(Unicode C) FatturaPA XML Invoice Sign+Encrypt to P7M

Demonstrates how to create a CAdES BES signed + encrypted invoice.xml.p7m for the Italian FatturaPA exchange system.

Note: This example requires Chilkat v9.5.0.75 or greater.

Chilkat C/C++ Library Downloads
MS Visual C/C++ Linux/CentOS C/C++ Alpine Linux C/C++ MAC OS X C/C++	armhf/aarch64 C/C++ C++ Builder iOS C/C++ Android C/C++	Solaris C/C++ MinGW C/C++

#include <C_CkCrypt2W.h>
#include <C_CkCertW.h>
#include <C_CkJsonObjectW.h>

void ChilkatSample(void)
    {
    HCkCrypt2W crypt;
    const wchar_t *pfxPath;
    const wchar_t *pfxPassword;
    HCkCertW cert;
    BOOL success;
    HCkJsonObjectW jsonSignedAttrs;
    const wchar_t *inFile;
    const wchar_t *sigFile;
    HCkCertW encryptCert;

    // Note: Requires Chilkat v9.5.0.75 or greater.

    // This requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    crypt = CkCrypt2W_Create();

    // Use a digital certificate and private key from a PFX file (.pfx or .p12).
    pfxPath = L"qa_data/pfx/cert_test123.pfx";
    pfxPassword = L"test123";

    cert = CkCertW_Create();
    success = CkCertW_LoadPfxFile(cert,pfxPath,pfxPassword);
    if (success != TRUE) {
        wprintf(L"%s\n",CkCertW_lastErrorText(cert));
        CkCrypt2W_Dispose(crypt);
        CkCertW_Dispose(cert);
        return;
    }

    // Provide the signing cert (with associated private key).
    success = CkCrypt2W_SetSigningCert(crypt,cert);
    if (success != TRUE) {
        wprintf(L"%s\n",CkCrypt2W_lastErrorText(crypt));
        CkCrypt2W_Dispose(crypt);
        CkCertW_Dispose(cert);
        return;
    }

    // Indicate that SHA-256 should be used.
    CkCrypt2W_putHashAlgorithm(crypt,L"sha256");

    // Specify the signed attributes to be included.
    // (This is what makes it CAdES-BES compliant.)
    jsonSignedAttrs = CkJsonObjectW_Create();
    CkJsonObjectW_UpdateInt(jsonSignedAttrs,L"contentType",1);
    CkJsonObjectW_UpdateInt(jsonSignedAttrs,L"signingTime",1);
    CkJsonObjectW_UpdateInt(jsonSignedAttrs,L"messageDigest",1);
    CkJsonObjectW_UpdateInt(jsonSignedAttrs,L"signingCertificateV2",1);
    CkCrypt2W_putSigningAttributes(crypt,CkJsonObjectW_emit(jsonSignedAttrs));

    inFile = L"qa_data/xml/IT01234567890_11002.xml";
    sigFile = L"qa_data/fatturapa/signed.p7m";

    // Create the CAdES-BES signature, which contains the original data.
    success = CkCrypt2W_CreateP7M(crypt,inFile,sigFile);
    if (success == FALSE) {
        wprintf(L"%s\n",CkCrypt2W_lastErrorText(crypt));
        CkCrypt2W_Dispose(crypt);
        CkCertW_Dispose(cert);
        CkJsonObjectW_Dispose(jsonSignedAttrs);
        return;
    }

    // Now we'll encrypt what was signed using FatturaPA's certificate (from a PEM file)
    encryptCert = CkCertW_Create();
    success = CkCertW_LoadFromFile(encryptCert,L"qa_data/certs/fatturapa_cert.pem");
    if (success != TRUE) {
        wprintf(L"%s\n",CkCertW_lastErrorText(encryptCert));
        CkCrypt2W_Dispose(crypt);
        CkCertW_Dispose(cert);
        CkJsonObjectW_Dispose(jsonSignedAttrs);
        CkCertW_Dispose(encryptCert);
        return;
    }

    CkCrypt2W_putCryptAlgorithm(crypt,L"pki");

    success = CkCrypt2W_SetEncryptCert(crypt,encryptCert);
    if (success != TRUE) {
        wprintf(L"%s\n",CkCrypt2W_lastErrorText(crypt));
        CkCrypt2W_Dispose(crypt);
        CkCertW_Dispose(cert);
        CkJsonObjectW_Dispose(jsonSignedAttrs);
        CkCertW_Dispose(encryptCert);
        return;
    }

    // Indicate the underlying bulk encryption algorithm to be used:
    CkCrypt2W_putPkcs7CryptAlg(crypt,L"aes");
    CkCrypt2W_putKeyLength(crypt,128);

    // There's one last option that could be set.  If is the RSA encryption encryption/padding scheme. 
    // By default, RSAES_PKCS1-V1_5 is used.  If desired, the OaepPadding property could be set to TRUE to
    // use RSAES_OAEP.  (We'll leave it set at the default value of FALSE)
    CkCrypt2W_putOaepPadding(crypt,FALSE);

    // Everything is specified.  Encrypt the .p7m to create a new .p7m (which adds a layer of encryption around the opaque signature).
    // The output is PKCS7 in binary DER format.
    success = CkCrypt2W_CkEncryptFile(crypt,sigFile,L"qa_output/signed_and_encrypted.p7m");
    if (success != TRUE) {
        wprintf(L"%s\n",CkCrypt2W_lastErrorText(crypt));
        CkCrypt2W_Dispose(crypt);
        CkCertW_Dispose(cert);
        CkJsonObjectW_Dispose(jsonSignedAttrs);
        CkCertW_Dispose(encryptCert);
        return;
    }

    wprintf(L"Success.\n");


    CkCrypt2W_Dispose(crypt);
    CkCertW_Dispose(cert);
    CkJsonObjectW_Dispose(jsonSignedAttrs);
    CkCertW_Dispose(encryptCert);

    }