $sbXml]

# ----------------------------------------
# Verify the signatures we just produced...
set verifier [new_CkXmlDSig]

set success [CkXmlDSig_LoadSignatureSb $verifier $sbXml]
if {$success == 0} then {
    puts [CkXmlDSig_lastErrorText $verifier]
    delete_CkXml $xmlToSign
    delete_CkXmlDSigGen $gen
    delete_CkXml $object1
    delete_CkCert $cert
    delete_CkStringBuilder $sbXml
    delete_CkXmlDSig $verifier
    exit
}

# Important: The above signature did not include the full X.509 certificate.
# You must call verifier.SetPublicKey to provide the public key of the certificate required for validation.

set verifyCert [new_CkCert]

set success [CkCert_LoadFromFile $verifyCert "qa_data/certs/cert_test123.cer"]
if {$success == 0} then {
    puts [CkCert_lastErrorText $verifyCert]
    delete_CkXml $xmlToSign
    delete_CkXmlDSigGen $gen
    delete_CkXml $object1
    delete_CkCert $cert
    delete_CkStringBuilder $sbXml
    delete_CkXmlDSig $verifier
    delete_CkCert $verifyCert
    exit
}

set pubKey [new_CkPublicKey]

CkCert_GetPublicKey $verifyCert $pubKey

CkXmlDSig_SetPublicKey $verifier $pubKey

set numSigs [CkXmlDSig_get_NumSignatures $verifier]
set verifyIdx 0
while {$verifyIdx < $numSigs} {
    CkXmlDSig_put_Selector $verifier $verifyIdx
    set verified [CkXmlDSig_VerifySignature $verifier 1]
    if {$verified != 1} then {
        puts [CkXmlDSig_lastErrorText $verifier]
        delete_CkXml $xmlToSign
        delete_CkXmlDSigGen $gen
        delete_CkXml $object1
        delete_CkCert $cert
        delete_CkStringBuilder $sbXml
        delete_CkXmlDSig $verifier
        delete_CkCert $verifyCert
        delete_CkPublicKey $pubKey
        exit
    }

    set verifyIdx [expr $verifyIdx + 1]
}
puts "All signatures were successfully verified."

delete_CkXml $xmlToSign
delete_CkXmlDSigGen $gen
delete_CkXml $object1
delete_CkCert $cert
delete_CkStringBuilder $sbXml
delete_CkXmlDSig $verifier
delete_CkCert $verifyCert
delete_CkPublicKey $pubKey