(Node.js) Verify Opaque Signature and Retrieve Signing Certificates

Demonstrates how to verify a PCKS7 opaque digital signature (signed data), extract the original file/data, and then extract the certificate(s) that were used to sign.

Note: This example requires Chilkat v11.0.0 or greater.

Install Chilkat for Node.js and Electron using npm at Chilkat npm packages for Node.js Chilkat npm packages for Electron on Windows, Linux, MacOS

var os = require('os');
if (os.platform() == 'win32') {  
  var chilkat = require('@chilkat/ck-node23-win64'); 
} else if (os.platform() == 'linux') {
    if (os.arch() == 'arm') {
        var chilkat = require('@chilkat/ck-node23-linux-arm');
    } else if (os.arch() == 'arm64') {
        var chilkat = require('@chilkat/ck-node23-linux-arm64');
    } else {
        var chilkat = require('@chilkat/ck-node23-linux-x64');
    }
} else if (os.platform() == 'darwin') {
  var chilkat = require('@chilkat/ck-node23-mac-universal');
}

function chilkatExample() {

    var success = false;

    // This example assumes the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    var crypt = new chilkat.Crypt2();

    // Verify a PKCS7 signed-data (opaque signature) file and extract the original content to a file.
    success = crypt.VerifyP7M("qa_data/p7m/opaqueSig.p7","qa_output/originalData.dat");
    if (success == false) {
        console.log(crypt.LastErrorText);
        return;
    }

    // Alternatively, we can do it in memory...
    var binData = new chilkat.BinData();
    success = binData.LoadFile("qa_data/p7m/opaqueSig.p7");
    // Your app should check for success, but we'll skip the check for brevity..

    // If verified, the signature is unwrapped and binData is replaced with the original data that was signed.
    success = crypt.OpaqueVerifyBd(binData);
    if (success == false) {
        console.log(crypt.LastErrorText);
        return;
    }

    // For our testing, we signed some text, so we can get it from the binData..
    console.log("Original Data:");
    console.log(binData.GetString("utf-8"));

    // After any method call that verifies a signature, the crypt object will contain the certificate(s)
    // that were used for signing (assuming the X.509 certs were available in the signature, which is typically the case).

    // Get each signing certificate, and build the certificate chain for each.
    var cert = new chilkat.Cert();
    var certChain = new chilkat.CertChain();
    var numCerts = crypt.NumSignerCerts;
    var i = 0;
    while (i < numCerts) {
        crypt.LastSignerCert(i,cert);
        console.log(cert.SubjectDN);

        success = cert.BuildCertChain(certChain);
        if (success == false) {
            console.log(cert.LastErrorText);
            return;
        }

        i = i+1;
    }


}

chilkatExample();