Sample code for 30+ languages & platforms
Pascal (Lazarus/Delphi)

RSASSA-PSS Sign String to Create Base64 PCKS7 Signature

See more Digital Signatures Examples

Signs a string to create a PKCS7 signature in the base64 encoding. The signature algorithm is RSASSA-PSS with SHA256.

Chilkat Pascal (Lazarus/Delphi) Downloads

Pascal (Lazarus/Delphi)
program ChilkatDemo;

// Demonstrates using the Chilkat Pascal wrapper via the C bridge DLL.
// Builds as a console application under Lazarus (FPC) or Delphi.

{$IFDEF FPC}
  {$MODE DELPHI}
{$ENDIF}
{$APPTYPE CONSOLE}

uses
  {$IFDEF UNIX}
  cthreads,
  {$ENDIF}
  SysUtils,
  CkDllLoader,
  Chilkat.Pfx,
  Chilkat.Cert,
  Chilkat.Crypt2;

// ---------------------------------------------------------------------------

procedure RunDemo;
var
  success: Boolean;
  crypt: TCrypt2;
  pfx: TPfx;
  cert: TCert;
  originalText: string;
  pkcs7sig: string;
  opaqueSig: string;
  origTxt: string;

begin
  success := False;

  //  This example requires the Chilkat API to have been previously unlocked.
  //  See Global Unlock Sample for sample code.

  crypt := TCrypt2.Create;

  //  Get a digital certificate with private key from a .pfx
  //  (Chilkat has many different ways to provide a cert + private key for siging.
  //  Using a PFX is just one possible option.)
  pfx := TPfx.Create;
  success := pfx.LoadPfxFile('qa_data/rsassa-pss/privatekey.pfx','PFX_PASSWORD');
  if (success = False) then
    begin
      WriteLn(pfx.LastErrorText);
      Exit;
    end;

  //  Get the certificate to be used for signing.
  //  (The typical case for a PFX is that it contains a cert with an associated private key,
  //  as well as other certificates in the chain of authentication.  The cert with the private
  //  key should be in the first position at index 0.)

  cert := TCert.Create;
  success := pfx.CertAt(0,cert);
  if (success = False) then
    begin
      WriteLn(pfx.LastErrorText);
      Exit;
    end;

  crypt.SetSigningCert(cert);

  //  Indicate that RSASSA-PSS with SHA256 should be used.
  crypt.SigningAlg := 'pss';
  crypt.HashAlgorithm := 'sha256';

  crypt.EncodingMode := 'base64';

  //  Sign a string and return the base64 PKCS7 detached signature
  originalText := 'This is a test';
  pkcs7sig := crypt.SignStringENC(originalText);
  WriteLn('Detached Signature:');
  WriteLn(pkcs7sig);

  //  This signature looks like this:
  //  MIIG5wYJKoZIhvcNAQcCoIIG2DCCBtQCAQExDzANBgl .. YToLqEwTdU87ox5g7rvw==

  //  The ASN.1 of the signature can be examined by browsing to https://lapo.it/asn1js/ ,
  //  then copy-and-paste the Base64 signature into the form and decode..

  //  The signature can be verified against the original data like this:
  success := crypt.VerifyStringENC(originalText,pkcs7sig);
  WriteLn('Signature verified: ' + success);
  success := crypt.VerifyStringENC('Not the original text',pkcs7sig);
  WriteLn('Signature verified: ' + success);

  //  Now we'll create an opaque signature (the opposite of a detached signature). 
  //  An opaque signature is a PKCS7 message that contains both the original data and
  //  the signature.  The verification process extracts the original data.
  opaqueSig := crypt.OpaqueSignStringENC(originalText);
  WriteLn('Opaque Signature:');
  WriteLn(opaqueSig);

  //  The ASN.1 of the signature can be examined by browsing to https://lapo.it/asn1js/ ,
  //  then copy-and-paste the Base64 signature into the form and decode..

  //  We can verify and extract the original data:
  origTxt := crypt.OpaqueVerifyStringENC(opaqueSig);
  if (crypt.LastMethodSuccess <> True) then
    begin
      WriteLn('Signature verification failed.');
      WriteLn(crypt.LastErrorText);
      Exit;
    end;

  WriteLn('Signature verified.');
  WriteLn('Extracted text:' + origTxt);


  crypt.Free;
  pfx.Free;
  cert.Free;

end;

// ---------------------------------------------------------------------------

begin

  try
    RunDemo;
  except
    on E: Exception do
      WriteLn('Unhandled exception: ', E.ClassName, ': ', E.Message);
  end;

  WriteLn;
  {$IFDEF MSWINDOWS}
  WriteLn('Press Enter to exit...');
  ReadLn;
  {$ENDIF}
end.