CryptoSys PKI Pro Manual

CMS_MakeSigDataFromBytes

Create a CMS object of type SignedData from an array of bytes.

VBA/VB6 Syntax

Public Declare Function CMS_MakeSigDataFromBytes Lib "diCrPKI.dll" (ByVal strFileOut As String, ByRef lpInput As Byte, ByVal nInputLen As Long, ByVal strCertList As String, ByVal strPrivateKey As String, ByVal nOptions As Long) As Long

nRet = CMS_MakeSigDataFromBytes(strFileOut, lpInput(0), nInputLen, strCertList, strPrivateKey, nOptions) As Long

C/C++ Syntax

long __stdcall CMS_MakeSigDataFromBytes(const char *szFileOut, const unsigned char *lpInput, long nInputLen, const char *szCertList, const char *szPrivateKey, long nOptions);

Parameters

szFileOut
[in] name of output file to be created.
lpInput
[in] byte array containing input data to be signed.
nInputLen
[in] length in bytes of input data.
szCertList
[in] filename of the signer's certificate and (optionally) a list of other certificates to be included in the output, separated by semi-colons (;). Alternatively specify a single PKCS#7 certificate chain file (.p7c/.p7b) containing the signer's certificate.
szPrivateKey
[in] private key data for the sender in "internal" string format.
nOptions
[in] Option flags. Select one of:
PKI_SIG_RSA_SHA1 (0) to use RSASSA-PKCS-v1_5 with SHA-1 (sha1WithRSAEncryption) (default - CAUTION)
PKI_SIG_RSA_SHA224 to use RSASSA-PKCS-v1_5 with SHA-224 (sha224WithRSAEncryption)
PKI_SIG_RSA_SHA256 to use RSASSA-PKCS-v1_5 with SHA-256 (sha256WithRSAEncryption) [minimum recommended]
PKI_SIG_RSA_SHA384 to use RSASSA-PKCS-v1_5 with SHA-384 (sha384WithRSAEncryption)
PKI_SIG_RSA_SHA512 to use RSASSA-PKCS-v1_5 with SHA-512 (sha512WithRSAEncryption)
PKI_SIG_RSA_MD5 to use RSASSA-PKCS-v1_5 with MD5 (md5WithRSAEncryption) [legacy, not recommended for new implementations]
PKI_SIG_RSA_PSS_SHA1 to use RSASSA-PSS with SHA-1
PKI_SIG_RSA_PSS_SHA224 to use RSASSA-PSS with SHA-224
PKI_SIG_RSA_PSS_SHA256 to use RSASSA-PSS with SHA-256
PKI_SIG_RSA_PSS_SHA384 to use RSASSA-PSS with SHA-384
PKI_SIG_RSA_PSS_SHA512 to use RSASSA-PSS with SHA-512
PKI_SIG_ECDSA_SHA1 to use ecdsaWithSHA1
PKI_SIG_ECDSA_SHA224 to use ecdsaWithSHA224
PKI_SIG_ECDSA_SHA256 to use ecdsaWithSHA256
PKI_SIG_ECDSA_SHA384 to use ecdsaWithSHA384
PKI_SIG_ECDSA_SHA512 to use ecdsaWithSHA512
PKI_SIG_ED25519 to use Ed25519 [New in v20.0]
PKI_SIG_ED2448 to use Ed448 [New in v22.0]

and optionally add any of the following flags:
PKI_CMS_EXCLUDE_CERTS to exclude signer's certificate
PKI_CMS_EXCLUDE_DATA to exclude the eContent data
PKI_CMS_CERTS_ONLY to create a "certs-only" PKCS#7 certficate chain
PKI_CMS_INCLUDE_ATTRS to add signed attributes (default = no signed attributes) including content-type and message-digest plus any more added below.
PKI_CMS_FORMAT_BASE64 to format the output with base64 encoding (default output is binary)
PKI_CMS_NO_OUTER to create a "naked" SignedData object with no outerContentInfo as permitted by PKCS#7 v1.6 (specialist option)
PKI_CMS_ALT_ALGID to use an alternative signature algorithm identifier (see Remarks)
PKI_CMS_BIGFILE to speed up the processing of large files (see Remarks)
PKI_PSS_SALTLEN_ZERO to set the salt length to be zero (RSASSA-PSS only, default = same length as the output of the hash function)
PKI_MGF_MGF1SHA1 to force the MGF hash function to be SHA-1 (RSASSA-PSS only, default = same as signature hash function)

