Sample code for 30+ languages & platforms
Tcl

Sign Mexico Pedimento

See more Misc Examples

Add a signature to a Mexico pedimento file.

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

# This is the contents before signing:

# 500|1|3621|4199800|400||
# 601|3621|4199800|400|IN|1||EKU9003173C9|EKU9003173C9FRNN09|1||
# 507|4199800|IM|2006-7888">
# 507|4199800|MS|2">
# 800|4199800|1">
# 801|M3621037.222|1|5|011|

# This is the contents after signing

# 500|1|3621|4199800|400||
# 601|3621|4199800|400|IN|1||EKU9003173C9|EKU9003173C9FRNN09|1||
# 507|4199800|IM|2006-7888">
# 507|4199800|MS|2">
# 800|4199800|1|fhP2Ker54D2+3+UZch23F0E72 .... 9qNSPIuAqpj524qLZbbA==|30001000000500003416|
# 801|M3621037.222|1|5|011|

# First create the text to be signed.
set bCRLF 1
set sb [new_CkStringBuilder]

# Use CRLF line endings.
CkStringBuilder_AppendLine $sb "500|1|3621|4199800|400||" $bCRLF
CkStringBuilder_AppendLine $sb "601|3621|4199800|400|IN|1||EKU9003173C9|EKU9003173C9FRNN09|1||" $bCRLF
CkStringBuilder_AppendLine $sb "507|4199800|IM|2006-7888">" $bCRLF
CkStringBuilder_AppendLine $sb "507|4199800|MS|2">" $bCRLF

# Generate the MD5 hash of what we have so far..
set md5_base64 [CkStringBuilder_getHash $sb "md5" "base64" "utf-8"]
puts "MD5 hash = $md5_base64"

# Complete the original file.
# After signing, we'll update the BASE64_SIGNATURE and CERT_SERIAL
CkStringBuilder_AppendLine $sb "800|4199800|1|BASE64_SIGNATURE|CERT_SERIAL|" $bCRLF
CkStringBuilder_AppendLine $sb "801|M3621037.222|1|5|011|" $bCRLF

# We're going to sign the MD5 hash using the private key.
set privKey [new_CkPrivateKey]

set success [CkPrivateKey_LoadAnyFormatFile $privKey "qa_data/certs/mexico_test/Certificados_de_Prueba/Certificados_Pruebas/Personas Morales/EKU9003173C9_20230517223532/CSD_EKU9003173C9_20230517223903/CSD_Sucursal_1_EKU9003173C9_20230517_223850.key" "12345678a"]
if {$success == 0} then {
    puts [CkPrivateKey_lastErrorText $privKey]
    delete_CkStringBuilder $sb
    delete_CkPrivateKey $privKey
    exit
}

# Generate the ASN.1 to be signed.

# <sequence>
#     <sequence>
#         <oid>1.2.840.113549.2.5</oid>
#         <null/>
#     </sequence>
#     <octets>SwxHfaJhG+N3pPqay6UzVA==</octets>
# </sequence>

set xml [new_CkXml]

CkXml_put_Tag $xml "sequence"
CkXml_UpdateChildContent $xml "sequence|oid" "1.2.840.113549.2.5"
CkXml_UpdateChildContent $xml "sequence|null" ""
CkXml_UpdateChildContent $xml "octets" $md5_base64

set asn [new_CkAsn]

CkAsn_LoadAsnXml $asn [CkXml_getXml $xml]
puts "ASN.1 = [CkAsn_getEncodedDer $asn base64]"

# Sign with the private key.
set rsa [new_CkRsa]

set success [CkRsa_UsePrivateKey $rsa $privKey]
if {$success == 0} then {
    puts [CkRsa_lastErrorText $rsa]
    delete_CkStringBuilder $sb
    delete_CkPrivateKey $privKey
    delete_CkXml $xml
    delete_CkAsn $asn
    delete_CkRsa $rsa
    exit
}

# Create the opaque signature.
set bdSig [new_CkBinData]

CkBinData_AppendEncoded $bdSig [CkAsn_getEncodedDer $asn "base64"] "base64"
set success [CkRsa_SignRawBd $rsa $bdSig]
if {$success == 0} then {
    puts [CkRsa_lastErrorText $rsa]
    delete_CkStringBuilder $sb
    delete_CkPrivateKey $privKey
    delete_CkXml $xml
    delete_CkAsn $asn
    delete_CkRsa $rsa
    delete_CkBinData $bdSig
    exit
}

# bd now contains the opaque signature, which embeds the ASN.1, which contains the MD5 hash.
# We're going to add this line:
# 800|4199800|1|BASE64_SIGNATURE|CERT_SERIAL_NUM|

set cert [new_CkCert]

set success [CkCert_LoadFromFile $cert "qa_data/certs/mexico_test/Certificados_de_Prueba/Certificados_Pruebas/Personas Morales/EKU9003173C9_20230517223532/CSD_EKU9003173C9_20230517223903/CSD_Sucursal_1_EKU9003173C9_20230517_223850.cer"]
if {$success == 0} then {
    puts [CkCert_lastErrorText $cert]
    delete_CkStringBuilder $sb
    delete_CkPrivateKey $privKey
    delete_CkXml $xml
    delete_CkAsn $asn
    delete_CkRsa $rsa
    delete_CkBinData $bdSig
    delete_CkCert $cert
    exit
}

set serialHex [CkCert_serialNumber $cert]
# The serial in hex form looks like this:   3330303031303030303030353030303033343136
# Decode to us-ascii.
set sbSerial [new_CkStringBuilder]

CkStringBuilder_DecodeAndAppend $sbSerial $serialHex "hex" "us-ascii"
puts "serial number in us-ascii: [CkStringBuilder_getAsString $sbSerial]"

set numReplaced [CkStringBuilder_Replace $sb "CERT_SERIAL" [CkStringBuilder_getAsString $sbSerial]]
set numReplaced [CkStringBuilder_Replace $sb "BASE64_SIGNATURE" [CkBinData_getEncoded $bdSig "base64"]]

puts "------------------------------------"
puts "Result:"
puts [CkStringBuilder_getAsString $sb]

delete_CkStringBuilder $sb
delete_CkPrivateKey $privKey
delete_CkXml $xml
delete_CkAsn $asn
delete_CkRsa $rsa
delete_CkBinData $bdSig
delete_CkCert $cert
delete_CkStringBuilder $sbSerial