Create .p7s Signature with HSM / Smartcard

C++ example showing how to use a CSP (Cryptographic Service Provider) for a smart card / HSM (Hardware Security Module) to create a .p7s (PKCS7) output file. This example uses the NCipher HSM CSP.

Download Chilkat C++ Libraries for VC++ 8.0 / Win32

Download Chilkat C++ Libraries for VC++ 7.0 / Win32

Download Chilkat C++ Libraries for VC++ 6.0 / Win32

#include <CkCrypt2.h>
#include <CkCreateCS.h>
#include <CkCertStore.h>
#include <CkCert.h>
#include <CkCSP.h>

void ChilkatSample(void)
    {
    CkCrypt2 crypt;

    //  Any string argument automatically begins the 30-day trial.
    bool success;
    success = crypt.UnlockComponent("30-day trial");
    if (success != true) {
        printf("Crypt component unlock failed\n");
        return;
    }

    //  Find our digital certificate from the Current User certificate store.
    //  Note: There are several other ways to load your certificate
    //  into a Chilkat cert object.  You may load directly from a .cer file,
    //  PEM file, pfx, etc.
    CkCreateCS ccs;
    CkCertStore *certStore = 0;
    certStore = ccs.OpenCurrentUserStore();
    CkCert *cert = 0;
    cert = certStore->FindCertBySubjectCN("Chilkat Software, Inc.");
    if (cert == 0 ) {
        printf("%s\n",cert->lastErrorText());
        delete certStore;
        return;
    }

    //  Tell the crypt component to use this cert.
    crypt.SetSigningCert(*cert);

    delete certStore;

    //  To use an HSM or smartcard, create a CSP object,
    //  set the service provider, and then tell the Chilkat Crypt
    //  component to use the CSP:
    //  This example uses the NCipher HSM.  The
    //  provider names must be specied exactly.
    //  The NCipher provider names are:
    //  PROV_RSA_FULL ("nCipher Enhanced Cryptographic Provider")
    //  PROV_RSA_AES ("nCipher Enhanced RSA and AES Cryptographic Provider")
    //  PROV_RSA_SCHANNEL("nCipher Enhanced SChannel Cryptographic Provider")
    //  PROV_DSS_DH ("nCipher Enhanced DSS and Diffie-Hellman Cryptographic Provider")
    //  PROV_DH_SCHANNEL ("nCipher Enhanced DSS and Diffie-Hellman SChannel Cryptographic Provider")

    //  We'll be using the RSA FULL provider:
    CkCSP csp;
    csp.put_ProviderName("nCipher Enhanced Cryptographic Provider");

    //  Tell the crypt object to use the CSP:
    crypt.SetCSP(csp);

    //  We can sign any type of file, creating a .p7s detached signature as output:
    success = crypt.CreateP7S("test.xml","test.p7s");
    if (success == false) {
        printf("%s\n",crypt.lastErrorText());
        delete cert;
        return;
    }

    printf("%s\n",crypt.lastErrorText());
    //  Verify the signature...
    crypt.SetVerifyCert(*cert);

    success = crypt.VerifyP7S("test.xml","test.p7s");
    if (success == false) {
        printf("%s\n",crypt.lastErrorText());
        delete cert;
        return;
    }

    delete cert;

    printf("Success!\n");
    }