If the PKI_CMS_INCLUDE_ATTRS option flag is included, optionally add any of the following:
PKI_CMS_ADD_SIGNTIME to add SigningTime to the signed attributes (requires PKI_CMS_INCLUDE_ATTRS)
PKI_CMS_ADD_SMIMECAP to add sMIMECapabilities to the signed attributes (requires PKI_CMS_INCLUDE_ATTRS)
PKI_CMS_ADD_SIGNINGCERT to add an ESS Signing Certificate Attribute to the signed attributes (requires PKI_CMS_INCLUDE_ATTRS) [New in v12.4]
PKI_CMS_ADD_ALGPROTECT to add an Algorithm Identifier Protection Attribute to the signed attributes (requires PKI_CMS_INCLUDE_ATTRS) [New in v12.4]

Returns (VBA/C)

If successful, the return value is zero; otherwise it returns a nonzero error code. Further error information may be available by calling PKI_LastError().

VBA Wrapper Syntax

Public Function cmsMakeSigDataFromBytes (szFileOut As String, lpInput() As Byte, szCertList As String, szPrivateKey As String, Optional nOptions As Long = 0) As Long

.NET Equivalent

Cms.MakeSigDataFromBytes Method

C++ (STL) Equivalent

static int dipki::Cms::MakeSigDataFromBytes (const std::string &outputFile, const dipki::bvec_t &data, const std::string &certList, const std::string &privateKey, SigAlg sigAlg=SigAlg::Default, SigDataOptions opts=SigDataOptions::Default_SigDataOpt, Format format=Format::Default)
static Cms.make_sigdata_from_bytes(outputfile, inputdata, certlist, prikeystr, sigalg=SigAlg.DEFAULT, opts=SigDataOpts.DEFAULT)

Python Equivalent

static Cms.make_sigdata_from_string(outputfile, inputstr, certlist, prikeystr, sigalg=SigAlg.DEFAULT, opts=SigDataOpts.DEFAULT)
static Cms.make_sigdata_from_bytes(outputfile, inputdata, certlist, prikeystr, sigalg=SigAlg.DEFAULT, opts=SigDataOpts.DEFAULT)

Remarks

This function is identical to CMS_MakeSigData() except the input is passed as a byte array instead of in a file. See the remarks for CMS_MakeSigData above. Use this function if the content contains non-ASCII characters such as UTF-8 encoded.

Example

This example creates an signed-data object in a file 'basicsignedbyalice_utf8.p7m'. The input is UTF-8-encoded data with some non-ASCII characters that encode to more than one byte. See CMS_ReadSigDataToBytes for example code to read it. 

    Dim nRet As Long
    Dim strSigDataFile As String
    Dim strData As String
    Dim abData() As Byte
    Dim nBytes As Long
    Dim strPrivateKey As String
    
    ' Input contains two non-ASCII characters:
    '   U+00CD Latin capital letter I with acute, encodes as (0x) C3 8D
    '   U+00F1 Latin small letter N with tilde, encodes as (0x) C3 B1
    strData = "<doc><name c='es'>Íñigo</name></doc>"
    ' Convert Unicode string to UTF-8-encoded byte array
    nBytes = CNV_UTF8BytesFromLatin1(ByVal 0&, 0, strData)
    ReDim abData(nBytes - 1)
    nBytes = CNV_UTF8BytesFromLatin1(abData(0), nBytes, strData)
    Debug.Print "INPUT STR=""" & strData & """" & " (" & Len(strData) & " chars)"
    Debug.Print "HEX(UTF8)=" & cnvHexStrFromBytes(abData) & " (" & UBound(abData) + 1 & " bytes)"
    
    '  We need Alice's private key
    strPrivateKey = rsaReadPrivateKey("AlicePrivRSASign.p8e", "password")
    If Len(strPrivateKey) = 0 Then
        MsgBox "Cannot read private key"
        Exit Sub
    End If
    
