XmlDSigGen Tcl Reference Documentation

XmlDSigGen

An API for generating/creating XML Digital Signatures. Use the XmlDSig class for verifying XML Digital Signatures.

Object Creation

set myXmlDSigGen [new CkXmlDSigGen]

Properties

Behaviors (string)

# ckStr is a CkString
CkXmlDSigGen_get_Behaviors $myXmlDSigGen $ckStr
set strVal [CkXmlDSigGen_get_behaviors $myXmlDSigGen]
CkXmlDSigGen_put_Behaviors $myXmlDSigGen $strVal

Introduced in version 9.5.0.70

A comma-separated list of keywords to specify special behaviors to work around potential oddities or special requirements needed for providing signatures to particular systems. This is an open-ended property where new behaviors can be implemented depending on the needs encountered by Chilkat customers. The possible behaviors are listed below. (At this time, there is only one special behavior.)

  • ForceAddEnvelopedSignatureTransform The "<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> " is normally only added when the Signature is contained within the XML fragment that is signed. The meaning of this tranformation is to tell the verifier to remove the Signature from the data prior to canonicalizing. If the Signature is not contained within the XML fragment that was signed, then the signature was not enveloped. There would be no need to remove the Signature because the Signature is not contained in the XML fragment being verified. However.. some brain-dead verifiying systems require this Transform to be present regardless of whether it makes sense. This behavior will cause Chilkat to add the Transform regardless.

CustomKeyInfoXml (string)

# ckStr is a CkString
CkXmlDSigGen_get_CustomKeyInfoXml $myXmlDSigGen $ckStr
set strVal [CkXmlDSigGen_get_customKeyInfoXml $myXmlDSigGen]
CkXmlDSigGen_put_CustomKeyInfoXml $myXmlDSigGen $strVal

Introduced in version 9.5.0.69

Specifies custom XML to be inserted in the KeyInfo element of the Signature. A common use is to provide a wsse:SecurityTokenReference fragment of XML.

Sign SOAP XML using a wsse:SecurityTokenReference

DebugLogFilePath (string)

# ckStr is a CkString
CkXmlDSigGen_get_DebugLogFilePath $myXmlDSigGen $ckStr
set strVal [CkXmlDSigGen_get_debugLogFilePath $myXmlDSigGen]
CkXmlDSigGen_put_DebugLogFilePath $myXmlDSigGen $strVal

If set to a file path, causes each Chilkat method or property call to automatically append it's LastErrorText to the specified log file. The information is appended such that if a hang or crash occurs, it is possible to see the context in which the problem occurred, as well as a history of all Chilkat calls up to the point of the problem. The VerboseLogging property can be set to provide more detailed information.

This property is typically used for debugging the rare cases where a Chilkat method call hangs or generates an exception that halts program execution (i.e. crashes). A hang or crash should generally never happen. The typical causes of a hang are:

  1. a timeout related property was set to 0 to explicitly indicate that an infinite timeout is desired,
  2. the hang is actually a hang within an event callback (i.e. it is a hang within the application code), or
  3. there is an internal problem (bug) in the Chilkat code that causes the hang.

IncNamespacePrefix (string)

# ckStr is a CkString
CkXmlDSigGen_get_IncNamespacePrefix $myXmlDSigGen $ckStr
set strVal [CkXmlDSigGen_get_incNamespacePrefix $myXmlDSigGen]
CkXmlDSigGen_put_IncNamespacePrefix $myXmlDSigGen $strVal

Introduced in version 9.5.0.70

The namespace prefix to use for InclusiveNamespaces elements. The default value is "ec". Set this property to the empty string to omit an InclusiveNamespaces prefix. For example, given the default values of IncNamespaceUri and IncNamespacePrefix, generated InclusiveNamespaces elements will appear like this:

<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"> ... </ec:InclusiveNamespaces>

IncNamespaceUri (string)

# ckStr is a CkString
CkXmlDSigGen_get_IncNamespaceUri $myXmlDSigGen $ckStr
set strVal [CkXmlDSigGen_get_incNamespaceUri $myXmlDSigGen]
CkXmlDSigGen_put_IncNamespaceUri $myXmlDSigGen $strVal

Introduced in version 9.5.0.70

The namespace URI for any InclusiveNamespaces elements that are created. The default value is "http://www.w3.org/2001/10/xml-exc-c14n#". For example, if the IncNamespacePrefix equals "ec" and this property remains at the default value, then the generated Signature element will be:

