Sample code for 30+ languages & platforms
Java

RSASSA-PSS Sign Binary Data

See more Digital Signatures Examples

Signs binary data to create a PKCS7/CMS signature. The signature algorithm is RSASSA-PSS with SHA256.

Chilkat Java Downloads

Java
import com.chilkatsoft.*;

public class ChilkatExample {

  static {
    try {
        System.loadLibrary("chilkat");
    } catch (UnsatisfiedLinkError e) {
      System.err.println("Native code library failed to load.\n" + e);
      System.exit(1);
    }
  }

  public static void main(String argv[])
  {
    boolean success = false;

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    CkCrypt2 crypt = new CkCrypt2();

    // Get a digital certificate with private key from a .pfx
    // (Chilkat has many different ways to provide a cert + private key for siging.
    // Using a PFX is just one possible option.)
    CkPfx pfx = new CkPfx();
    success = pfx.LoadPfxFile("qa_data/rsassa-pss/privatekey.pfx","PFX_PASSWORD");
    if (success == false) {
        System.out.println(pfx.lastErrorText());
        return;
        }

    // Get the certificate to be used for signing.
    // (The typical case for a PFX is that it contains a cert with an associated private key,
    // as well as other certificates in the chain of authentication.  The cert with the private
    // key should be in the first position at index 0.)

    CkCert cert = new CkCert();
    success = pfx.CertAt(0,cert);
    if (success == false) {
        System.out.println(pfx.lastErrorText());
        return;
        }

    crypt.SetSigningCert(cert);

    // Indicate that RSASSA-PSS with SHA256 should be used.
    crypt.put_SigningAlg("pss");
    crypt.put_HashAlgorithm("sha256");

    crypt.put_EncodingMode("base64_mime");

    // Load a binary file to be signed:
    CkBinData binaryData = new CkBinData();
    success = binaryData.LoadFile("qa_data/jpg/starfish20.jpg");
    if (success != true) {
        System.out.println("Failed to load file.");
        return;
        }

    // Sign the binary bytes to get a PKCS7 detached signature in base64 format:
    String pkcs7sig = crypt.signBdENC(binaryData);
    System.out.println("Detached PCKS7 Signature:");
    System.out.println(pkcs7sig);

    // This signature looks like this:

