Chilkat HOME Android™ Classic ASP C C++ C# Mono C# .NET Core C# C# UWP/WinRT DataFlex Delphi ActiveX Delphi DLL Visual FoxPro Java Lianja MFC Objective-C Perl PHP ActiveX PHP Extension PowerBuilder PowerShell PureBasic CkPython Chilkat2-Python Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ Visual Basic 6.0 VB.NET VB.NET UWP/WinRT VBScript Xojo Plugin Node.js Excel Go
(MFC) Verify Opaque Signature and Retrieve Signing CertificatesDemonstrates how to verify a PCKS7 opaque digital signature (signed data), extract the original file/data, and then extract the certificate(s) that were used to sign.
#include <CkCrypt2.h> #include <CkBinData.h> #include <CkCert.h> #include <CkCertChain.h> void ChilkatSample(void) { CkString strOut; // This example assumes the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. CkCrypt2 crypt; // Verify a PKCS7 signed-data (opaque signature) file and extract the original content to a file. bool success = crypt.VerifyP7M("qa_data/p7m/opaqueSig.p7","qa_output/originalData.dat"); if (success != true) { strOut.append(crypt.lastErrorText()); strOut.append("\r\n"); SetDlgItemText(IDC_EDIT1,strOut.getUnicode()); return; } // Alternatively, we can do it in memory... CkBinData binData; success = binData.LoadFile("qa_data/p7m/opaqueSig.p7"); // Your app should check for success, but we'll skip the check for brevity.. // If verified, the signature is unwrapped and binData is replaced with the original data that was signed. success = crypt.OpaqueVerifyBd(binData); if (success != true) { strOut.append(crypt.lastErrorText()); strOut.append("\r\n"); SetDlgItemText(IDC_EDIT1,strOut.getUnicode()); return; } // For our testing, we signed some text, so we can get it from the binData.. strOut.append("Original Data:"); strOut.append("\r\n"); strOut.append(binData.getString("utf-8")); strOut.append("\r\n"); // After any method call that verifies a signature, the crypt object will contain the certificate(s) // that were used for signing (assuming the X.509 certs were available in the signature, which is typically the case). // Get the number of signing certificates, and get each.. int numCerts = crypt.get_NumSignerCerts(); int i = 0; while (i < numCerts) { CkCert *cert = crypt.GetSignerCert(i); strOut.append(cert->subjectDN()); strOut.append("\r\n"); delete cert; i = i + 1; } // We could also get the complete certificate chain of each signer cert, // assuming the certs in the chain of authentication to the trusted root // are available on the system, or provided to Chilkat by some other means // (such as via the XmlCertVault class, the TrustedRoots class, etc.) i = 0; while (i < numCerts) { CkCertChain *certChain = crypt.GetSignerCertChain(i); // You can examine the various properties and methods for certChain in the online // reference documentation... delete certChain; i = i + 1; } SetDlgItemText(IDC_EDIT1,strOut.getUnicode()); } |
© 2000-2022 Chilkat Software, Inc. All Rights Reserved.