Sample code for 30+ languages & platforms
Unicode C++

Sign String to create a CAdES-T Signature, using HTTP Proxy to Access Timestamp Server

This example will sign a string to create a CAdEST-T signature. It will use an HTTP proxy to access the timestamp server.

Chilkat Unicode C++ Downloads

Unicode C++
#include <CkCrypt2W.h>
#include <CkCertW.h>
#include <CkJsonObjectW.h>
#include <CkBinDataW.h>
#include <CkHttpW.h>

void ChilkatSample(void)
    {
    bool success = false;

    CkCrypt2W crypt;

    CkCertW cert;
    cert.put_SmartCardPin(L"123456");
    success = cert.LoadFromSmartcard(L"");
    if (success != true) {
        wprintf(L"%s\n",cert.lastErrorText());
        return;
    }

    success = crypt.SetSigningCert(cert);

    //  Use SHA-256 rather than the default of SHA-1
    crypt.put_HashAlgorithm(L"sha256");

    //  Create JSON that tells Chilkat what signing attributes to include:
    CkJsonObjectW attrs;
    attrs.UpdateBool(L"contentType",true);
    attrs.UpdateBool(L"signingTime",true);
    attrs.UpdateBool(L"messageDigest",true);
    attrs.UpdateBool(L"signingCertificateV2",true);

    //  A CAdES-T signature is one that includes a timestampToken created by an online TSA (time stamping authority).
    //  We must include the TSA's URL, as well as a few options to indicate what is desired.
    //  Except for the TSA URL, the options shown here are typically what you would need.
    attrs.UpdateBool(L"timestampToken.enabled",true);
    attrs.UpdateString(L"timestampToken.tsaUrl",L"https://freetsa.org/tsr");
    attrs.UpdateBool(L"timestampToken.addNonce",false);
    attrs.UpdateBool(L"timestampToken.requestTsaCert",true);
    attrs.UpdateString(L"timestampToken.hashAlg",L"sha256");

    crypt.put_SigningAttributes(attrs.emit());

    const wchar_t *strToSign = L"Hello World!";

    CkBinDataW bd;
    bd.AppendString(strToSign,L"utf-8");

    //  -------------------------------------------------------------------------
    //  The purpose of this example is to show how an HTTP object with custom
    //  settings can be used to access the Internet when signing.
    //  Access to the Internet is needed to communicate with the timestamp server.
    CkHttpW http;
    //  This can be a domain name, hostname, or IP address.
    http.put_ProxyDomain(L"172.16.16.56");
    http.put_ProxyPort(808);
    http.put_ProxyLogin(L"myProxyLogin");
    http.put_ProxyPassword(L"myProxyPassword");
    crypt.SetTsaHttpObj(http);
    //  -------------------------------------------------------------------------

    //  This creates the CAdES-T signature.  During the signature creation, it
    //  communicates with the TSA to get a timestampToken.
    //  The contents of bd are signed and replaced with the CAdES-T signature (which embeds the original content).
    success = crypt.OpaqueSignBd(bd);
    if (success != true) {
        wprintf(L"%s\n",crypt.lastErrorText());
        return;
    }

    //  Get the signature in base64 format:
    wprintf(L"%s\n",bd.getEncoded(L"base64_mime"));

    wprintf(L"Success.\n");
    }