Sample code for 30+ languages & platforms
Tcl

P7S - Access Signature Information (date/time, certificate used, etc.)

See more Digital Signatures Examples

Examine a PKCS7 signature (.p7s) and get information about it.

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# This requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

# First load the .p7s file into a BinData object..
set bd [new_CkBinData]

set success [CkBinData_LoadFile $bd "qa_data/p7s/sample.p7s"]
if {$success != 1} then {
    puts "Failed to load .p7s file."
    delete_CkBinData $bd
    exit
}

set crypt [new_CkCrypt2]

# Assuming this is a signature that contains the original data that was signed..
set success [CkCrypt2_OpaqueVerifyBd $crypt $bd]
if {$success == 0} then {
    puts [CkCrypt2_lastErrorText $crypt]
    delete_CkBinData $bd
    delete_CkCrypt2 $crypt
    exit
}

# Examine the last JSON data after signature verification..
set json [new_CkJsonObject]

CkCrypt2_GetLastJsonData $crypt $json

CkJsonObject_put_EmitCompact $json 0
puts [CkJsonObject_emit $json]

# Sample output...
# Go to http://tools.chilkat.io/jsonParse.cshtml
# and paste the JSON into the online form to generate JSON parsing code.

# {
#   "pkcs7": {
#     "verify": {
#       "digestAlgorithms": [
#         "sha256"
#       ],
#       "signerInfo": [
#         {
#           "cert": {
#             "serialNumber": "AAC5FC48C0FD8FBB",
#             "issuerCN": "AC ABCDEF RFB v5",
#             "issuerDN": "",
#             "digestAlgOid": "2.16.840.1.101.3.4.2.1",
#             "digestAlgName": "SHA-256"
#           },
#           "contentType": "1.2.840.113549.1.7.1",
#           "signingTime": "180607195054Z",
#           "messageDigest": "trzyxXbZ96z2M4mncyZ7BNMV4yIT92+5sS27Fu64iG8=",
#           "signingAlgOid": "1.2.840.113549.1.1.11",
#           "signerDigest": "trzyxXbZ96z2M4mncyZ7BNMV4yIT92+5sS27Fu64iG8="
#         },
#         {
#           "cert": {
#             "serialNumber": "324FB38ABD59723F",
#             "issuerCN": "AC ABCDEF RFB v5",
#             "issuerDN": "",
#             "digestAlgOid": "2.16.840.1.101.3.4.2.1",
#             "digestAlgName": "SHA-256"
#           },
#           "contentType": "1.2.840.113549.1.7.1",
#           "signingTime": "180608182517Z",
#           "messageDigest": "trzyxXbZ96z2M4mncyZ7BNMV4yIT92+5sS27Fu64iG8=",
#           "signingAlgOid": "1.2.840.113549.1.1.11",
#           "signerDigest": "trzyxXbZ96z2M4mncyZ7BNMV4yIT92+5sS27Fu64iG8="
#         }
#       ]
#     }
#   }
# }
# 

set dt [new_CkDateTime]

set i 0
set count_i [CkJsonObject_SizeOfArray $json "pkcs7.verify.digestAlgorithms"]
while {$i < $count_i} {
    CkJsonObject_put_I $json $i
    set strVal [CkJsonObject_stringOf $json "pkcs7.verify.digestAlgorithms[i]"]
    set i [expr $i + 1]
}
set i 0
set count_i [CkJsonObject_SizeOfArray $json "pkcs7.verify.signerInfo"]
while {$i < $count_i} {
    CkJsonObject_put_I $json $i
    set certSerialNumber [CkJsonObject_stringOf $json "pkcs7.verify.signerInfo[i].cert.serialNumber"]
    set certIssuerCN [CkJsonObject_stringOf $json "pkcs7.verify.signerInfo[i].cert.issuerCN"]
    set certIssuerDN [CkJsonObject_stringOf $json "pkcs7.verify.signerInfo[i].cert.issuerDN"]
    set certDigestAlgOid [CkJsonObject_stringOf $json "pkcs7.verify.signerInfo[i].cert.digestAlgOid"]
    set certDigestAlgName [CkJsonObject_stringOf $json "pkcs7.verify.signerInfo[i].cert.digestAlgName"]
    set contentType [CkJsonObject_stringOf $json "pkcs7.verify.signerInfo[i].contentType"]
    set signingTime [CkJsonObject_stringOf $json "pkcs7.verify.signerInfo[i].signingTime"]

    # The signingTime isin UTCTime format.
    # UTCTime values take the form of either "YYMMDDhhmm[ss]Z" or "YYMMDDhhmm[ss](+|-)hhmm"
    # Starting in Chilkat v9.5.0.77, the SetFromTimestamp method auto-recognizes the UTCTime format and parses it correctly.
    set success [CkDateTime_SetFromTimestamp $dt $signingTime]
    # To get the signingTime in other date/time formats, look at the online reference documentation for CkDateTime.
    # There are numerous methods such as GetAsDateTime, GetAsIso8601, GetAsUnixTime, GetAsRfc822, etc.

    set messageDigest [CkJsonObject_stringOf $json "pkcs7.verify.signerInfo[i].messageDigest"]
    set signingAlgOid [CkJsonObject_stringOf $json "pkcs7.verify.signerInfo[i].signingAlgOid"]
    set signerDigest [CkJsonObject_stringOf $json "pkcs7.verify.signerInfo[i].signerDigest"]
    set i [expr $i + 1]
}

# println crypt.LastErrorText;
puts "Success."

delete_CkBinData $bd
delete_CkCrypt2 $crypt
delete_CkJsonObject $json
delete_CkDateTime $dt