![]() |
Chilkat HOME Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi DLL Go Java Node.js Objective-C PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(Tcl) Verify Opaque Signature and Retrieve Signing CertificatesDemonstrates how to verify a PCKS7 opaque digital signature (signed data), extract the original file/data, and then extract the certificate(s) that were used to sign.
load ./chilkat.dll # This example assumes the Chilkat API to have been previously unlocked. # See Global Unlock Sample for sample code. set crypt [new_CkCrypt2] # Verify a PKCS7 signed-data (opaque signature) file and extract the original content to a file. set success [CkCrypt2_VerifyP7M $crypt "qa_data/p7m/opaqueSig.p7" "qa_output/originalData.dat"] if {$success != 1} then { puts [CkCrypt2_lastErrorText $crypt] delete_CkCrypt2 $crypt exit } # Alternatively, we can do it in memory... set binData [new_CkBinData] set success [CkBinData_LoadFile $binData "qa_data/p7m/opaqueSig.p7"] # Your app should check for success, but we'll skip the check for brevity.. # If verified, the signature is unwrapped and binData is replaced with the original data that was signed. set success [CkCrypt2_OpaqueVerifyBd $crypt $binData] if {$success != 1} then { puts [CkCrypt2_lastErrorText $crypt] delete_CkCrypt2 $crypt delete_CkBinData $binData exit } # For our testing, we signed some text, so we can get it from the binData.. puts "Original Data:" puts [CkBinData_getString $binData utf-8] # After any method call that verifies a signature, the crypt object will contain the certificate(s) # that were used for signing (assuming the X.509 certs were available in the signature, which is typically the case). # Get the number of signing certificates, and get each.. set numCerts [CkCrypt2_get_NumSignerCerts $crypt] set i 0 while {$i < $numCerts} { # cert is a CkCert set cert [CkCrypt2_GetSignerCert $crypt $i] puts [CkCert_subjectDN $cert] delete_CkCert $cert set i [expr $i + 1] } # We could also get the complete certificate chain of each signer cert, # assuming the certs in the chain of authentication to the trusted root # are available on the system, or provided to Chilkat by some other means # (such as via the XmlCertVault class, the TrustedRoots class, etc.) set i 0 while {$i < $numCerts} { # certChain is a CkCertChain set certChain [CkCrypt2_GetSignerCertChain $crypt $i] # You can examine the various properties and methods for certChain in the online # reference documentation... delete_CkCertChain $certChain set i [expr $i + 1] } delete_CkCrypt2 $crypt delete_CkBinData $binData |
© 2000-2025 Chilkat Software, Inc. All Rights Reserved.