Sample code for 30+ languages & platforms
Pascal (Lazarus/Delphi)

Encrypt a file to a PKCS7 encrypted message using multiple certificates from different users

See more Encryption Examples

Demonstrates how to encrypt a file to a PKCS7 encrypted message using multiple certificates from different users. Any one of the users can decrypt using his/her own certificate + private key.

Note: When doing public key encryption, it is the public key that is used to encrypt. The private key is required for decryption.

Chilkat Pascal (Lazarus/Delphi) Downloads

Pascal (Lazarus/Delphi)
program ChilkatDemo;

// Demonstrates using the Chilkat Pascal wrapper via the C bridge DLL.
// Builds as a console application under Lazarus (FPC) or Delphi.

{$IFDEF FPC}
  {$MODE DELPHI}
{$ENDIF}
{$APPTYPE CONSOLE}

uses
  {$IFDEF UNIX}
  cthreads,
  {$ENDIF}
  SysUtils,
  CkDllLoader,
  Chilkat.BinData,
  Chilkat.Cert,
  Chilkat.Crypt2;

// ---------------------------------------------------------------------------

procedure RunDemo;
var
  success: Boolean;
  crypt: TCrypt2;
  cert1: TCert;
  cert2: TCert;
  cert3: TCert;
  fileData: TBinData;

begin
  success := False;

  //  This example requires the Chilkat API to have been previously unlocked.
  //  See Global Unlock Sample for sample code.

  crypt := TCrypt2.Create;

  //  Tell the crypt object to use 3 certificates.
  //  Do this by calling AddEncryptCert for each certificate.

  //  Load a digital certificate. 
  //  We don't need the private key for encryption.
  //  Only the public key is needed (which is included in a certificate).
  cert1 := TCert.Create;
  success := cert1.LoadFromFile('qa_data/user1/cert_user1.pem');
  //  Assume success for the example, but make sure your application checks for success/failure...
  crypt.AddEncryptCert(cert1);

  cert2 := TCert.Create;
  success := cert2.LoadFromFile('qa_data/user2/cert_user2.pem');
  crypt.AddEncryptCert(cert2);

  cert3 := TCert.Create;
  success := cert3.LoadFromFile('qa_data/user3/cert_user3.pem');
  crypt.AddEncryptCert(cert3);

  //  Indicate that we want PKI encryption (i.e. public-key infrastructure)
  //  to produce a CMS message (Cryptographic Message Syntax/PKCS7),
  //  that is be created with RSAES-OAEP padding, SHA256, and AES-128 for the
  //  bulk encryption.
  crypt.CryptAlgorithm := 'pki';
  crypt.Pkcs7CryptAlg := 'aes';
  crypt.KeyLength := 128;
  crypt.OaepHash := 'sha256';
  crypt.OaepPadding := True;

  //  Load the file to be encrypted...
  fileData := TBinData.Create;
  success := fileData.LoadFile('qa_data/jpg/penguins.jpg');
  //  Your app should check for success/failure..

  //  Encrypt the data.  The contents of the fileData object are replaced with the PKCS7 encrypted message.
  success := crypt.EncryptBd(fileData);
  if (success <> True) then
    begin
      WriteLn(crypt.LastErrorText);
      Exit;
    end;

  //  Save the PKCS7 encrypted message to a file..
  success := fileData.WriteFile('qa_output/pkcs7_encrypted.p7');

  //  Now indicate that the PKCS7 output is to be returned in the base64 encoding.
  crypt.EncodingMode := 'base64';

  WriteLn('OK.');


  crypt.Free;
  cert1.Free;
  cert2.Free;
  cert3.Free;
  fileData.Free;

end;

// ---------------------------------------------------------------------------

begin

  try
    RunDemo;
  except
    on E: Exception do
      WriteLn('Unhandled exception: ', E.ClassName, ': ', E.Message);
  end;

  WriteLn;
  {$IFDEF MSWINDOWS}
  WriteLn('Press Enter to exit...');
  ReadLn;
  {$ENDIF}
end.