![]() |
Chilkat HOME Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi DLL Go Java Node.js Objective-C PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(Objective-C) Verify Opaque Signature and Retrieve Signing CertificatesDemonstrates how to verify a PCKS7 opaque digital signature (signed data), extract the original file/data, and then extract the certificate(s) that were used to sign.
#import <CkoCrypt2.h> #import <CkoBinData.h> #import <CkoCert.h> #import <CkoCertChain.h> // This example assumes the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. CkoCrypt2 *crypt = [[CkoCrypt2 alloc] init]; // Verify a PKCS7 signed-data (opaque signature) file and extract the original content to a file. BOOL success = [crypt VerifyP7M: @"qa_data/p7m/opaqueSig.p7" destPath: @"qa_output/originalData.dat"]; if (success != YES) { NSLog(@"%@",crypt.LastErrorText); return; } // Alternatively, we can do it in memory... CkoBinData *binData = [[CkoBinData alloc] init]; success = [binData LoadFile: @"qa_data/p7m/opaqueSig.p7"]; // Your app should check for success, but we'll skip the check for brevity.. // If verified, the signature is unwrapped and binData is replaced with the original data that was signed. success = [crypt OpaqueVerifyBd: binData]; if (success != YES) { NSLog(@"%@",crypt.LastErrorText); return; } // For our testing, we signed some text, so we can get it from the binData.. NSLog(@"%@",@"Original Data:"); NSLog(@"%@",[binData GetString: @"utf-8"]); // After any method call that verifies a signature, the crypt object will contain the certificate(s) // that were used for signing (assuming the X.509 certs were available in the signature, which is typically the case). // Get the number of signing certificates, and get each.. int numCerts = [crypt.NumSignerCerts intValue]; int i = 0; while (i < numCerts) { CkoCert *cert = [crypt GetSignerCert: [NSNumber numberWithInt: i]]; NSLog(@"%@",cert.SubjectDN); i = i + 1; } // We could also get the complete certificate chain of each signer cert, // assuming the certs in the chain of authentication to the trusted root // are available on the system, or provided to Chilkat by some other means // (such as via the XmlCertVault class, the TrustedRoots class, etc.) i = 0; while (i < numCerts) { CkoCertChain *certChain = [crypt GetSignerCertChain: [NSNumber numberWithInt: i]]; // You can examine the various properties and methods for certChain in the online // reference documentation... i = i + 1; } |
© 2000-2025 Chilkat Software, Inc. All Rights Reserved.