Chilkat HOME .NET Core C# Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi ActiveX Delphi DLL Go Java Lianja Mono C# Node.js Objective-C PHP ActiveX PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(Delphi DLL) Verify Opaque Signature and Retrieve Signing CertificatesDemonstrates how to verify a PCKS7 opaque digital signature (signed data), extract the original file/data, and then extract the certificate(s) that were used to sign.
uses Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics, Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, BinData, CertChain, Cert, Crypt2; ... procedure TForm1.Button1Click(Sender: TObject); var crypt: HCkCrypt2; success: Boolean; binData: HCkBinData; numCerts: Integer; i: Integer; cert: HCkCert; certChain: HCkCertChain; begin // This example assumes the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. crypt := CkCrypt2_Create(); // Verify a PKCS7 signed-data (opaque signature) file and extract the original content to a file. success := CkCrypt2_VerifyP7M(crypt,'qa_data/p7m/opaqueSig.p7','qa_output/originalData.dat'); if (success <> True) then begin Memo1.Lines.Add(CkCrypt2__lastErrorText(crypt)); Exit; end; // Alternatively, we can do it in memory... binData := CkBinData_Create(); success := CkBinData_LoadFile(binData,'qa_data/p7m/opaqueSig.p7'); // Your app should check for success, but we'll skip the check for brevity.. // If verified, the signature is unwrapped and binData is replaced with the original data that was signed. success := CkCrypt2_OpaqueVerifyBd(crypt,binData); if (success <> True) then begin Memo1.Lines.Add(CkCrypt2__lastErrorText(crypt)); Exit; end; // For our testing, we signed some text, so we can get it from the binData.. Memo1.Lines.Add('Original Data:'); Memo1.Lines.Add(CkBinData__getString(binData,'utf-8')); // After any method call that verifies a signature, the crypt object will contain the certificate(s) // that were used for signing (assuming the X.509 certs were available in the signature, which is typically the case). // Get the number of signing certificates, and get each.. numCerts := CkCrypt2_getNumSignerCerts(crypt); i := 0; while i < numCerts do begin cert := CkCrypt2_GetSignerCert(crypt,i); Memo1.Lines.Add(CkCert__subjectDN(cert)); CkCert_Dispose(cert); i := i + 1; end; // We could also get the complete certificate chain of each signer cert, // assuming the certs in the chain of authentication to the trusted root // are available on the system, or provided to Chilkat by some other means // (such as via the XmlCertVault class, the TrustedRoots class, etc.) i := 0; while i < numCerts do begin certChain := CkCrypt2_GetSignerCertChain(crypt,i); // You can examine the various properties and methods for certChain in the online // reference documentation... CkCertChain_Dispose(certChain); i := i + 1; end; CkCrypt2_Dispose(crypt); CkBinData_Dispose(binData); end; |
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.