Sample code for 30+ languages & platforms
Tcl

Sign String to create a CAdES-T Signature

See more CAdES Examples

This example will sign a string to create a CAdEST-T signature.

Note: This example requires Chilkat v9.5.0.78 or greater.

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

set crypt [new_CkCrypt2]

# This example will use the certificate + private key currently inserted into a smartcard reader.
set cert [new_CkCert]

# If we wish to provide the smartcard PIN (otherwise the user will be prompted by the operating system).
CkCert_put_SmartCardPin $cert "000000"
set success [CkCert_LoadFromSmartcard $cert ""]
if {$success != 1} then {
    puts [CkCert_lastErrorText $cert]
    delete_CkCrypt2 $crypt
    delete_CkCert $cert
    exit
}

# Note: It is also possible to use certs from .pfx/.p12, .pem, or other sources such as 
# pre-installed Windows certificates.

set success [CkCrypt2_SetSigningCert $crypt $cert]

# Use SHA-256 rather than the default of SHA-1
CkCrypt2_put_HashAlgorithm $crypt "sha256"

# Create JSON that tells Chilkat what signing attributes to include:
set attrs [new_CkJsonObject]

CkJsonObject_UpdateBool $attrs "contentType" 1
CkJsonObject_UpdateBool $attrs "signingTime" 1
CkJsonObject_UpdateBool $attrs "messageDigest" 1
CkJsonObject_UpdateBool $attrs "signingCertificateV2" 1

# A CAdES-T signature is one that includes a timestampToken created by an online TSA (time stamping authority).
# We must include the TSA's URL, as well as a few options to indicate what is desired.
# Except for the TSA URL, the options shown here are typically what you would need.
CkJsonObject_UpdateBool $attrs "timestampToken.enabled" 1
CkJsonObject_UpdateString $attrs "timestampToken.tsaUrl" "https://freetsa.org/tsr"
CkJsonObject_UpdateBool $attrs "timestampToken.addNonce" 0
CkJsonObject_UpdateBool $attrs "timestampToken.requestTsaCert" 1
CkJsonObject_UpdateString $attrs "timestampToken.hashAlg" "sha256"

CkCrypt2_put_SigningAttributes $crypt [CkJsonObject_emit $attrs]

set strToSign "THIS IS MY ID"

set bd [new_CkBinData]

CkBinData_AppendString $bd $strToSign "utf-8"

# This creates the CAdES-T signature.  During the signature creation, it
# communicates with the TSA to get a timestampToken.
# The contents of bd are signed and replaced with the CAdES-T signature (which embeds the original content).
set success [CkCrypt2_OpaqueSignBd $crypt $bd]
if {$success != 1} then {
    puts [CkCrypt2_lastErrorText $crypt]
    delete_CkCrypt2 $crypt
    delete_CkCert $cert
    delete_CkJsonObject $attrs
    delete_CkBinData $bd
    exit
}

# Get the signature in base64 format:
puts [CkBinData_getEncoded $bd base64_mime]

# Or save the signature to a file.
CkBinData_WriteFile $bd "qa_output/cades-t_sample.p7m"

puts "Success."

delete_CkCrypt2 $crypt
delete_CkCert $cert
delete_CkJsonObject $attrs
delete_CkBinData $bd