DataFlex
DataFlex
Verify Opaque Signature and Retrieve Signing Certificates
See more Digital Signatures Examples
Demonstrates how to verify a PCKS7 opaque digital signature (signed data), extract the original file/data, and then extract the certificate(s) that were used to sign.Chilkat DataFlex Downloads
Use ChilkatAx-win32.pkg
Procedure Test
Boolean iSuccess
Handle hoCrypt
Variant vBinData
Handle hoBinData
Variant vCert
Handle hoCert
Variant vCert
Chain Handle hoCertChain
Integer iNumCerts
Integer i
String sTemp1
Move False To iSuccess
// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
Get Create (RefClass(cComChilkatCrypt2)) To hoCrypt
If (Not(IsComObjectCreated(hoCrypt))) Begin
Send CreateComObject of hoCrypt
End
// Verify a PKCS7 signed-data (opaque signature) file and extract the original content to a file.
Get ComVerifyP7M Of hoCrypt "qa_data/p7m/opaqueSig.p7" "qa_output/originalData.dat" To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoCrypt To sTemp1
Showln sTemp1
Procedure_Return
End
// Alternatively, we can do it in memory...
Get Create (RefClass(cComChilkatBinData)) To hoBinData
If (Not(IsComObjectCreated(hoBinData))) Begin
Send CreateComObject of hoBinData
End
Get ComLoadFile Of hoBinData "qa_data/p7m/opaqueSig.p7" To iSuccess
// Your app should check for success, but we'll skip the check for brevity..
// If verified, the signature is unwrapped and binData is replaced with the original data that was signed.
Get pvComObject of hoBinData to vBinData
Get ComOpaqueVerifyBd Of hoCrypt vBinData To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoCrypt To sTemp1
Showln sTemp1
Procedure_Return
End
// For our testing, we signed some text, so we can get it from the binData..
Showln "Original Data:"
Get ComGetString Of hoBinData "utf-8" To sTemp1
Showln sTemp1
// After any method call that verifies a signature, the crypt object will contain the certificate(s)
// that were used for signing (assuming the X.509 certs were available in the signature, which is typically the case).
// Get each signing certificate, and build the certificate chain for each.
Get Create (RefClass(cComChilkatCert)) To hoCert
If (Not(IsComObjectCreated(hoCert))) Begin
Send CreateComObject of hoCert
End
Get Create (RefClass(cComChilkatCertChain)) To hoCertChain
If (Not(IsComObjectCreated(hoCertChain))) Begin
Send CreateComObject of hoCertChain
End
Get ComNumSignerCerts Of hoCrypt To iNumCerts
Move 0 To i
While (i < iNumCerts)
Get pvComObject of hoCert to vCert
Get ComLastSignerCert Of hoCrypt i vCert To iSuccess
Get ComSubjectDN Of hoCert To sTemp1
Showln sTemp1
Get pvComObject of hoCertChain to vCertChain
Get ComBuildCertChain Of hoCert vCertChain To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoCert To sTemp1
Showln sTemp1
Procedure_Return
End
Move (i + 1) To i
Loop
End_Procedure