Sample code for 30+ languages & platforms
Pascal (Lazarus/Delphi)

Duplicate OpensSSL to Sign File and Output Binary DER

See more OpenSSL Examples

This example duplicates the following:
openssl smime -sign -in INPUT.xml -signer SIGN.PEM -passin pass:MYPASS -outform der -binary -nodetach -out SIGNED.P7M

Note: Although "smime" is the OpenSSL command, it's not actually producing S/MIME. The arguments "-outform der -binary" indicates that the output is binary DER (i.e. the PKCS7 binary signature). The input can be any type of file: XML, PDF, JPG, ... *anything*...

Chilkat Pascal (Lazarus/Delphi) Downloads

Pascal (Lazarus/Delphi)
program ChilkatDemo;

// Demonstrates using the Chilkat Pascal wrapper via the C bridge DLL.
// Builds as a console application under Lazarus (FPC) or Delphi.

{$IFDEF FPC}
  {$MODE DELPHI}
{$ENDIF}
{$APPTYPE CONSOLE}

uses
  {$IFDEF UNIX}
  cthreads,
  {$ENDIF}
  SysUtils,
  CkDllLoader,
  Chilkat.PrivateKey,
  Chilkat.Cert,
  Chilkat.Pem,
  Chilkat.Crypt2;

// ---------------------------------------------------------------------------

procedure RunDemo;
var
  success: Boolean;
  crypt: TCrypt2;
  pem: TPem;
  privkey: TPrivateKey;
  cert: TCert;
  certFromP12: TCert;

begin
  success := False;

  //  This example requires the Chilkat API to have been previously unlocked.
  //  See Global Unlock Sample for sample code.

  crypt := TCrypt2.Create;

  //  Load the PEM containing cert + private key.
  pem := TPem.Create;
  success := pem.LoadPemFile('qa_data/pem/myPem.pem','password');
  if (success = False) then
    begin
      WriteLn(pem.LastErrorText);
      Exit;
    end;

  privkey := TPrivateKey.Create;
  success := pem.PrivateKeyAt(0,privkey);
  if (success = False) then
    begin
      WriteLn(pem.LastErrorText);
      Exit;
    end;

  cert := TCert.Create;
  success := pem.CertAt(0,cert);
  if (success = False) then
    begin
      WriteLn(pem.LastErrorText);
      Exit;
    end;

  success := crypt.SetSigningCert2(cert,privkey);
  if (success = False) then
    begin
      WriteLn(crypt.LastErrorText);
      Exit;
    end;

  //  Alternatively, we could use a .pfx/.p12 file.
  //  (Chilkat also supports other formats/sources for cert/private keys...)
  certFromP12 := TCert.Create;
  success := certFromP12.LoadPfxFile('qa_data/p12/myP12.p12','password');
  if (success = False) then
    begin
      WriteLn(certFromP12.LastErrorText);
      Exit;
    end;

  //  The certificate, when loaded from a .pfx/.p12, will automatically 
  //  include the associated private key, assuming it's present in the .p12.
  //  We don't have to explicitly provide the private key as in the
  //  lines of code above that use the PEM file.
  success := crypt.SetSigningCert(certFromP12);
  if (success = False) then
    begin
      WriteLn(crypt.LastErrorText);
      Exit;
    end;

  //  Create the opaque signature (PKCS7 binary DER that contains both the signature and original file data).
  success := crypt.CreateP7M('qa_data/infile.anything','qa_output/outfile.p7m');
  if (success = False) then
    begin
      WriteLn(crypt.LastErrorText);
      Exit;
    end;

  WriteLn('Success.');


  crypt.Free;
  pem.Free;
  privkey.Free;
  cert.Free;
  certFromP12.Free;

end;

// ---------------------------------------------------------------------------

begin

  try
    RunDemo;
  except
    on E: Exception do
      WriteLn('Unhandled exception: ', E.ClassName, ': ', E.Message);
  end;

  WriteLn;
  {$IFDEF MSWINDOWS}
  WriteLn('Press Enter to exit...');
  ReadLn;
  {$ENDIF}
end.