    // MIIG5wYJKoZIhvcNAQcCoIIG2DCCBtQCAQExDzANBglghkgBZQMEAgEFADALBgkqhkiG9w0BBwGg
    // ggL4MIIC9DCCAl2gAwIBAgIJAMPsJCT11cniMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJB
    // VTERMA8GA1UECAwIVmljdG9yaWExEjAQBgNVBAcMCU1lbGJvdXJuZTEhMB8GA1UECgwYSW50ZXJu
    // ZXQgV2lkZ2l0cyBQdHkgTHRkMQ8wDQYDVQQDDAZXaWRnZXQxKDAmBgkqhkiG9w0BCQEWGWFkbWlu
    // QGludGVybmV0d2lkZ2V0cy5jb20wHhcNMTYxMTAxMTY1MjMyWhcNMjExMDMxMTY1MjMyWjCBkjEL
    // MAkGA1UEBhMCQVUxETAPBgNVBAgMCFZpY3RvcmlhMRIwEAYDVQQHDAlNZWxib3VybmUxITAfBgNV
    // BAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UEAwwGV2lkZ2V0MSgwJgYJKoZIhvcN
    // AQkBFhlhZG1pbkBpbnRlcm5ldHdpZGdldHMuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
    // gQDGIdoCjyavs+F/Rm0VIB4m6O7VL1j+1IqieoR9NEX2GQvu2VCdceyxf9qaw1bxipEvjLwUkw7M
    // e+BTlLpWQbBMH87s6KpsC8MVyXhMLpP0oM8NFix/vLz2wdLhUh7CZvJA0plqkJk9bj57QIu+EO1k
    // tUHM2DFb6sckvCL2yybD1wIDAQABo1AwTjAdBgNVHQ4EFgQUONKKu2zsXIrinWxIGT654vrcQwsw
    // HwYDVR0jBBgwFoAUONKKu2zsXIrinWxIGT654vrcQwswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B
    // AQsFAAOBgQArFvdi5u9i2QF1Qw+cdC1l7w2Y3+q6RIkln2W8rWJFje00644o8hXy7v46giJCedmF
    // ULlhm1n7XIsZGy2W3lJ77v5agn9gFwXu1h3cqkGXkoteE6SQJQXWgsW3GWPveObvTL8LF4y57fgM
    // 9ZWS+V9MJajeu44Rf/tU17TLYKjvEjGCA7MwggOvAgEBMIGgMIGSMQswCQYDVQQGEwJBVTERMA8G
    // A1UECAwIVmljdG9yaWExEjAQBgNVBAcMCU1lbGJvdXJuZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk
    // Z2l0cyBQdHkgTHRkMQ8wDQYDVQQDDAZXaWRnZXQxKDAmBgkqhkiG9w0BCQEWGWFkbWluQGludGVy
    // bmV0d2lkZ2V0cy5jb20CCQDD7CQk9dXJ4jANBglghkgBZQMEAgEFAKCCAjQwGAYJKoZIhvcNAQkD
    // MQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTcwNDI5MTYxMDI2WjAvBgkqhkiG9w0BCQQx
    // IgQgrjUQkoMeBYUhmDGjPg147WybF0w2LAY6F+Ih6qHUMB8wXwYJKoZIhvcNAQkPMVIwUDALBglg
    // hkgBZQMEAQIwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsO
    // AwIHMA0GCCqGSIb3DQMCAgEoMIGxBgkrBgEEAYI3EAQxgaMwgaAwgZIxCzAJBgNVBAYTAkFVMREw
    // DwYDVQQIDAhWaWN0b3JpYTESMBAGA1UEBwwJTWVsYm91cm5lMSEwHwYDVQQKDBhJbnRlcm5ldCBX
    // aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBldpZGdldDEoMCYGCSqGSIb3DQEJARYZYWRtaW5AaW50
    // ZXJuZXR3aWRnZXRzLmNvbQIJAMPsJCT11cniMIGzBgsqhkiG9w0BCRACCzGBo6CBoDCBkjELMAkG
    // A1UEBhMCQVUxETAPBgNVBAgMCFZpY3RvcmlhMRIwEAYDVQQHDAlNZWxib3VybmUxITAfBgNVBAoM
    // GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UEAwwGV2lkZ2V0MSgwJgYJKoZIhvcNAQkB
    // FhlhZG1pbkBpbnRlcm5ldHdpZGdldHMuY29tAgkAw+wkJPXVyeIwPQYJKoZIhvcNAQEKMDCgDTAL
    // BglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCASAEgYCWV0g82volvnwf
    // YpwIpqpQzMmTPBKNQmFGjbyH2opdcbJwgu2qEFvaXkyjYDtgQ7XsCqc15dm6Ee1Ujkosbp57kLTt
    // /WbwxY1CC/uxs3oV+5ESUyB+2iocTYABYn4ye0FhBPut86n/gzZTL+RLG6Z1fxwwzkoxWUp7GjKK
    // 58mveQ==

    // The ASN.1 of the signature can be examined by browsing to https://lapo.it/asn1js/ ,
    // then copy-and-paste the Base64 signature into the form and decode..

    // The signature can be verified against the original data like this:
    success = crypt.VerifyBdENC(binaryData,pkcs7sig);
    System.out.println("Signature verified: " + success);

    // Now we'll create an opaque signature (the opposite of a detached signature). 
    // An opaque signature is a PKCS7/CMS message that contains both the original data and
    // the signature.  The verification process extracts the original data.

