Sample code for 30+ languages & platforms
Objective-C

Verify HMAC XML Digital Signature

See more XML Digital Signatures Examples

Demonstrates how to validate an XML digital signature signed with an HMAC key.

Chilkat Objective-C Downloads

Objective-C
#import <NSString.h>
#import <CkoHttp.h>
#import <CkoStringBuilder.h>
#import <CkoXmlDSig.h>

BOOL success = NO;

//  This example requires the Chilkat API to have been previously unlocked.
//  See Global Unlock Sample for sample code.

//  The XML containing the Signature to be verified contains the following:

//  <?xml version="1.0" encoding="UTF-8" standalone="no"?>
//  <collection Id="root">
//  	<album>
//  		<title>Questions, unanswered</title>
//  		<artist>Steve and the flubberblubs</artist>
//  		<year>1989</year>
//  		<t:tracks xmlns:t="http://test.xades4j/tracks">
//  			<t:song length="4:05" tracknumber="1">
//  				<t:title>What do you know?</t:title>
//  				<t:artist>Steve and the flubberblubs</t:artist>
//  				<t:lastplayed>2006-10-17-08:31</t:lastplayed>
//  			</t:song>
//  			<t:song length="3:45" tracknumber="2">
//  				<t:title>Who do you know?</t:title>
//  				<t:artist>Steve and the flubberblubs</t:artist>
//  				<t:lastplayed>2006-10-17-08:35</t:lastplayed>
//  			</t:song>
//  			<t:song length="5:14" tracknumber="3">
//  				<t:title>When do you know?</t:title>
//  				<t:artist>Steve and the flubberblubs</t:artist>
//  				<t:lastplayed>2006-10-17-08:39</t:lastplayed>
//  			</t:song>
//  			<t:song length="4:19" tracknumber="4">
//  				<t:title>Do you know?</t:title>
//  				<t:artist>Steve and the flubberblubs</t:artist>
//  				<t:lastplayed>2006-10-17-08:44</t:lastplayed>
//  			</t:song>
//  		</t:tracks>
//  	</album>
//  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"/><ds:Reference URI="#root"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>rD/g8soqKz8EiPUBhEWfcQacS0ta4ULHX3dKMEH6ZoQ=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>R8dXP95VRYJBfL6d0Peogybdk27+R+JIfX8jnVu0NOI=</ds:SignatureValue></ds:Signature></collection>

//  The above XML is available at https://www.chilkatsoft.com/exampleData/hmacSigned.xml
//  First fetch the XML..

NSString *url = @"https://www.chilkatsoft.com/exampleData/hmacSigned.xml";
CkoHttp *http = [[CkoHttp alloc] init];
CkoStringBuilder *sbXml = [[CkoStringBuilder alloc] init];
success = [http QuickGetSb: url sbContent: sbXml];
if (success != YES) {
    NSLog(@"%@",http.LastErrorText);
    return;
}

CkoXmlDSig *verifier = [[CkoXmlDSig alloc] init];

//  Load the XML containing the signature to be verified.
success = [verifier LoadSignatureSb: sbXml];
if (success != YES) {
    NSLog(@"%@",verifier.LastErrorText);
    return;
}

//  Provide the HMAC key
//  The HMAC key for this signature is the us-ascii bytes of the string "secret",
//  It can be set in any of the following ways (and also more ways not shown here..)
[verifier SetHmacKey: @"secret" encoding: @"ascii"];
//  or
[verifier SetHmacKey: @"c2VjcmV0" encoding: @"base64"];
//  or
[verifier SetHmacKey: @"736563726574" encoding: @"hex"];

//  Verify the signature
BOOL bVerified = [verifier VerifySignature: YES];
NSLog(@"%@%d",@"Signature verified = ",bVerified);