Sample code for 30+ languages & platforms
Classic ASP

Alliance Access LAU Sign Message (XML Signature using HMAC-SHA-256)

See more XML Digital Signatures Examples

Demonstrates how to sign XML according to the requirements for Alliance Access LAU (Local Authentication) using HMAC-SHA-256.

Chilkat Classic ASP Downloads

Classic ASP
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<%
success = 0

' This example requires the Chilkat API to have been previously unlocked.
' See Global Unlock Sample for sample code.

' We begin with this message:

' <?xml version="1.0" encoding="utf-8"?>
' <Saa:DataPDU xmlns:Saa="urn:swift:saa:xsd:saa.2.0" xmlns:Sw="urn:swift:snl:ns.Sw"
'   xmlns:SwGbl="urn:swift:snl:ns.SwGbl" xmlns:SwInt="urn:swift:snl:ns:SwInt" xmlns:SwSec="url:swift:snl:ns.SwSec">
'     <Saa:Revision>2.0.7</Saa:Revision>
'     <Saa:Header>
'         <Saa:Message>
' 			<test>blah blah</test>
'         </Saa:Message>
'     </Saa:Header>
'     <Saa:Body>...</Saa:Body>
'     <Saa:LAU>
'     </Saa:LAU>
' </Saa:DataPDU>

' And we want so sign to create this as the result:
' The signed XML we'll create will not be indented and pretty-printed like this.
' Instead, we'll use the "CompactSignedXml" behavior to produce compact single-line XML.

' <?xml version="1.0" encoding="utf-8"?>
' <Saa:DataPDU xmlns:Saa="urn:swift:saa:xsd:saa.2.0" xmlns:Sw="urn:swift:snl:ns.Sw"
'   xmlns:SwGbl="urn:swift:snl:ns.SwGbl" xmlns:SwInt="urn:swift:snl:ns:SwInt" xmlns:SwSec="url:swift:snl:ns.SwSec">
'     <Saa:Revision>2.0.7</Saa:Revision>
'     <Saa:Header>
'         <Saa:Message>
' 			<test>blah blah</test>
'         </Saa:Message>
'     </Saa:Header>
'     <Saa:Body>...</Saa:Body>
'     <Saa:LAU>
'         <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
'             <ds:SignedInfo>
'                 <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
'                 <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"/>
'                 <ds:Reference URI="">
'                     <ds:Transforms>
'                         <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
'                         <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
'                     </ds:Transforms>
'                     <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
'                     <ds:DigestValue>Y7oScHnYOUQvni/TSzZbDec+HR+mWIFH149GXpwj1Ws=</ds:DigestValue>
'                 </ds:Reference>
'             </ds:SignedInfo>
'             <ds:SignatureValue>6ynF/FcwbPsHrtlj3h2agJigdnvpbO6hOzKSRGzqkw0=</ds:SignatureValue>
'         </ds:Signature>
'     </Saa:LAU>
' </Saa:DataPDU>

success = 1

' Create the XML to be signed...

' (The XML does not need to be created this way.  It can be loaded from a file or a string.)
' Also, use this online tool to generate code from sample XML: 
' Generate Code to Create XML

set xmlToSign = Server.CreateObject("Chilkat.Xml")
xmlToSign.Tag = "Saa:DataPDU"
success = xmlToSign.AddAttribute("xmlns:Saa","urn:swift:saa:xsd:saa.2.0")
success = xmlToSign.AddAttribute("xmlns:Sw","urn:swift:snl:ns.Sw")
success = xmlToSign.AddAttribute("xmlns:SwGbl","urn:swift:snl:ns.SwGbl")
success = xmlToSign.AddAttribute("xmlns:SwInt","urn:swift:snl:ns:SwInt")
success = xmlToSign.AddAttribute("xmlns:SwSec","url:swift:snl:ns.SwSec")
xmlToSign.UpdateChildContent "Saa:Revision","2.0.7"
xmlToSign.UpdateChildContent "Saa:Header|Saa:Message|test","blah blah"
xmlToSign.UpdateChildContent "Saa:Body","..."
xmlToSign.UpdateChildContent "Saa:LAU",""

set gen = Server.CreateObject("Chilkat.XmlDSigGen")

gen.SigLocation = "Saa:DataPDU|Saa:LAU"
gen.SigLocationMod = 0
gen.SigNamespacePrefix = "ds"
gen.SigNamespaceUri = "http://www.w3.org/2000/09/xmldsig#"
gen.SignedInfoCanonAlg = "EXCL_C14N"
gen.SignedInfoDigestMethod = "sha256"

' You may alternatively choose "IndentedSignature" instead of "CompactSignedXml"
gen.Behaviors = "CompactSignedXml"

success = gen.AddSameDocRef("","sha256","EXCL_C14N","","")

' Specify the HMAC key.
' For example, if the HMAC key is to be the us-ascii bytes of the string "secret",
' the HMAC key can be set in any of the following ways (and also more ways not shown here..)
success = gen.SetHmacKey("secret","ascii")
' or
success = gen.SetHmacKey("c2VjcmV0","base64")
' or
success = gen.SetHmacKey("736563726574","hex")

' Sign the XML..
set sbXml = Server.CreateObject("Chilkat.StringBuilder")
success = xmlToSign.GetXmlSb(sbXml)
success = gen.CreateXmlDSigSb(sbXml)
If (success <> 1) Then
    Response.Write "<pre>" & Server.HTMLEncode( gen.LastErrorText) & "</pre>"
    Response.End
End If

' Save the signed XML to a file.
success = sbXml.WriteFile("qa_output/signedXml.xml","utf-8",0)

' Show the signed XML.
Response.Write "<pre>" & Server.HTMLEncode( sbXml.GetAsString()) & "</pre>"

%>
</body>
</html>