<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"> ... </ec:InclusiveNamespaces>

KeyInfoKeyName (string)

# ckStr is a CkString
CkXmlDSigGen_get_KeyInfoKeyName $myXmlDSigGen $ckStr
set strVal [CkXmlDSigGen_get_keyInfoKeyName $myXmlDSigGen]
CkXmlDSigGen_put_KeyInfoKeyName $myXmlDSigGen $strVal

Introduced in version 9.5.0.69

Specifies the KeyName to be inserted in the KeyInfo element of the Signature if the KeyInfoType equals "KeyName".

Create XML Digital Signature having KeyName

KeyInfoType (string)

# ckStr is a CkString
CkXmlDSigGen_get_KeyInfoType $myXmlDSigGen $ckStr
set strVal [CkXmlDSigGen_get_keyInfoType $myXmlDSigGen]
CkXmlDSigGen_put_KeyInfoType $myXmlDSigGen $strVal

Introduced in version 9.5.0.69

Specifies the type of information that will be included in the optional KeyInfo element of the Signature. Possible values are:

  • None
  • KeyName
  • KeyValue
  • X509Data
  • Custom

The default value is "KeyValue".

If None, then no KeyInfo element is added to the Signature when generated.

If KeyValue, then the KeyInfo will contain the public key (RSA, DSA, or ECDSA).

If X509Data, then the KeyInfo will contain information about an X.509 certificate as specified by the X509Type property.

If Custom, then the KeyInfo will contain the custom XML contained in the CustomKeyInfoXml property.

Create XML Digital Signature having KeyName

Sign SOAP XML using a wsse:SecurityTokenReference

Create XML Signature with KeyInfo / X509Data / X509Certificate

Create XML Signature with KeyInfo / X509Data / X509SKI

LastErrorHtml (string)

# ckStr is a CkString
CkXmlDSigGen_get_LastErrorHtml $myXmlDSigGen $ckStr
set strVal [CkXmlDSigGen_get_lastErrorHtml $myXmlDSigGen]

Provides information in HTML format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.

LastErrorText (string)

# ckStr is a CkString
CkXmlDSigGen_get_LastErrorText $myXmlDSigGen $ckStr
set strVal [CkXmlDSigGen_get_lastErrorText $myXmlDSigGen]

Provides information in plain-text format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.

Concept of LastErrorText

LastErrorText Standard Information

LastErrorXml (string)

# ckStr is a CkString
CkXmlDSigGen_get_LastErrorXml $myXmlDSigGen $ckStr
set strVal [CkXmlDSigGen_get_lastErrorXml $myXmlDSigGen]

Provides information in XML format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.

LastMethodSuccess (boolean 1/0)

set boolVal [CkXmlDSigGen_get_LastMethodSuccess $myXmlDSigGen]
CkXmlDSigGen_put_LastMethodSuccess $myXmlDSigGen $boolVal

Introduced in version 9.5.0.52

Indicate whether the last method call succeeded or failed. A value of 1 indicates success, a value of 0 indicates failure. This property is automatically set for method calls. It is not modified by property accesses. The property is automatically set to indicate success for the following types of method calls:

  • Any method that returns a string.
  • Any method returning a Chilkat object, binary bytes, or a date/time.
  • Any method returning a standard boolean status value where success = 1 and failure = 0.
  • Any method returning an integer where failure is defined by a return value less than zero.

Note: Methods that do not fit the above requirements will always set this property equal to 1. For example, a method that returns no value (such as a "void" in C++) will technically always succeed.

SigId (string)

# ckStr is a CkString
CkXmlDSigGen_get_SigId $myXmlDSigGen $ckStr
set strVal [CkXmlDSigGen_get_sigId $myXmlDSigGen]
CkXmlDSigGen_put_SigId $myXmlDSigGen $strVal

Introduced in version 9.5.0.69

An option Id attribute value for the Signature element. The default value is the empty string, which generates a Signature element with no Id attribute. For example:

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
If this property is set to "abc123", then the Signature element would be generated like this:
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="abc123">

SigLocation (string)

# ckStr is a CkString
CkXmlDSigGen_get_SigLocation $myXmlDSigGen $ckStr
set strVal [CkXmlDSigGen_get_sigLocation $myXmlDSigGen]
CkXmlDSigGen_put_SigLocation $myXmlDSigGen $strVal

Introduced in version 9.5.0.69

Indicates where the Signature is to be located within the XML that is signed. This is a path to the position in the XML where the Signature will be inserted, using Chilkat path syntax (using vertical bar characters to delimit tag names. If the Signature element is to be the root of XML document, then set this property equal to the empty string.

