Signing a Document

[CAPICOM is a 32-bit only component that is available for use in the following operating systems: Windows Server 2008, Windows Vista, and Windows XP. Instead, use the .NET Framework to implement security features. For more information, see Alternatives to Using CAPICOM.]

A standard use of a signature is to sign a text and save that signed text to a file. The signed text could also be sent over the Internet. The signed message is in PKCS #7 format.

In this example, the signature is created for detached content (when the content is not included with the signature). A detached signature would most often be used if the recipient of the signature has a copy of the exact signed text. In the example below, the original message and the detached signature are written to separate files.

On any CAPICOM error, a negative decimal value of Err.Number is returned. For more information, see CAPICOM_ERROR_CODE. For information about positive decimal values of Err.Number, see Winerror.h.

Creating a signature uses the signer's private key. A signature can only be created if the signer's certificate with an associated private key is available. This example of the Sign method does not specify a signer. If a signer is not specified and no certificate in CAPICOM_MY_STORE has an associated private key, the Sign method fails. If one and only one certificate in CAPICOM_MY_STORE has an associated private key, that certificate and its private key is used to create the signature. If more than one certificate in the CAPICOM_MY_STORE store has an associated private key, a dialog box appears and the user can choose the certificate to be used to create the signature.

When a web-based application uses the Sign method, a prompt is always displayed and the user's permission is required before a signature that uses that signer's private key is created.


Sub Signfile(ByVal InputFileName As String, _
    ByVal OutputFileName As String)
    
    On Error GoTo ErrorHandler
    Dim c As String
    Dim s As String
    Dim MyStore As New Store
    Dim Signobj As New SignedData
    Dim Signer As New Signer

    ' NOTE: the name 'Attribute' is not a unique name
    ' and must be preceded by 'CAPICOM.'
    Dim SigningTime As New CAPICOM.Attribute

    ' Open the MY store and retrieve the first certificate from the
    ' Store. The signing operation will only work if this
    ' certificate is valid and has access to the signer's private key.
    MyStore.Open CAPICOM_CURRENT_USER_STORE, "MY", _
        CAPICOM_STORE_OPEN_READ_ONLY
    Signer.Certificate = MyStore.Certificates.Item(1)

    ' Open the input file and read the content to be signed from
    ' the file.
    Open App.Path & "\" & InputFileName For Input As #1
    Input #1, c
    Close #1
    
    ' Set the content to be signed.
    Signobj.Content = c

    ' Save the time the data was signed as a signer attribute.
    SigningTime.Name = CAPICOM_AUTHENTICATED_ATTRIBUTE_SIGNING_TIME
    SigningTime.Value = Now
    Signer.AuthenticatedAttributes.Add SigningTime

    ' Sign the content using the signer's private key.
    ' The 'True' parameter indicates that the content signed is not
    ' included in the signature string.
    s = Signobj.Sign(Signer, True)

    Open App.Path & "\" & OutputFileName For Output As #2
    Write #2, s
    Close #2

    MsgBox ("Signature done - Saved to file" & OutputFileName)
    Set Signobj = Nothing
    Set MyStore = Nothing
    Set Signer = Nothing
    Set SigningTime = Nothing

    Exit Sub

ErrorHandler:
    If Err.Number > 0 Then
        MsgBox ("Visual Basic error found:" & Err.Description)
    Else
        MsgBox ("CAPICOM error found : " & Err.Number)
    End If
End Sub


Related topics

Store.Open
Signer.Certificate
Attribute
SignedData

 

 

Show: