Sample code for 30+ languages & platforms
Pascal (Lazarus/Delphi)

Create and Verify an Opaque PKCS7/CMS Signature

See more Digital Signatures Examples

Demonstrates how to create a PKCS7 opaque signature, and also how to verify an opaque signature. An opaque signature is different than a detached PKCS7 signature in that it contains the original data. Verifying an opaque signature retrieves the original content.

Chilkat Pascal (Lazarus/Delphi) Downloads

Pascal (Lazarus/Delphi)
program ChilkatDemo;

// Demonstrates using the Chilkat Pascal wrapper via the C bridge DLL.
// Builds as a console application under Lazarus (FPC) or Delphi.

{$IFDEF FPC}
  {$MODE DELPHI}
{$ENDIF}
{$APPTYPE CONSOLE}

uses
  {$IFDEF UNIX}
  cthreads,
  {$ENDIF}
  SysUtils,
  CkDllLoader,
  Chilkat.PrivateKey,
  Chilkat.Cert,
  Chilkat.Crypt2;

// ---------------------------------------------------------------------------

procedure RunDemo;
var
  success: Boolean;
  crypt: TCrypt2;
  cert: TCert;
  privKey: TPrivateKey;
  password: string;
  originalData: string;
  opaqueSig: string;
  vCrypt: TCrypt2;
  extractedData: string;

begin
  success := False;

  //  This example assumes the Chilkat API to have been previously unlocked.
  //  See Global Unlock Sample for sample code.

  crypt := TCrypt2.Create;

  //  A certificate and private key is needed to create a signature.
  //  Chilkat provides many different ways to load a certificate and private key, such
  //  as from a PFX/.p12, Java keystore, JWK, Windows registry-based certificate stores, and other sources.
  //  This example will load the certificate from a .crt and the private key from a .key file

  cert := TCert.Create;
  //  The LoadFromFile method will automatically detect the format and load it.
  success := cert.LoadFromFile('qa_data/certs/test_12345678a.cer');
  if (success <> True) then
    begin
      WriteLn(cert.LastErrorText);
      Exit;
    end;

  //  Our private key is in an encrypted PKCS8 format.
  //  If you don't know the format of your key, but you do know it's encrypted,
  //  and requires a password, then just call any of the Chilkat methods that load
  //  a private key w/ a password argument.  Chilkat will auto-detect the format
  //  and load it correctly even if it's not the format indicated by the method name..
  privKey := TPrivateKey.Create;
  password := '12345678a';
  success := privKey.LoadPkcs8EncryptedFile('qa_data/certs/test_12345678a.key',password);
  if (success <> True) then
    begin
      WriteLn(privKey.LastErrorText);
      Exit;
    end;

  //  Set properties required for signing.

  //  Tell it to use the cert and private key we've loaded.
  success := crypt.SetSigningCert2(cert,privKey);
  if (success <> True) then
    begin
      WriteLn(crypt.LastErrorText);
      Exit;
    end;

  //  Indicate we want the opaque signature in base64 format:
  crypt.EncodingMode := 'base64';

  //  Sign the string using the "utf-8" byte representation:
  crypt.Charset := 'utf-8';

  //  Create the opaque signature:
  originalData := 'This is the string to be signed.';
  opaqueSig := crypt.OpaqueSignStringENC(originalData);
  if (crypt.LastMethodSuccess <> True) then
    begin
      WriteLn(crypt.LastErrorText);
      Exit;
    end;

  WriteLn(opaqueSig);

  //  The output looks like this:
  //  MIIPgQYJKoZIhvcNAQcCoIIPcjCCD24CAQExCzAJBgUrDgMCGgUAMC8GCSqGSIb3DQEHAaAiBCBUaGlzIGlzIHRoZSBzdHJpbmcgdG8gYmUgc...

  //  ----------------------------------------------------------------------------------------------
  //  Now let's verify the signature and retrieve the original data.
  //  We'll use a new Crypt2 object to keep things completely separate...

  vCrypt := TCrypt2.Create;

  vCrypt.EncodingMode := 'base64';
  vCrypt.Charset := 'utf-8';

  extractedData := vCrypt.OpaqueVerifyStringENC(opaqueSig);
  if (vCrypt.LastMethodSuccess <> True) then
    begin
      WriteLn(vCrypt.LastErrorText);
      Exit;
    end;

  WriteLn('The extracted data: ' + extractedData);

  //  The output is:
  //  The extracted data: This is the string to be signed.


  crypt.Free;
  cert.Free;
  privKey.Free;
  vCrypt.Free;

end;

// ---------------------------------------------------------------------------

begin

  try
    RunDemo;
  except
    on E: Exception do
      WriteLn('Unhandled exception: ', E.ClassName, ': ', E.Message);
  end;

  WriteLn;
  {$IFDEF MSWINDOWS}
  WriteLn('Press Enter to exit...');
  ReadLn;
  {$ENDIF}
end.