SQL Server
An enveloping signature is where the signed data is contained within the Signature within an Object element.
This example signs non-XML text data where the XML signature constitutes the entire output.
SQL Server
Create Enveloping XML Digital Signature
See more XML Digital Signatures Examples
This example creates an enveloping digital signature.An enveloping signature is where the signed data is contained within the Signature within an Object element.
This example signs non-XML text data where the XML signature constitutes the entire output.
Chilkat SQL Server Downloads
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
DECLARE @hr int
-- Important: Do not use nvarchar(max). See the warning about using nvarchar(max).
DECLARE @sTmp0 nvarchar(4000)
DECLARE @success int
SELECT @success = 0
-- This example requires the Chilkat API to have been previously unlocked.
-- See Global Unlock Sample for sample code.
-- Let's use the ECDSA private key at https://www.chilkatsoft.com/exampleData/secp256r1-key.zip
-- for signing.
DECLARE @http int
EXEC @hr = sp_OACreate 'Chilkat.Http', @http OUT
IF @hr <> 0
BEGIN
PRINT 'Failed to create ActiveX component'
RETURN
END
DECLARE @zipFile int
EXEC @hr = sp_OACreate 'Chilkat.BinData', @zipFile OUT
DECLARE @keyUrl nvarchar(4000)
SELECT @keyUrl = 'https://www.chilkatsoft.com/exampleData/secp256r1-key.zip'
EXEC sp_OAMethod @http, 'QuickGetBd', @success OUT, @keyUrl, @zipFile
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @http, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @http
EXEC @hr = sp_OADestroy @zipFile
RETURN
END
DECLARE @zip int
EXEC @hr = sp_OACreate 'Chilkat.Zip', @zip OUT
EXEC sp_OAMethod @zip, 'OpenBd', @success OUT, @zipFile
DECLARE @entry int
EXEC @hr = sp_OACreate 'Chilkat.ZipEntry', @entry OUT
EXEC sp_OAMethod @zip, 'EntryMatching', @success OUT, '*.pem', @entry
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @zip, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @http
EXEC @hr = sp_OADestroy @zipFile
EXEC @hr = sp_OADestroy @zip
EXEC @hr = sp_OADestroy @entry
RETURN
END
DECLARE @ecKey int
EXEC @hr = sp_OACreate 'Chilkat.PrivateKey', @ecKey OUT
EXEC sp_OAMethod @entry, 'UnzipToString', @sTmp0 OUT, 0, 'utf-8'
EXEC sp_OAMethod @ecKey, 'LoadPem', @success OUT, @sTmp0
IF @success <> 1
BEGIN
EXEC sp_OAGetProperty @ecKey, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @http
EXEC @hr = sp_OADestroy @zipFile
EXEC @hr = sp_OADestroy @zip
EXEC @hr = sp_OADestroy @entry
EXEC @hr = sp_OADestroy @ecKey
RETURN
END
-- ----------------------------------------------------------------------------
DECLARE @gen int
EXEC @hr = sp_OACreate 'Chilkat.XmlDSigGen', @gen OUT
-- Provide the ECDSA key to the XML Digital Signature generator
EXEC sp_OAMethod @gen, 'SetPrivateKey', @success OUT, @ecKey
-- Add an enveloped reference to the content to be signed.
DECLARE @sbContent int
EXEC @hr = sp_OACreate 'Chilkat.StringBuilder', @sbContent OUT
EXEC sp_OAMethod @sbContent, 'Append', @success OUT, 'This is the content that is signed.'
EXEC sp_OAMethod @gen, 'AddEnvelopedRef', @success OUT, 'abc123', @sbContent, 'sha256', 'C14N', ''
-- Generate the XML digital signature.
-- Notice that in other examples, the sbXml passed to CreateXmlDSigSb
-- already contains XML, and the XML signature is inserted at the location
-- specified by the SigLocation property. In this case, both SigLocation
-- and sbXml are empty. The result is that sbXml will contain just the Signature.
