PKCS7 SignedData Detached Signature

How to create a PKCS7 detached signature. The resulting PKCS7 structure is encoded to a printable string using hex or base64 encoding. The data being signed is not included in the PKCS#7 structure.

Download Chilkat Crypt ActiveX

LOCAL loCrypt
LOCAL lnSuccess
LOCAL loCert
LOCAL lnBHasPrivateKey
LOCAL lcStrData
LOCAL lcStrSignature

loCrypt = CreateObject('Chilkat.Crypt2')

*  Any string argument automatically begins the 30-day trial.

lnSuccess = loCrypt.UnlockComponent("30-day trial")
IF (lnSuccess <> 1) THEN
    =MESSAGEBOX("Crypt component unlock failed")
    QUIT
ENDIF

loCert = CreateObject('Chilkat.Cert')
lnSuccess = loCert.LoadByCommonName("Chilkat Software")
IF (lnSuccess <> 1) THEN
    =MESSAGEBOX(loCert.LastErrorText)
    QUIT
ENDIF

*  Make sure this certificate has a private key available:

lnBHasPrivateKey = loCert.HasPrivateKey()
IF (lnBHasPrivateKey <> 1) THEN
    =MESSAGEBOX("No private key available for signing.")
    QUIT
ENDIF

*  Tell the encryption component to use this cert.
loCrypt.SetSigningCert(loCert)

lcStrData = "This is the data to be signed."

*  Indicate that the PKCS7 signature should be returned
*  as a base64 encoded string:
loCrypt.EncodingMode = "base64"

*  The EncodingMode may be set to other values such as
*  "hex", "url", "quoted-printable", etc.

lcStrSignature = loCrypt.SignStringENC(lcStrData)

? lcStrSignature

*  Now verify the signature against the original data.

*  Tell the component what certificate to use for verification.
loCrypt.SetVerifyCert(loCert)

lnSuccess = loCrypt.VerifyStringENC(lcStrData,lcStrSignature)
IF (lnSuccess = 1) THEN
    =MESSAGEBOX("digital signature verified")
ELSE
    =MESSAGEBOX("digital signature invalid")
ENDIF

*  Try it with incorrect data:
lnSuccess = loCrypt.VerifyStringENC("This is not the signed data",lcStrSignature)
IF (lnSuccess = 1) THEN
    =MESSAGEBOX("digital signature verified")
ELSE
    =MESSAGEBOX("digital signature invalid")
ENDIF