CMS_MakeDetachedSig

CryptoSys PKI Pro Manual

CMS_MakeDetachedSig

Creates a "detached signature" CMS signed-data object from a message digest of the content.

VBA/VB6 Syntax


Public Declare Function CMS_MakeDetachedSig Lib "diCrPKI.dll" 
    (ByVal strFileOut As String, ByVal strHexDigest As String, 
    ByVal strCertList As String, ByVal strPrivateKey As String, 
    ByVal nOptions As Long) As Long

nRet = CMS_MakeDetachedSig(strFileOut, strHexDigest, strCertList, strPrivateKey, nOptions) As Long

C/C++ Syntax


long __stdcall CMS_MakeDetachedSig(const char *szFileOut, const char *szHexDigest, const char *szCertList, const char *szPrivateKey, long nOptions);

Parameters

szFileOut: [in] with name of output file to be created.
szHexDigest: [in] containing the digest of the content in hexadecimal format.
szCertList: [in] containing the filename of the signer's certificate and (optionally) a list of other certificates to be included in the output, separated by semi-colons (;)
szPrivateKey: [in] containing the private key data for the signer.
nOptions: [in] option flags: Select one of:
PKI_HASH_SHA1 (0) to use the SHA-1 algorithm (default)
PKI_HASH_SHA224 to use the SHA-224 algorithm
PKI_HASH_SHA256 to use the SHA-256 algorithm
PKI_HASH_SHA384 to use the SHA-384 algorithm
PKI_HASH_SHA512 to use the SHA-512 algorithm
and optionally add
PKI_CMS_EXCLUDE_CERTS to exclude signer's certificate
PKI_CMS_INCLUDE_ATTRS to add signed attributes (default = no signed attributes) including content-type and message-digest plus any more added below.
PKI_CMS_ADD_SIGNTIME to add SigningTime to the signed attributes (requires PKI_CMS_INCLUDE_ATTRS)
PKI_CMS_ADD_SMIMECAP to add sMIMECapabilities to the signed attributes (requires PKI_CMS_INCLUDE_ATTRS)
PKI_CMS_ADD_SIGNINGCERT to add ESS Signing Certificate attribute to the signed attributes (requires PKI_CMS_INCLUDE_ATTRS)
PKI_CMS_FORMAT_BASE64 to format the output with base64 encoding (default output is binary)

Returns (VBA/C)

If successful, the return value is zero; otherwise it returns a nonzero error code. Further error information may be available by calling PKI_LastError().

.NET Equivalent

Cms.MakeDetachedSig Method

C++ (STL) Equivalent

static int dipki::Cms::MakeDetachedSig (const std::string &outputFile, const std::string &hexDigest, const std::string &certList, const std::string &privateKey, SigAlg sigAlg=SigAlg::Default, SigDataOptions opts=SigDataOptions::Default_SigDataOpt, Format format=Format::Default)

Python Equivalent

static Cms.make_detached_sig(outputfile, hexdigest, certlist, prikeystr, sigalg=SigAlg.DEFAULT, opts=SigDataOpts.DEFAULT)

Remarks

RSASSA-PKCS1V1_5 only. See CMS_MakeSigData() for more details. The PKI_CMS_EXCLUDE_DATA option is obviously ignored.

Example

This example creates a "detached signature" CMS signed-data object that would duplicate a "detached signature" version of example 4.2 from [SMIME-EX] if they did one. It uses Alice's RSA private key to sign the SHA-1 Message digest of the content "This is some sample content.". The output is a BER-encoded CMS signedData object which includes her certificate but has no signed attributes.

Dim nRet As Long
Dim strEPKFile As String
Dim strCertFile As String
Dim strOutFile As String
Dim strHexDigest As String
Dim strPrivateKey As String

strEPKFile = "AlicePrivRSASign.p8e"
strCertFile = "AliceRSASignByCarl.cer"
strOutFile = "DetSignByAlice.bin"
strHexDigest = "406aec085279ba6e16022d9e0629c0229687dd48"

' First, Alice reads her private key into a string
strPrivateKey = rsaReadPrivateKey(strEPKFile, "password")
If Len(strPrivateKey) = 0 Then
    MsgBox "Cannot read private key"
    Exit Function
End If

' Alice makes a detached signature using
' the hash of the content and her private key
nRet = CMS_MakeDetachedSig(strOutFile, strHexDigest, _
    strCertFile, strPrivateKey, 0)
Debug.Print "CMS_MakeDetachedSig returns " & nRet