Signing a Document
[CAPICOM is a 32-bit only component that is available for use in the following operating systems: Windows Server 2008, Windows Vista, and Windows XP. Instead, use the .NET Framework to implement security features. For more information, see Alternatives to Using CAPICOM.]
A standard use of a signature is to sign a text and save that signed text to a file. The signed text could also be sent over the Internet. The signed message is in PKCS #7 format.
In this example, the signature is created for detached content (when the content is not included with the signature). A detached signature would most often be used if the recipient of the signature has a copy of the exact signed text. In the example below, the original message and the detached signature are written to separate files.
On any CAPICOM error, a negative decimal value of Err.Number is returned. For more information, see CAPICOM_ERROR_CODE. For information about positive decimal values of Err.Number, see Winerror.h.
Creating a signature uses the signer's private key. A signature can only be created if the signer's certificate with an associated private key is available. This example of the Sign method does not specify a signer. If a signer is not specified and no certificate in CAPICOM_MY_STORE has an associated private key, the Sign method fails. If one and only one certificate in CAPICOM_MY_STORE has an associated private key, that certificate and its private key is used to create the signature. If more than one certificate in the CAPICOM_MY_STORE store has an associated private key, a dialog box appears and the user can choose the certificate to be used to create the signature.
When a web-based application uses the Sign method, a prompt is always displayed and the user's permission is required before a signature that uses that signer's private key is created.
Sub Signfile(ByVal InputFileName As String, _
ByVal OutputFileName As String)
On Error GoTo ErrorHandler
Dim c As String
Dim s As String
Dim MyStore As New Store
Dim Signobj As New SignedData
Dim Signer As New Signer
' NOTE: the name 'Attribute' is not a unique name
' and must be preceded by 'CAPICOM.'
Dim SigningTime As New CAPICOM.Attribute
' Open the MY store and retrieve the first certificate from the
' Store. The signing operation will only work if this
' certificate is valid and has access to the signer's private key.
MyStore.Open CAPICOM_CURRENT_USER_STORE, "MY", _
CAPICOM_STORE_OPEN_READ_ONLY
Signer.Certificate = MyStore.Certificates.Item(1)
' Open the input file and read the content to be signed from
' the file.
Open App.Path & "\" & InputFileName For Input As #1
Input #1, c
Close #1
' Set the content to be signed.
Signobj.Content = c
' Save the time the data was signed as a signer attribute.
SigningTime.Name = CAPICOM_AUTHENTICATED_ATTRIBUTE_SIGNING_TIME
SigningTime.Value = Now
Signer.AuthenticatedAttributes.Add SigningTime
' Sign the content using the signer's private key.
' The 'True' parameter indicates that the content signed is not
' included in the signature string.
s = Signobj.Sign(Signer, True)
Open App.Path & "\" & OutputFileName For Output As #2
Write #2, s
Close #2
MsgBox ("Signature done - Saved to file" & OutputFileName)
Set Signobj = Nothing
Set MyStore = Nothing
Set Signer = Nothing
Set SigningTime = Nothing
Exit Sub
ErrorHandler:
If Err.Number > 0 Then
MsgBox ("Visual Basic error found:" & Err.Description)
Else
MsgBox ("CAPICOM error found : " & Err.Number)
End If
End Sub
Related topics