DECLARE @sbXml int
EXEC @hr = sp_OACreate 'Chilkat.StringBuilder', @sbXml OUT
EXEC sp_OAMethod @gen, 'CreateXmlDSigSb', @success OUT, @sbXml
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @gen, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @http
EXEC @hr = sp_OADestroy @zipFile
EXEC @hr = sp_OADestroy @zip
EXEC @hr = sp_OADestroy @entry
EXEC @hr = sp_OADestroy @ecKey
EXEC @hr = sp_OADestroy @gen
EXEC @hr = sp_OADestroy @sbContent
EXEC @hr = sp_OADestroy @sbXml
RETURN
END
-- Examine the enveloped signature, where the data is contained within the XML Signature
EXEC sp_OAMethod @sbXml, 'GetAsString', @sTmp0 OUT
PRINT @sTmp0
-- The Signature returned is compact and in a single line, like this:
-- <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/><ds:Reference URI="#abc123"><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>tEVrbXXjeTXjF3tIojul4/sgeEGN49E1dxr/GMs8GNE=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>/pILUshwrzgdGc4bPgp85TDfbUiM9pn8EIPNRVWKuoVEtPsv4XRthUrv9aDDvajmyl2okLwTakANgtaxO1ULMw==</ds:SignatureValue><ds:KeyInfo><ds:KeyValue><ds:ECKeyValue xmlns="http://www.w3.org/2009/xmldsig11#"><ds:NamedCurve URI="urn:oid:1.2.840.10045.3.1.7" /><ds:PublicKey>BOVKaiLPKEDChhkA64UEBOXTv/VFHnhrUPN+bXqCvEl7rroAYpH5tKzbiGTtMSlp4JO9Pxg44zeX7EoWDvOrpD0=</ds:PublicKey></ds:ECKeyValue></ds:KeyValue></ds:KeyInfo><ds:Object Id="abc123">This is the content that is signed.</ds:Object></ds:Signature>
-- XML pretty-printed, the signature is as follows, but pretty-printing introductes whitespace that breaks the signature..
-- <?xml version="1.0" encoding="utf-8" ?>
-- <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-- <ds:SignedInfo>
-- <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
-- <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256" />
-- <ds:Reference URI="#abc123">
-- <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
-- <ds:DigestValue>tEVrbXXjeTXjF3tIojul4/sgeEGN49E1dxr/GMs8GNE=</ds:DigestValue>
-- </ds:Reference>
-- </ds:SignedInfo>
-- <ds:SignatureValue>/pILUshwrzgdGc4bPgp85TDfbUiM9pn8EIPNRVWKuoVEtPsv4XRthUrv9aDDvajmyl2okLwTakANgtaxO1ULMw==</ds:SignatureValue>
-- <ds:KeyInfo>
-- <ds:KeyValue>
-- <ds:ECKeyValue xmlns="http://www.w3.org/2009/xmldsig11#">
-- <ds:NamedCurve URI="urn:oid:1.2.840.10045.3.1.7" />
-- <ds:PublicKey>BOVKaiLPKEDChhkA64UEBOXTv/VFHnhrUPN+bXqCvEl7rroAYpH5tKzbiGTtMSlp4JO9Pxg44zeX7EoWDvOrpD0=</ds:PublicKey>
-- </ds:ECKeyValue>
-- </ds:KeyValue>
-- </ds:KeyInfo>
-- <ds:Object Id="abc123">This is the content that is signed.</ds:Object>
-- </ds:Signature>
--
EXEC @hr = sp_OADestroy @http
EXEC @hr = sp_OADestroy @zipFile
EXEC @hr = sp_OADestroy @zip
EXEC @hr = sp_OADestroy @entry
EXEC @hr = sp_OADestroy @ecKey
EXEC @hr = sp_OADestroy @gen
EXEC @hr = sp_OADestroy @sbContent
EXEC @hr = sp_OADestroy @sbXml
END
GO