Sample code for 30+ languages & platforms
Pascal (Lazarus/Delphi)

Verify Opaque Signature and Retrieve Signing Certificates

See more Digital Signatures Examples

Demonstrates how to verify a PCKS7 opaque digital signature (signed data), extract the original file/data, and then extract the certificate(s) that were used to sign.

Chilkat Pascal (Lazarus/Delphi) Downloads

Pascal (Lazarus/Delphi)
program ChilkatDemo;

// Demonstrates using the Chilkat Pascal wrapper via the C bridge DLL.
// Builds as a console application under Lazarus (FPC) or Delphi.

{$IFDEF FPC}
  {$MODE DELPHI}
{$ENDIF}
{$APPTYPE CONSOLE}

uses
  {$IFDEF UNIX}
  cthreads,
  {$ENDIF}
  SysUtils,
  CkDllLoader,
  Chilkat.BinData,
  Chilkat.CertChain,
  Chilkat.Cert,
  Chilkat.Crypt2;

// ---------------------------------------------------------------------------

procedure RunDemo;
var
  success: Boolean;
  crypt: TCrypt2;
  binData: TBinData;
  cert: TCert;
  certChain: TCertChain;
  numCerts: Integer;
  i: Integer;

begin
  success := False;

  //  This example assumes the Chilkat API to have been previously unlocked.
  //  See Global Unlock Sample for sample code.

  crypt := TCrypt2.Create;

  //  Verify a PKCS7 signed-data (opaque signature) file and extract the original content to a file.
  success := crypt.VerifyP7M('qa_data/p7m/opaqueSig.p7','qa_output/originalData.dat');
  if (success = False) then
    begin
      WriteLn(crypt.LastErrorText);
      Exit;
    end;

  //  Alternatively, we can do it in memory...
  binData := TBinData.Create;
  success := binData.LoadFile('qa_data/p7m/opaqueSig.p7');
  //  Your app should check for success, but we'll skip the check for brevity..

  //  If verified, the signature is unwrapped and binData is replaced with the original data that was signed.
  success := crypt.OpaqueVerifyBd(binData);
  if (success = False) then
    begin
      WriteLn(crypt.LastErrorText);
      Exit;
    end;

  //  For our testing, we signed some text, so we can get it from the binData..
  WriteLn('Original Data:');
  WriteLn(binData.GetString('utf-8'));

  //  After any method call that verifies a signature, the crypt object will contain the certificate(s)
  //  that were used for signing (assuming the X.509 certs were available in the signature, which is typically the case).

  //  Get each signing certificate, and build the certificate chain for each.
  cert := TCert.Create;
  certChain := TCertChain.Create;
  numCerts := crypt.NumSignerCerts;
  i := 0;
  while i < numCerts do
    begin
      crypt.LastSignerCert(i,cert);
      WriteLn(cert.SubjectDN);

      success := cert.BuildCertChain(certChain);
      if (success = False) then
        begin
          WriteLn(cert.LastErrorText);
          Exit;
        end;

      i := i + 1;
    end;



  crypt.Free;
  binData.Free;
  cert.Free;
  certChain.Free;

end;

// ---------------------------------------------------------------------------

begin

  try
    RunDemo;
  except
    on E: Exception do
      WriteLn('Unhandled exception: ', E.ClassName, ': ', E.Message);
  end;

  WriteLn;
  {$IFDEF MSWINDOWS}
  WriteLn('Press Enter to exit...');
  ReadLn;
  {$ENDIF}
end.