Use Certificate and Private Key PEM Files to Create a Digital Signature

Demonstrates how to load a digital certificate from a PEM file, load it's corresponding private key from a PEM file, save the private key to a key container (if necessary), link the certificate to the key container, and use it to create a digital signature.

Download Chilkat Java Library

import com.chilkatsoft.*;

public class ChilkatExample {

  static {
    try {
        System.loadLibrary("chilkat");
    } catch (UnsatisfiedLinkError e) {
      System.err.println("Native code library failed to load.\n" + e);
      System.exit(1);
    }
  }

  public static void main(String argv[])
  {
    CkCert cert = new CkCert();

    //  Load the cert from a PEM file;
    cert.LoadFromFile("cert.pem");

    CkPrivateKey pkey = new CkPrivateKey();

    //  Load the private key from an RSA PEM file:
    pkey.LoadPemFile("pkey_rsa.pem");

    boolean success;

    //  If the "chilkat" key container does not already exist,
    //  we'll create it and import the private key:
    CkKeyContainer container = new CkKeyContainer();
    boolean needPrivateKeyAccess;
    needPrivateKeyAccess = true;
    boolean machineKeyset;
    machineKeyset = false;
    if (container.OpenContainer("chilkat",needPrivateKeyAccess,machineKeyset) == false) {

        //  We need to create the key container and import
        //  the private key:
        success = container.CreateContainer("chilkat",machineKeyset);
        if (success == true) {
            boolean isKeyExchangePair;
            isKeyExchangePair = false;
            success = container.ImportPrivateKey(pkey,isKeyExchangePair);
            if (success == false) {
                System.out.println("Failed to import private key into key container");
                return;
            }

        }
        else {
            System.out.println("Failed to create key container");
            return;
        }

    }

    //  At this point, the key container contains the private key.
    //  Link the certificate with the key container:
    boolean bForSigning;
    bForSigning = true;
    success = cert.LinkPrivateKey("chilkat",machineKeyset,bForSigning);
    if (success == false) {
        System.out.println("Failed to link certificate with key container");
        return;
    }

    //  Use Chilkat Crypt (a non-freeware component) to create
    //  a digital signature using the certificate w/ private key:
    CkCrypt2 crypt = new CkCrypt2();

    //  Any string argument automatically begins the 30-day trial.

    success = crypt.UnlockComponent("30-day trial");
    if (success != true) {
        System.out.println("Crypt component unlock failed");
        return;
    }

    //  Tell the crypt component to use this cert.
    crypt.SetSigningCert(cert);

    //  We can sign any type of file, creating a .p7s as output:
    success = crypt.CreateP7S("license.rtf","license.p7s");
    if (success == false) {
        System.out.println(crypt.lastErrorText());

        return;
    }

    System.out.println(crypt.lastErrorText());

    //  Verify and restore the original file:
    crypt.SetVerifyCert(cert);

    success = crypt.VerifyP7S("license.rtf","license.p7s");
    if (success == false) {
        System.out.println(crypt.lastErrorText());

        return;
    }

    System.out.println("Success!");

    //  The Chilkat Certificate, Certificate Store, Private Key,
    //  Public Key, and Key Container classes / objects are freeware.

    //  They are used by and included with the Chilkat Email,
    //  Crypt, S/MIME, and other commercial Chilkat components.

  }
}