Tcl
Tcl
Sign String to create a CAdES-T Signature
See more CAdES Examples
This example will sign a string to create a CAdEST-T signature.Note: This example requires Chilkat v9.5.0.78 or greater.
Chilkat Tcl Downloads
load ./chilkat.dll
set success 0
# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
set crypt [new_CkCrypt2]
# This example will use the certificate + private key currently inserted into a smartcard reader.
set cert [new_CkCert]
# If we wish to provide the smartcard PIN (otherwise the user will be prompted by the operating system).
CkCert_put_SmartCardPin $cert "000000"
set success [CkCert_LoadFromSmartcard $cert ""]
if {$success != 1} then {
puts [CkCert_lastErrorText $cert]
delete_CkCrypt2 $crypt
delete_CkCert $cert
exit
}
# Note: It is also possible to use certs from .pfx/.p12, .pem, or other sources such as
# pre-installed Windows certificates.
set success [CkCrypt2_SetSigningCert $crypt $cert]
# Use SHA-256 rather than the default of SHA-1
CkCrypt2_put_HashAlgorithm $crypt "sha256"
# Create JSON that tells Chilkat what signing attributes to include:
set attrs [new_CkJsonObject]
CkJsonObject_UpdateBool $attrs "contentType" 1
CkJsonObject_UpdateBool $attrs "signingTime" 1
CkJsonObject_UpdateBool $attrs "messageDigest" 1
CkJsonObject_UpdateBool $attrs "signingCertificateV2" 1
# A CAdES-T signature is one that includes a timestampToken created by an online TSA (time stamping authority).
# We must include the TSA's URL, as well as a few options to indicate what is desired.
# Except for the TSA URL, the options shown here are typically what you would need.
CkJsonObject_UpdateBool $attrs "timestampToken.enabled" 1
CkJsonObject_UpdateString $attrs "timestampToken.tsaUrl" "https://freetsa.org/tsr"
CkJsonObject_UpdateBool $attrs "timestampToken.addNonce" 0
CkJsonObject_UpdateBool $attrs "timestampToken.requestTsaCert" 1
CkJsonObject_UpdateString $attrs "timestampToken.hashAlg" "sha256"
CkCrypt2_put_SigningAttributes $crypt [CkJsonObject_emit $attrs]
set strToSign "THIS IS MY ID"
set bd [new_CkBinData]
CkBinData_AppendString $bd $strToSign "utf-8"
# This creates the CAdES-T signature. During the signature creation, it
# communicates with the TSA to get a timestampToken.
# The contents of bd are signed and replaced with the CAdES-T signature (which embeds the original content).
set success [CkCrypt2_OpaqueSignBd $crypt $bd]
if {$success != 1} then {
puts [CkCrypt2_lastErrorText $crypt]
delete_CkCrypt2 $crypt
delete_CkCert $cert
delete_CkJsonObject $attrs
delete_CkBinData $bd
exit
}
# Get the signature in base64 format:
puts [CkBinData_getEncoded $bd base64_mime]
# Or save the signature to a file.
CkBinData_WriteFile $bd "qa_output/cades-t_sample.p7m"
puts "Success."
delete_CkCrypt2 $crypt
delete_CkCert $cert
delete_CkJsonObject $attrs
delete_CkBinData $bd