    // Then OpaqueSignBd method in-place signs the binaryData.
    // The contents of binaryData are replaced with the CMS/PKCS7 message.
    success = crypt.OpaqueSignBd(binaryData);

    // Show the contents of the opaque signature in base64 format:
    System.out.println("Opaque Signature:");
    System.out.println(binaryData.getEncoded("base64_mime"));

    // MIIKCgYJKoZIhvcNAQcCoIIJ+zCCCfcCAQExDzANBglghkgBZQMEAgEFADCCAywGCSqGSIb3DQEH
    // AaCCAx0EggMZ/9j/4AAQSkZJRgABAQEASABIAAD//gAmRmlsZSB3cml0dGVuIGJ5IEFkb2JlIFBo
    // b3Rvc2hvcD8gNC4w/9sAQwAQCwwODAoQDg0OEhEQExgoGhgWFhgxIyUdKDozPTw5Mzg3QEhcTkBE
    // V0U3OFBtUVdfYmdoZz5NcXlwZHhcZWdj/9sAQwEREhIYFRgvGhovY0I4QmNjY2NjY2NjY2NjY2Nj
    // Y2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2Nj/8IAEQgAFAAUAwERAAIRAQMRAf/E
    // ABcAAAMBAAAAAAAAAAAAAAAAAAIDBAX/xAAYAQADAQEAAAAAAAAAAAAAAAABAgMEAP/aAAwDAQAC
    // EAMQAAAB2kZYNNEijWKddfTmLgALWH//xAAbEAACAgMBAAAAAAAAAAAAAAABAgMRAAQSE//aAAgB
    // AQABBQL0XqN+pM2aqJGMiqFFCyg7z//EABwRAAICAgMAAAAAAAAAAAAAAAERAAIQIQMSUf/aAAgB
    // AwEBPwHqU5aqAxx+y1tMQl4elj//xAAcEQEAAQUBAQAAAAAAAAAAAAABEQACEBIhA1H/2gAIAQIB
    // AT8B3Bhqy7ZcenyiwmGgDhiOzj//xAAdEAABAwUBAAAAAAAAAAAAAAABAAIREBIhIkFR/9oACAEB
    // AAY/ArZyn+CgxtxWuJaoCnqDuin/xAAcEAABBAMBAAAAAAAAAAAAAAABABEhYRAxQVH/2gAIAQEA
    // AT8hkEwPUUR9DYfE4nxtRpIkBTsayuALIiuY/9oADAMBAAIAAwAAABDWPTsf/8QAGhEAAwADAQAA
    // AAAAAAAAAAAAAAEREDFBIf/aAAgBAwEBPxC0DVPcWm+Ce4OesrkE6bjH/8QAGBEBAQEBAQAAAAAA
    // AAAAAAAAAREAQRD/2gAIAQIBAT8QahMiOc8YgSrnTY3ELclHXn//xAAcEAEBAAIDAQEAAAAAAAAA
    // AAABEQAhMUFxEFH/2gAIAQEAAT8Qn3igmSZSj+c4N4zapMy9IjFV98wncN2iuLFsCEbDGxQkI6RO
    // /n//2aCCAvgwggL0MIICXaADAgECAgkAw+wkJPXVyeIwDQYJKoZIhvcNAQELBQAwgZIxCzAJBgNV
    // BAYTAkFVMREwDwYDVQQIDAhWaWN0b3JpYTESMBAGA1UEBwwJTWVsYm91cm5lMSEwHwYDVQQKDBhJ
    // bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBldpZGdldDEoMCYGCSqGSIb3DQEJARYZ
    // YWRtaW5AaW50ZXJuZXR3aWRnZXRzLmNvbTAeFw0xNjExMDExNjUyMzJaFw0yMTEwMzExNjUyMzJa
    // MIGSMQswCQYDVQQGEwJBVTERMA8GA1UECAwIVmljdG9yaWExEjAQBgNVBAcMCU1lbGJvdXJuZTEh
    // MB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ8wDQYDVQQDDAZXaWRnZXQxKDAmBgkq
    // hkiG9w0BCQEWGWFkbWluQGludGVybmV0d2lkZ2V0cy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0A
    // MIGJAoGBAMYh2gKPJq+z4X9GbRUgHibo7tUvWP7UiqJ6hH00RfYZC+7ZUJ1x7LF/2prDVvGKkS+M
    // vBSTDsx74FOUulZBsEwfzuzoqmwLwxXJeEwuk/Sgzw0WLH+8vPbB0uFSHsJm8kDSmWqQmT1uPntA
