PKCS7 SignedData Signature (embeds Signed Data)

How to create a PKCS7 signature. The resulting PKCS7 structure is encoded to a printable string using hex or base64 encoding. The data being signed is embedded within the PKCS#7 structure.

Demonstrates how to verify the signature and recover the original data.

Download Chilkat Crypt ActiveX

LOCAL loCrypt
LOCAL lnSuccess
LOCAL loCert
LOCAL lnBHasPrivateKey
LOCAL lcStrData
LOCAL lcStrSignatureWithData
LOCAL lcOriginalData

loCrypt = CreateObject('Chilkat.Crypt2')

*  Any string argument automatically begins the 30-day trial.

lnSuccess = loCrypt.UnlockComponent("30-day trial")
IF (lnSuccess <> 1) THEN
    =MESSAGEBOX("Crypt component unlock failed")
    QUIT
ENDIF

loCert = CreateObject('Chilkat.Cert')
lnSuccess = loCert.LoadByCommonName("Chilkat Software")
IF (lnSuccess <> 1) THEN
    =MESSAGEBOX(loCert.LastErrorText)
    QUIT
ENDIF

*  Make sure this certificate has a private key available:

lnBHasPrivateKey = loCert.HasPrivateKey()
IF (lnBHasPrivateKey <> 1) THEN
    =MESSAGEBOX("No private key available for signing.")
    QUIT
ENDIF

*  Tell the encryption component to use this cert.
loCrypt.SetSigningCert(loCert)

lcStrData = "This is the data to be signed."

*  Indicate that the PKCS7 signature should be returned
*  as a base64 encoded string:
loCrypt.EncodingMode = "base64"

*  The EncodingMode may be set to other values such as
*  "hex", "url", "quoted-printable", etc.

lcStrSignatureWithData = loCrypt.OpaqueSignStringENC(lcStrData)

? lcStrSignatureWithData

*  Now verify the signature against the original data.

*  Tell the component what certificate to use for verification.
loCrypt.SetVerifyCert(loCert)

lcOriginalData = loCrypt.OpaqueVerifyStringENC(lcStrSignatureWithData)
IF (lcOriginalData = NULL ) THEN
    *  The signature verification failed.
    =MESSAGEBOX(loCrypt.LastErrorText)
ELSE
    ? lcOriginalData
    =MESSAGEBOX("Signature verified!")
ENDIF