For example, if we have the following SOAP XML and wish to insert the Signature at the indicated location, then the SigLocation property should be set to "SOAP-ENV:Envelope|SOAP-ENV:Header|wsse:Security".

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
    <SOAP-ENV:Header>
	<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" SOAP-ENV:mustUnderstand="1">
		** The XML Signature is to be inserted here **
	</wsse:Security>
    </SOAP-ENV:Header>
...
</SOAP-ENV:Envelope>

SigNamespacePrefix (string)

# ckStr is a CkString
CkXmlDSigGen_get_SigNamespacePrefix $myXmlDSigGen $ckStr
set strVal [CkXmlDSigGen_get_sigNamespacePrefix $myXmlDSigGen]
CkXmlDSigGen_put_SigNamespacePrefix $myXmlDSigGen $strVal

Introduced in version 9.5.0.69

The namespace prefix of the Signature that is to be created. The default value is "ds". Set this property to the empty string to omit a Signature namespace URI and prefix. For example, given the default values of SigNamespaceUri and SigNamespacePrefix, the generated Signature element will be:

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> ... </ds:Signature>

SigNamespaceUri (string)

# ckStr is a CkString
CkXmlDSigGen_get_SigNamespaceUri $myXmlDSigGen $ckStr
set strVal [CkXmlDSigGen_get_sigNamespaceUri $myXmlDSigGen]
CkXmlDSigGen_put_SigNamespaceUri $myXmlDSigGen $strVal

Introduced in version 9.5.0.69

The namespace URI of the Signature that is to be created. The default value is "http://www.w3.org/2000/09/xmldsig#". For example, if the SigNamespacePrefix equals "ds" and this property remains at the default value, then the generated Signature element will be:

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> ... </ds:Signature>

SignedInfoCanonAlg (string)

# ckStr is a CkString
CkXmlDSigGen_get_SignedInfoCanonAlg $myXmlDSigGen $ckStr
set strVal [CkXmlDSigGen_get_signedInfoCanonAlg $myXmlDSigGen]
CkXmlDSigGen_put_SignedInfoCanonAlg $myXmlDSigGen $strVal

Introduced in version 9.5.0.69

The canonicalization method to be used for the SignedInfo when creating the XML signature.

  • "C14N" -- for Inclusive Canonical XML 1.0 (without comments)
  • "C14N_11" -- for Inclusive Canonical XML 1.1 (without comments)
  • "EXCL_C14N" -- for Exclusive Canonical XML (without comments)

The default value is "EXCL_C14N".

SignedInfoDigestMethod (string)

# ckStr is a CkString
CkXmlDSigGen_get_SignedInfoDigestMethod $myXmlDSigGen $ckStr
set strVal [CkXmlDSigGen_get_signedInfoDigestMethod $myXmlDSigGen]
CkXmlDSigGen_put_SignedInfoDigestMethod $myXmlDSigGen $strVal

Introduced in version 9.5.0.69

The digest method to be used for signing the SignedInfo part of the Signature. Possible values are "sha1", "sha256", "sha384", and "sha512". The default is "sha256".

SignedInfoPrefixList (string)

# ckStr is a CkString
CkXmlDSigGen_get_SignedInfoPrefixList $myXmlDSigGen $ckStr
set strVal [CkXmlDSigGen_get_signedInfoPrefixList $myXmlDSigGen]
CkXmlDSigGen_put_SignedInfoPrefixList $myXmlDSigGen $strVal

Introduced in version 9.5.0.69

The inclusive namespace prefix list to be added, if any, when the SignedInfoCanonAlg is equal to "EXCL_C14N". The defautl value is the empty string. If namespaces are listed, they are separated by space characters.

