Pascal (Lazarus/Delphi)
Pascal (Lazarus/Delphi)
Verify Opaque Signature and Retrieve Signing Certificates
See more Digital Signatures Examples
Demonstrates how to verify a PCKS7 opaque digital signature (signed data), extract the original file/data, and then extract the certificate(s) that were used to sign.Chilkat Pascal (Lazarus/Delphi) Downloads
program ChilkatDemo;
// Demonstrates using the Chilkat Pascal wrapper via the C bridge DLL.
// Builds as a console application under Lazarus (FPC) or Delphi.
{$IFDEF FPC}
{$MODE DELPHI}
{$ENDIF}
{$APPTYPE CONSOLE}
uses
{$IFDEF UNIX}
cthreads,
{$ENDIF}
SysUtils,
CkDllLoader,
Chilkat.BinData,
Chilkat.CertChain,
Chilkat.Cert,
Chilkat.Crypt2;
// ---------------------------------------------------------------------------
procedure RunDemo;
var
success: Boolean;
crypt: TCrypt2;
binData: TBinData;
cert: TCert;
certChain: TCertChain;
numCerts: Integer;
i: Integer;
begin
success := False;
// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
crypt := TCrypt2.Create;
// Verify a PKCS7 signed-data (opaque signature) file and extract the original content to a file.
success := crypt.VerifyP7M('qa_data/p7m/opaqueSig.p7','qa_output/originalData.dat');
if (success = False) then
begin
WriteLn(crypt.LastErrorText);
Exit;
end;
// Alternatively, we can do it in memory...
binData := TBinData.Create;
success := binData.LoadFile('qa_data/p7m/opaqueSig.p7');
// Your app should check for success, but we'll skip the check for brevity..
// If verified, the signature is unwrapped and binData is replaced with the original data that was signed.
success := crypt.OpaqueVerifyBd(binData);
if (success = False) then
begin
WriteLn(crypt.LastErrorText);
Exit;
end;
// For our testing, we signed some text, so we can get it from the binData..
WriteLn('Original Data:');
WriteLn(binData.GetString('utf-8'));
// After any method call that verifies a signature, the crypt object will contain the certificate(s)
// that were used for signing (assuming the X.509 certs were available in the signature, which is typically the case).
// Get each signing certificate, and build the certificate chain for each.
cert := TCert.Create;
certChain := TCertChain.Create;
numCerts := crypt.NumSignerCerts;
i := 0;
while i < numCerts do
begin
crypt.LastSignerCert(i,cert);
WriteLn(cert.SubjectDN);
success := cert.BuildCertChain(certChain);
if (success = False) then
begin
WriteLn(cert.LastErrorText);
Exit;
end;
i := i + 1;
end;
crypt.Free;
binData.Free;
cert.Free;
certChain.Free;
end;
// ---------------------------------------------------------------------------
begin
try
RunDemo;
except
on E: Exception do
WriteLn('Unhandled exception: ', E.ClassName, ': ', E.Message);
end;
WriteLn;
{$IFDEF MSWINDOWS}
WriteLn('Press Enter to exit...');
ReadLn;
{$ENDIF}
end.