    // i74Q7WS1QczYMVvqxyS8IvbLJsPXAgMBAAGjUDBOMB0GA1UdDgQWBBQ40oq7bOxciuKdbEgZPrni
    // +txDCzAfBgNVHSMEGDAWgBQ40oq7bOxciuKdbEgZPrni+txDCzAMBgNVHRMEBTADAQH/MA0GCSqG
    // SIb3DQEBCwUAA4GBACsW92Lm72LZAXVDD5x0LWXvDZjf6rpEiSWfZbytYkWN7TTrjijyFfLu/jqC
    // IkJ52YVQuWGbWftcixkbLZbeUnvu/lqCf2AXBe7WHdyqQZeSi14TpJAlBdaCxbcZY+945u9MvwsX
    // jLnt+Az1lZL5X0wlqN67jhF/+1TXtMtgqO8SMYIDszCCA68CAQEwgaAwgZIxCzAJBgNVBAYTAkFV
    // MREwDwYDVQQIDAhWaWN0b3JpYTESMBAGA1UEBwwJTWVsYm91cm5lMSEwHwYDVQQKDBhJbnRlcm5l
    // dCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBldpZGdldDEoMCYGCSqGSIb3DQEJARYZYWRtaW5A
    // aW50ZXJuZXR3aWRnZXRzLmNvbQIJAMPsJCT11cniMA0GCWCGSAFlAwQCAQUAoIICNDAYBgkqhkiG
    // 9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNzA0MjkxNjEwMjZaMC8GCSqGSIb3
    // DQEJBDEiBCCuNRCSgx4FhSGYMaM+DXjtbJsXTDYsBjoX4iHqodQwHzBfBgkqhkiG9w0BCQ8xUjBQ
    // MAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAw
    // BwYFKw4DAgcwDQYIKoZIhvcNAwICASgwgbEGCSsGAQQBgjcQBDGBozCBoDCBkjELMAkGA1UEBhMC
    // QVUxETAPBgNVBAgMCFZpY3RvcmlhMRIwEAYDVQQHDAlNZWxib3VybmUxITAfBgNVBAoMGEludGVy
    // bmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UEAwwGV2lkZ2V0MSgwJgYJKoZIhvcNAQkBFhlhZG1p
    // bkBpbnRlcm5ldHdpZGdldHMuY29tAgkAw+wkJPXVyeIwgbMGCyqGSIb3DQEJEAILMYGjoIGgMIGS
    // MQswCQYDVQQGEwJBVTERMA8GA1UECAwIVmljdG9yaWExEjAQBgNVBAcMCU1lbGJvdXJuZTEhMB8G
    // A1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ8wDQYDVQQDDAZXaWRnZXQxKDAmBgkqhkiG
    // 9w0BCQEWGWFkbWluQGludGVybmV0d2lkZ2V0cy5jb20CCQDD7CQk9dXJ4jA9BgkqhkiG9w0BAQow
    // MKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIASBgAGVtpI5
    // slxfw+1EyJK4jqxokLvUrqksBLotv1vaP4QaSeF2A1lNrsPfJoEjZJpD1F6vXrFPsR4sPD+6n7P/
    // lz3sGoFykTjE2rPwKEFIbzfxD3gSZKJPWFgDa19DojarmwJMkSPXt9TQEzdjDPrbsCGLYOy29Puq
    // ZDI1rUcyxg7Y

    // The ASN.1 of the signature can be examined by browsing to https://lapo.it/asn1js/ ,
    // then copy-and-paste the Base64 signature into the form and decode..

    // The signature is verified, and the original data restored like this:
    success = crypt.OpaqueVerifyBd(binaryData);
    if (success != true) {
        System.out.println("Signature verification failed.");
        System.out.println(crypt.lastErrorText());
        return;
        }

    // Save the extracted data to a file:
    success = binaryData.WriteFile("qa_output/extractedStarfish20.jpg");

    System.out.println("Signature verified.");
  }
}