If, for example, this property is set to "wsse SOAP-ENV", then the CanonicalizationMethod part of the SignedInfo that is generated would look like this:

<ds:SignedInfo>
    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
      <InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse SOAP-ENV" />
    </ds:CanonicalizationMethod>
...
</ds:SignedInfo>

Sign SOAP XML using a wsse:SecurityTokenReference

SigningAlg (string)

# ckStr is a CkString
CkXmlDSigGen_get_SigningAlg $myXmlDSigGen $ckStr
set strVal [CkXmlDSigGen_get_signingAlg $myXmlDSigGen]
CkXmlDSigGen_put_SigningAlg $myXmlDSigGen $strVal

Introduced in version 9.5.0.69

Selects the signature algorithm to be used when using an RSA key to sign. The default value is "PKCS1-v1_5". This can be set to "RSASSA-PSS" (or simply "pss") to use the RSASSA-PSS signature scheme.

Note: This property only applies when signing with an RSA private key. It does not apply for ECC or DSA private keys.

Utf8 (boolean 1/0)

set boolVal [CkXmlDSigGen_get_Utf8 $myXmlDSigGen]
CkXmlDSigGen_put_Utf8 $myXmlDSigGen $boolVal

When set to 1, all "const char *" arguments are interpreted as utf-8 strings. If set to 0 (the default), then "const char *" arguments are interpreted as ANSI strings. Also, when set to 1, and Chilkat method returning a "const char *" is returning the utf-8 representation. If set to 0, all "const char *" return values are ANSI strings.

VerboseLogging (boolean 1/0)

set boolVal [CkXmlDSigGen_get_VerboseLogging $myXmlDSigGen]
CkXmlDSigGen_put_VerboseLogging $myXmlDSigGen $boolVal

If set to 1, then the contents of LastErrorText (or LastErrorXml, or LastErrorHtml) may contain more verbose information. The default value is 0. Verbose logging should only be used for debugging. The potentially large quantity of logged information may adversely affect peformance.

Version (string)

# ckStr is a CkString
CkXmlDSigGen_get_Version $myXmlDSigGen $ckStr
set strVal [CkXmlDSigGen_get_version $myXmlDSigGen]

Version of the component/library, such as "9.5.0.63"

X509Type (string)

# ckStr is a CkString
CkXmlDSigGen_get_X509Type $myXmlDSigGen $ckStr
set strVal [CkXmlDSigGen_get_x509Type $myXmlDSigGen]
CkXmlDSigGen_put_X509Type $myXmlDSigGen $strVal

Introduced in version 9.5.0.69

Specifies the kind of X.509 certificate information is provided in the KeyInfo element when the KeyInfoType equals "X509Data". Possible values are:

  • Certificate
  • CertChain
  • IssuerSerial
  • SubjectName
  • SKI

The default value is "Certificate".

If Certificate, then the KeyInfo will contain the base64 encoded X.509v3 certificate.

If CertChain, then the KeyInfo will contain the base64 encoded X.509v3 certificate as well as any certificates available in the chain of authentication to the root cert.

If IssuerSerial, then the KeyInfo will contain the X.509 issuer's distinguished name and the signing certificate's serial number.

If SubjectName, then the KeyInfo will contain the X.509 subject distinguished name.

If SKI, then the KeyInfo will contain the base64 encoded value of the cert's X.509 SubjectKeyIdentifier extension.

Create XML Signature with KeyInfo / X509Data / X509Certificate

Create XML Signature with KeyInfo / X509Data / X509SKI

Methods

# id is a string
# content is a CkStringBuilder
# digestMethod is a string
# canonMethod is a string
# refType is a string
set status [CkXmlDSigGen_AddEnvelopedRef $id $content $digestMethod $canonMethod $refType]

Introduced in version 9.5.0.69

Specifies an enveloped Reference to be added to the Signature when generated. An enveloped Reference is for data contained within the Signature. (The Signature is to be an enveloping signature, and the data is enveloped by the Signature.)

The id is the value of the Id attribute of the Object element that is to be contained within the generated Signature. The content is the text content to be contained in the Object. Binary data can be signed by passing the bytes in content in an encoded format (such as base64 or hex).

The digestMethod is the digest method and can be one of the following: "sha1", "sha256", "sha384", "sha512", "ripemd160", or "md5".

The canonMethod is the canonicalization method, and can be one of the following:

  • "C14N" -- for Inclusive Canonical XML (without comments)
  • "C14N_11" -- for Inclusive Canonical XML 1.1 (without comments)
  • "EXCL_C14N" -- for Exclusive Canonical XML (without comments)

The refType is optional and is usually not needed. Set this to the empty string unless it is desired to add a Type attribute to the Reference that is advisory only.

