Use Certificate and Private Key PEM Files to Create a Digital Signature

Demonstrates how to load a digital certificate from a PEM file, load it's corresponding private key from a PEM file, save the private key to a key container (if necessary), link the certificate to the key container, and use it to create a digital signature.

Download Chilkat Crypt ActiveX

uses
    Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
    Dialogs, StdCtrls,
    CHILKATCRYPT2Lib_TLB,
    CHILKATCERTIFICATELib_TLB,
    OleCtrls;

...

procedure TForm1.Button1Click(Sender: TObject);
var
cert: TChilkatCert;
pkey: CHILKATCERTIFICATELib_TLB.IPrivateKey;
success: Integer;
container: TKeyContainer;
needPrivateKeyAccess: Integer;
machineKeyset: Integer;
isKeyExchangePair: Integer;
bForSigning: Integer;
crypt: TChilkatCrypt2;

begin
cert := TChilkatCert.Create(Self);

//  Load the cert from a PEM file;
cert.LoadFromFile('cert.pem');

pkey := TprivateKey.Create(Self).ControlInterface;

//  Load the private key from an RSA PEM file:
pkey.LoadPemFile('pkey_rsa.pem');

//  If the "chilkat" key container does not already exist,
//  we'll create it and import the private key:
container := TKeyContainer.Create(Self);
needPrivateKeyAccess := 1;
machineKeyset := 0;
if (container.OpenContainer('chilkat',needPrivateKeyAccess,machineKeyset) = 0) then
  begin

    //  We need to create the key container and import
    //  the private key:
    success := container.CreateContainer('chilkat',machineKeyset);
    if (success = 1) then
      begin
        isKeyExchangePair := 0;
        success := container.ImportPrivateKey(pkey,isKeyExchangePair);
        if (success = 0) then
          begin
            Memo1.Lines.Add('Failed to import private key into key container');

          end;
      end
    else
      begin
        Memo1.Lines.Add('Failed to create key container');

      end;
  end;

//  At this point, the key container contains the private key.
//  Link the certificate with the key container:
bForSigning := 1;
success := cert.LinkPrivateKey('chilkat',machineKeyset,bForSigning);
if (success = 0) then
  begin
    Memo1.Lines.Add('Failed to link certificate with key container');

  end;

//  Use Chilkat Crypt (a non-freeware component) to create
//  a digital signature using the certificate w/ private key:
crypt := TChilkatCrypt2.Create(Self);

//  Any string argument automatically begins the 30-day trial.
success := crypt.UnlockComponent('30-day trial');
if (success <> 1) then
  begin
    ShowMessage('Crypt component unlock failed');

  end;

//  Tell the crypt component to use this cert.
crypt.SetSigningCert(cert.ControlInterface As CHILKATCRYPT2Lib_TLB.IChilkatCert);

//  We can sign any type of file, creating a .p7s as output:
success := crypt.CreateP7S('license.rtf','license.p7s');
if (success = 0) then
  begin
    ShowMessage(crypt.LastErrorText);

  end;
Memo1.Lines.Add(crypt.LastErrorText);

//  Verify and restore the original file:
crypt.SetVerifyCert(cert.ControlInterface As CHILKATCRYPT2Lib_TLB.IChilkatCert);

success := crypt.VerifyP7S('license.rtf','license.p7s');
if (success = 0) then
  begin
    ShowMessage(crypt.LastErrorText);

  end;

ShowMessage('Success!');

//  The Chilkat Certificate, Certificate Store, Private Key,
//  Public Key, and Key Container classes / objects are freeware.

//  They are used by and included with the Chilkat Email,
//  Crypt, S/MIME, and other commercial Chilkat components.

end;