Sample code for 30+ languages & platforms
DataFlex

PKCS11 Sign PDF using Certificate and Private Key on Smart Card / USB Token

See more PKCS11 Examples

Sample code showing how to use PKCS11 to sign a PDF with a certificate and private key stored on a smart card or USB token.

Note: This example requires Chilkat v9.5.0.96 or later.

Chilkat DataFlex Downloads

DataFlex
Use ChilkatAx-win32.pkg

Procedure Test
    Boolean iSuccess
    Handle hoPkcs11
    String sPin
    Integer iUserType
    Variant vCert
    Handle hoCert
    Handle hoPdf
    Variant vJson
    Handle hoJson
    Integer i
    String sTemp1

    Move False To iSuccess

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // Note: Chilkat's PKCS11 implementation runs on Windows, Linux, Mac OS X, and other supported operating systems.

    Get Create (RefClass(cComChilkatPkcs11)) To hoPkcs11
    If (Not(IsComObjectCreated(hoPkcs11))) Begin
        Send CreateComObject of hoPkcs11
    End

    Set ComSharedLibPath Of hoPkcs11 To "C:/Program Files (x86)/Gemalto/IDGo 800 PKCS#11/IDPrimePKCS1164.dll"
    Move "0000" To sPin
    Move 1 To iUserType

    // Establish a PKCS11 logged-on session using the driver (.so, .dylib, or .dll) as specified in the SharedLibPath above.
    Get ComQuickSession Of hoPkcs11 iUserType sPin To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoPkcs11 To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // Get the certificate (on the smart card) that has a private key.
    // There are other ways to locate a certificate on the HSM.
    // This example assumes there is a single certificate w/ private key.
    Get Create (RefClass(cComChilkatCert)) To hoCert
    If (Not(IsComObjectCreated(hoCert))) Begin
        Send CreateComObject of hoCert
    End
    Get pvComObject of hoCert to vCert
    Get ComFindCert Of hoPkcs11 "privateKey" "" vCert To iSuccess
    If (iSuccess = True) Begin
        Get ComSubjectCN Of hoCert To sTemp1
        Showln "Cert with private key: " sTemp1
    End
    Else Begin
        Showln "No certificates having a private key were found."
        Get ComCloseSession Of hoPkcs11 To iSuccess
        Procedure_Return
    End

    // --------------------------------------------------------------------------
    // At this point, we have the cert to be used for signing.
    // Our PDF signing code is the same as for a cert obtained from any other source..

    Get Create (RefClass(cComChilkatPdf)) To hoPdf
    If (Not(IsComObjectCreated(hoPdf))) Begin
        Send CreateComObject of hoPdf
    End

    // Load a PDF to be signed.
    Get ComLoadFile Of hoPdf "qa_data/pdf/hello.pdf" To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoPdf To sTemp1
        Showln sTemp1
        Get ComCloseSession Of hoPkcs11 To iSuccess
        Procedure_Return
    End

    Get Create (RefClass(cComChilkatJsonObject)) To hoJson
    If (Not(IsComObjectCreated(hoJson))) Begin
        Send CreateComObject of hoJson
    End

    Get ComUpdateInt Of hoJson "page" 1 To iSuccess
    Get ComUpdateString Of hoJson "appearance.y" "top" To iSuccess
    Get ComUpdateString Of hoJson "appearance.x" "left" To iSuccess
    Get ComUpdateString Of hoJson "appearance.fontScale" "10.0" To iSuccess
    Get ComUpdateString Of hoJson "signingAlgorithm" "pss" To iSuccess
    Get ComUpdateString Of hoJson "hashAlgorithm" "sha256" To iSuccess

    Move 0 To i
    Set ComI Of hoJson To i
    Get ComUpdateString Of hoJson "appearance.text[i]" "Digitaly signed by: Xyz Widgets, Inc." To iSuccess
    Move (i + 1) To i
    Set ComI Of hoJson To i
    Get ComUpdateString Of hoJson "appearance.text[i]" "current_dt" To iSuccess
    Move (i + 1) To i
    Set ComI Of hoJson To i
    Get ComUpdateString Of hoJson "appearance.text[i]" "blah blah blah" To iSuccess

    // The certificate is internally linked to the Pkcs11 object, which is currently in an authenticated session.
    Get pvComObject of hoCert to vCert
    Get ComSetSigningCert Of hoPdf vCert To iSuccess

    Get pvComObject of hoJson to vJson
    Get ComSignPdf Of hoPdf vJson "qa_output/out.pdf" To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoPdf To sTemp1
        Showln sTemp1
        Get ComCloseSession Of hoPkcs11 To iSuccess
        Procedure_Return
    End

    // --------------------------------------------------------------------------

    // Revert to an unauthenticated session by calling Logout.
    Get ComLogout Of hoPkcs11 To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoPkcs11 To sTemp1
        Showln sTemp1
        Get ComCloseSession Of hoPkcs11 To iSuccess
        Procedure_Return
    End

    // When finished, close the session.
    // It is important to close the session (memory leaks will occur if the session is not properly closed).
    Get ComCloseSession Of hoPkcs11 To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoPkcs11 To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    Showln "Success."


End_Procedure