Returns 1 for success, 0 for failure.

Create Enveloping XML Digital Signature

Create Enveloping XML Signature with Multiple References

# uri is a string
# content is a CkBinData
# digestMethod is a string
# refType is a string
set status [CkXmlDSigGen_AddExternalBinaryRef $uri $content $digestMethod $refType]

Introduced in version 9.5.0.69

Specifies an external non-XML binary data Reference to be added to the Signature when generated.

The uri is the value of the URI attribute of the Reference.

The content contains the binary data to be digested according to the digestMethod.

The digestMethod is the digest method and can be one of the following: "sha1", "sha256", "sha384", "sha512", "ripemd160", or "md5".

The refType is optional and is usually not needed. Set this to the empty string unless it is desired to add a Type attribute to the Reference that is advisory only.

Returns 1 for success, 0 for failure.

Create XML Signature with External Data Reference

# uri is a string
# localFilePath is a string
# digestMethod is a string
# refType is a string
set status [CkXmlDSigGen_AddExternalFileRef $uri $localFilePath $digestMethod $refType]

Introduced in version 9.5.0.69

Specifies an external file Reference to be added to the Signature when generated.

The uri is the value of the URI attribute of the Reference. It can (and likely will) be different than the localFilePath which is the path to the local file to be added. (The local file is not read until the XML digital signature is actually created.)

The digestMethod is the digest method and can be one of the following: "sha1", "sha256", "sha384", "sha512", "ripemd160", or "md5".

The refType is optional and is usually not needed. Set this to the empty string unless it is desired to add a Type attribute to the Reference that is advisory only.

Returns 1 for success, 0 for failure.

# uri is a string
# content is a CkStringBuilder
# charset is a string
# includeBom is a boolean
# digestMethod is a string
# refType is a string
set status [CkXmlDSigGen_AddExternalTextRef $uri $content $charset $includeBom $digestMethod $refType]

Introduced in version 9.5.0.69

Specifies an external non-XML text data Reference to be added to the Signature when generated.

The uri is the value of the URI attribute of the Reference.

The content contains the non-XML data to be digested according to the charset. The charset specifies the charset (such as "utf-8", "windows-1252", etc.) for the byte reprsentation of the text to be digested. The includeBom indicates whether the BOM (Byte Order Mark, also known as the preamble) is included in the byte representation that is digested.

The digestMethod is the digest method and can be one of the following: "sha1", "sha256", "sha384", "sha512", "ripemd160", or "md5".

The refType is optional and is usually not needed. Set this to the empty string unless it is desired to add a Type attribute to the Reference that is advisory only.

Returns 1 for success, 0 for failure.

# uri is a string
# content is a CkStringBuilder
# digestMethod is a string
# canonMethod is a string
# refType is a string
set status [CkXmlDSigGen_AddExternalXmlRef $uri $content $digestMethod $canonMethod $refType]

Introduced in version 9.5.0.69

Specifies an external XML Reference to be added to the Signature when generated.

The uri is the value of the URI attribute of the Reference.

The content contains the XML document to be referenced.

The digestMethod is the digest method and can be one of the following: "sha1", "sha256", "sha384", "sha512", "ripemd160", or "md5".

The canonMethod is the canonicalization method, and can be one of the following.

  • "C14N" -- for Inclusive Canonical XML (without comments)
  • "C14N_11" -- for Inclusive Canonical XML 1.1 (without comments)
  • "EXCL_C14N" -- for Exclusive Canonical XML (without comments)

The refType is optional and is usually not needed. Set this to the empty string unless it is desired to add a Type attribute to the Reference that is advisory only.

Returns 1 for success, 0 for failure.

# id is a string
# digestMethod is a string
# canonMethod is a string
# prefixList is a string
# refType is a string
set status [CkXmlDSigGen_AddSameDocRef $id $digestMethod $canonMethod $prefixList $refType]

Introduced in version 9.5.0.69

Specifies a same document Reference to be added to the Signature when generated. An same document Reference can be the entire XML document, or a fragment of the XML document.

The id can be the empty string to sign the entire XML document, or it can be the fragment identifier to sign a portion of the XML document.