    ' Create a CMS signed-data object
    strSigDataFile = "basicsignedbyalice_utf8.p7m"
    nRet = CMS_MakeSigDataFromBytes(strSigDataFile, _
        abData(0), nBytes, "AliceRSASignByCarl.cer", strPrivateKey, PKI_SIG_RSA_PSS_SHA256)
    ' This should return 0 indicating success
    Debug.Print "CMS_MakeSigDataFromBytes returns " & nRet & " (expected 0)"
    Debug.Assert 0 = nRet
    Debug.Print "Created signed-data file '" & strSigDataFile & "'"

CleanUp:
    wipeString strPrivateKey

INPUT STR="<doc><name c='es'>Íñigo</name></doc>" (36 chars)
HEX(UTF8)=3C646F633E3C6E616D6520633D276573273EC38DC3B169676F3C2F6E616D653E3C2F646F633E (38 bytes)
CMS_MakeSigDataFromBytes returns 0 (expected 0)
Created signed-data file 'basicsignedbyalice_utf8.p7m'

Example (VBA wrapper function)

Dim strSigDataFile As String
Dim strCertFile As String
Dim lpData() As Byte
Dim strPrivateKey As String
Dim strQuery As String
Dim r As Long
	
' Input contains two non-ASCII characters:
'   U+00CD Latin capital letter I with acute, encodes as (0x) C3 8D
'   U+00F1 Latin small letter N with tilde, encodes as (0x) C3 B1
' Convert Unicode string to UTF-8-encoded byte array to be signed
lpData = cnvUTF8BytesFromLatin1("<doc><name c='es'>Íñigo</name></doc>")
Debug.Print "HEX(data to be signed)=" & cnvToHex(lpData)
' Read in Dana's ED25519 private key
strPrivateKey = eccReadPrivateKey("lamps-dana.p8.pem", "")
strCertFile = "lamps-dana.crt"

' Create a CMS signed-data object
strSigDataFile = "signeddata-utf8-dana.p7m"
r = cmsMakeSigDataFromBytes(strSigDataFile, lpData, strCertFile, strPrivateKey, PKI_SIG_ED25519 Or PKI_CMS_INCLUDE_ATTRS Or PKI_CMS_ADD_SIGNINGCERT)

Debug.Print "cmsMakeSigDataFromBytes returns " & r & " (expected 0)"
Debug.Assert 0 = r
Debug.Print "FILE: " & strSigDataFile
' Query the signed-data object
strQuery = "signatureAlgorithm"
Debug.Print "QuerySigData('" & strQuery & "')=" & cmsQuerySigData(strSigDataFile, strQuery)
strQuery = "signingCertHash"
Debug.Print "QuerySigData('" & strQuery & "')=" & cmsQuerySigData(strSigDataFile, strQuery)
' Check thumbprint of cert, this should match the signingCertHash
Debug.Print "CertThumb=" & x509CertThumb(strCertFile)
' Read back the signed data
lpData = cmsReadSigDataToBytes(strSigDataFile)
Debug.Print "HEX(recovered content)=" & cnvToHex(lpData)

HEX(data to be signed)=3C646F633E3C6E616D6520633D276573273EC38DC3B169676F3C2F6E616D653E3C2F646F633E
cmsMakeSigDataFromBytes returns 0 (expected 0)
FILE: signeddata-utf8-dana.p7m
QuerySigData('signatureAlgorithm')=Ed25519
QuerySigData('signingCertHash')=4db09e5f691aeaf46bffa1dbd4719d5c3f529ca0
CertThumb=4db09e5f691aeaf46bffa1dbd4719d5c3f529ca0
HEX(recovered content)=3C646F633E3C6E616D6520633D276573273EC38DC3B169676F3C2F6E616D653E3C2F646F633E

See Also

CMS_MakeSigData CMS_MakeSigDataFromString CMS_MakeDetachedSig

[Contents] [Index]

[PREV: CMS_MakeSigDataFromSigValue...]   [Contents]   [Index]   
   [NEXT: CMS_MakeSigDataFromString...]
Copyright © 2004-24 D.I. Management Services Pty Ltd. All rights reserved. Generated 2024-09-23T07:52:09Z.