Sample code for 30+ languages & platforms
Tcl

Create XAdES using Smart Card or USB Token

See more XAdES Examples

Demonstrates how to create an XAdES signed XML document using a certificate located on a smartcard or USB token.

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# Load the XML to be signed.
set xmlToSign [new_CkXml]

set success [CkXml_LoadXmlFile $xmlToSign "qa_data/fattura_electronica/docToSign.xml"]
if {$success == 0} then {
    puts [CkXml_lastErrorText $xmlToSign]
    delete_CkXml $xmlToSign
    exit
}

set gen [new_CkXmlDSigGen]

CkXmlDSigGen_put_SigLocation $gen "p:FatturaElettronica"
CkXmlDSigGen_put_SigId $gen "xmldsig-6f4b994a-7191-4bb1-ab3c-17549515b504"
CkXmlDSigGen_put_SigNamespacePrefix $gen "ds"
CkXmlDSigGen_put_SigNamespaceUri $gen "http://www.w3.org/2000/09/xmldsig#"
CkXmlDSigGen_put_SigValueId $gen "xmldsig-6f4b994a-7191-4bb1-ab3c-17549515b504-sigvalue"
CkXmlDSigGen_put_SignedInfoCanonAlg $gen "C14N"
CkXmlDSigGen_put_SignedInfoDigestMethod $gen "sha256"

# Create an Object to be added to the Signature.
# Note: Chilkat will automatically populate the strings indicated by "TO BE GENERATED BY CHILKAT" with actual/correct values
# when the XML is signed.
set object1 [new_CkXml]

CkXml_put_Tag $object1 "xades:QualifyingProperties"
CkXml_AddAttribute $object1 "xmlns:xades" "http://uri.etsi.org/01903/v1.3.2#"
CkXml_AddAttribute $object1 "xmlns:xades141" "http://uri.etsi.org/01903/v1.4.1#"
CkXml_AddAttribute $object1 "Target" "#xmldsig-6f4b994a-7191-4bb1-ab3c-17549515b504"
CkXml_UpdateAttrAt $object1 "xades:SignedProperties" 1 "Id" "xmldsig-6f4b994a-7191-4bb1-ab3c-17549515b504-signedprops"
CkXml_UpdateChildContent $object1 "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningTime" "TO BE GENERATED BY CHILKAT"
CkXml_UpdateAttrAt $object1 "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestMethod" 1 "Algorithm" "http://www.w3.org/2001/04/xmlenc#sha256"
CkXml_UpdateChildContent $object1 "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestValue" "TO BE GENERATED BY CHILKAT"
CkXml_UpdateChildContent $object1 "xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:IssuerSerialV2" "TO BE GENERATED BY CHILKAT"

CkXmlDSigGen_AddObject $gen "" [CkXml_getXml $object1] "" ""

# -------- Reference 1 --------
CkXmlDSigGen_put_KeyInfoId $gen "xmldsig-6f4b994a-7191-4bb1-ab3c-17549515b504-keyinfo"
CkXmlDSigGen_AddSameDocRef $gen "xmldsig-6f4b994a-7191-4bb1-ab3c-17549515b504-keyinfo" "sha256" "" "" ""

# -------- Reference 2 --------
CkXmlDSigGen_AddSameDocRef $gen "" "sha256" "" "" ""
CkXmlDSigGen_SetRefIdAttr $gen "" "xmldsig-6f4b994a-7191-4bb1-ab3c-17549515b504-ref0"

# -------- Reference 3 --------
CkXmlDSigGen_AddObjectRef $gen "xmldsig-6f4b994a-7191-4bb1-ab3c-17549515b504-signedprops" "sha256" "" "" "http://uri.etsi.org/01903#SignedProperties"

# ----------------------------------------------------------------
#  Load a certificate that has been pre-installed on the Windows system
#  This includes certificates on smartcards and USB tokens
set cert [new_CkCert]

#  You may provide the PIN here..
CkCert_put_SmartCardPin $cert "000000"

# Load the certificate on the smartcard currently in the reader (or on the USB token).
# Pass an empty string to allow Chilkat to automatically choose the CSP (Cryptographi Service Provider).
# See Load Certificate on Smartcard for information about explicitly selecting a particular CSP.
set success [CkCert_LoadFromSmartcard $cert ""]
if {$success == 0} then {
    puts [CkCert_lastErrorText $cert]
    delete_CkXml $xmlToSign
    delete_CkXmlDSigGen $gen
    delete_CkXml $object1
    delete_CkCert $cert
    exit
}

CkXmlDSigGen_SetX509Cert $gen $cert 1
CkXmlDSigGen_put_KeyInfoType $gen "X509Data"
CkXmlDSigGen_put_X509Type $gen "Certificate"

# Load XML to be signed...
set sbXml [new_CkStringBuilder]

CkXml_GetXmlSb $xmlToSign $sbXml

CkXmlDSigGen_put_Behaviors $gen "IndentedSignature,ForceAddEnvelopedSignatureTransform"

# Sign the XML...
set success [CkXmlDSigGen_CreateXmlDSigSb $gen $sbXml]
if {$success == 0} then {
    puts [CkXmlDSigGen_lastErrorText $gen]
    delete_CkXml $xmlToSign
    delete_CkXmlDSigGen $gen
    delete_CkXml $object1
    delete_CkCert $cert
    delete_CkStringBuilder $sbXml
    exit
}

# Save the signed XMl to a file.
set success [CkStringBuilder_WriteFile $sbXml "qa_output/signedXml.xml" "utf-8" 0]

puts [CkStringBuilder_getAsString $sbXml]

# ----------------------------------------
# Verify the signature we just produced...
set verifier [new_CkXmlDSig]

set success [CkXmlDSig_LoadSignatureSb $verifier $sbXml]
if {$success == 0} then {
    puts [CkXmlDSig_lastErrorText $verifier]
    delete_CkXml $xmlToSign
    delete_CkXmlDSigGen $gen
    delete_CkXml $object1
    delete_CkCert $cert
    delete_CkStringBuilder $sbXml
    delete_CkXmlDSig $verifier
    exit
}

set verified [CkXmlDSig_VerifySignature $verifier 1]
if {$verified != 1} then {
    puts [CkXmlDSig_lastErrorText $verifier]
    delete_CkXml $xmlToSign
    delete_CkXmlDSigGen $gen
    delete_CkXml $object1
    delete_CkCert $cert
    delete_CkStringBuilder $sbXml
    delete_CkXmlDSig $verifier
    exit
}

puts "This signature was successfully verified."

delete_CkXml $xmlToSign
delete_CkXmlDSigGen $gen
delete_CkXml $object1
delete_CkCert $cert
delete_CkStringBuilder $sbXml
delete_CkXmlDSig $verifier