The digestMethod is the digest method and can be one of the following: "sha1", "sha256", "sha384", "sha512", "ripemd160", or "md5".

The canonMethod is the canonicalization method, and can be one of the following:

  • "C14N" -- for Inclusive Canonical XML (without comments)
  • "C14N_11" -- for Inclusive Canonical XML 1.1 (without comments)
  • "EXCL_C14N" -- for Exclusive Canonical XML (without comments)

If exclusive canonicalization is selected, then the prefixList can contain a space separated list of inclusive namespace prefixes. For inclusive canonicalization, this argument is ignored. In general, pass an empty string for this argument unless you have specific knowledge of namespace prefixes that need to be treated as inclusive when EXCL_C14N is used.

Starting in Chilkat v9.5.0.70, the prefixList can be set to the keyword "_EMPTY_" to force the generation of an empty PrefixList under the Transform. For example:

  <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
	<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList=""/>
  </ds:Transform>

The refType is optional and is usually not needed. Set this to the empty string unless it is desired to add a Type attribute to the Reference that is advisory only.

Returns 1 for success, 0 for failure.

SOAP XML Digital Signature using RSA Key

# inXml is a string
# outStr is a CkString (output)
set status [CkXmlDSigGen_CreateXmlDSig $inXml $outStr]
set retStr [CkXmlDSigGen_createXmlDSig $myXmlDSigGen $inXml]

Introduced in version 9.5.0.69

Creates an XML Digital Signature. The application passes in the XML to be signed, and the signed XML is returned. If creating an enveloping signature where the Signature element is the root, then the inXml may be the empty string.

Returns 1 for success, 0 for failure.

# sbXml is a CkStringBuilder
set status [CkXmlDSigGen_CreateXmlDSigSb $sbXml]

Introduced in version 9.5.0.69

Creates an XML Digital Signature. The application passes the XML to be signed in sbXml, and it is replaced with the signed XML if successful. (Thus, sbXml is both an input and output argument.) Note: If creating an enveloping signature where the Signature element is to be the root element, then the passed-in sbXml may be empty.

Returns 1 for success, 0 for failure.

SOAP XML Digital Signature using RSA Key

Create XML Digital Signature using a ECDSA Key

# path is a string
set status [CkXmlDSigGen_SaveLastError $path]

Saves the last-error information (the contents of LastErrorXml) to an XML formatted file.

Returns 1 for success, 0 for failure.

# key is a string
# encoding is a string
set status [CkXmlDSigGen_SetHmacKey $key $encoding]

Introduced in version 9.5.0.69

Sets the HMAC key to be used if the Signature is to use an HMAC signing algorithm. The encoding specifies the encoding of key, and can be "hex", "base64", "ascii", or any of the binary encodings supported by Chilkat in the link below.

Returns 1 for success, 0 for failure.

Binary Encodings Supported by Chilkat

Create XML Digital Signature using HMAC Key

# privKey is a CkPrivateKey
set status [CkXmlDSigGen_SetPrivateKey $privKey]

Introduced in version 9.5.0.69

Sets the private key to be used for creating the XML signature. The private key may be an RSA key, a DSA key, or an ECDSA key.

Returns 1 for success, 0 for failure.

Create XML Digital Signature using a DSA Key

Create XML Digital Signature using a ECDSA Key

# cert is a CkCert
# usePrivateKey is a boolean
set status [CkXmlDSigGen_SetX509Cert $cert $usePrivateKey]

Introduced in version 9.5.0.69

Specifies the X.509 certificate to be used for the KeyInfo element when the KeyInfoType equals "X509Data". If usePrivateKey is 1, then the private key will also be set using the certificate's private key. Thus, the SetPrivateKey method does not need to be called. If usePrivateKey is 1, and the certificate does not have an associated private key available, then this method will return 0.

Note: A certificate's private key is not stored within a certificate itself. If the certificate (cert) was obtained from a PFX, Java KeyStore, or other such source, which are containers for both certs and private keys, then Chilkat would have associated the cert with the private key when loading the PFX or JKS, and all is good. The same holds true if, on a Windows system, the certificate was obtained from a Windows-based registry certificate store where the private key was installed with the permission to export.

If, however, the certificate was loaded from a .cer file, or another type of file that contains only the certificate and not the private key, then the associated private key needs to be obtained by the application and provided by calling SetPrivateKey.

Returns 1 for success, 0 for failure.