SQLData Systems, Inc.
Home | Products | Services | Documents | Support

XML Encryption and XML Signature Sample Code Using XMLCrypto

The following are some sample codes that demonstrate how to sign a document using XML Signature and to encrypt a document using XML Encryption. It is written in C/C++ and can be compiled using Microsoft VC 6.0.

The procedure is very simple and straight forward:

  1. Create an XMLCrypto object.

  2. Assign a RSA key to be used for the operation. It could be either a public key or a private key.

  3. Sign or encrypt the document.

#include "stdafx.h"
#include <string>
#include <atlbase.h>
#include <comdef.h>

#import "XMLCrypto.dll" no_namespace//raw_interfaces_only
// this is our sample document
const TCHAR* szPaymentDocument = "<PaymentInfo xmlns='http://sqldata.com/xmlcrypto' Id='PayId'>\
	<Name>John Smith</Name>\
	<CreditCard Currency='USD' Limit='5,000' Id='CC'>\
		<Number>4019 2445 0277 5567</Number>\
		<Issuer>Bank of the Internet</Issuer>\
		<Expiration Time='04/02'/>\
	</CreditCard>\
	<Account Id='ACC'>\
		<AccountId>John Doe</AccountId>\
		<Password>My Secret Password</Password>\
	</Account>\
</PaymentInfo>";


void SignXMLDocument()
{
    HRESULT hr;
    IXMLCryptoPtr pXMLCrypto;
    if(SUCCEEDED(hr=pXMLCrypto.CreateInstance("SQLData.XMLCrypto")))
    {
	// use CryptoTester's private key. The key is in the KEYS directory
	pXMLCrypto->SetKeyInfo("CryptoTester", "", "");
	// sign the whole payment document.
	_bstr_t bstrSigned = pXMLCrypto->SignData(szPaymentDocument, "#PayId", "");
	if(bstrSigned.length()>0)
	{
	printf("The signed document is : \n%s\n", (const TCHAR*)bstrSigned);
	// clear the object state
	pXMLCrypto->Clear();
	// now we can verify the signature
	if(pXMLCrypto->VerifyData(bstrSigned)==VARIANT_TRUE)
		printf("The Signature is valid.\n");
	else
		printf("The Signature is invalid.\n");
	}
    }
}

void EncryptXMLDocument()
{
    HRESULT hr;
    IXMLCryptoPtr pXMLCrypto;
    if(SUCCEEDED(hr=pXMLCrypto.CreateInstance("SQLData.XMLCrypto")))
    {
	// use CryptoTester's public key.
	pXMLCrypto->SetKeyInfo("CryptoTester", "", "");
	// encrypt the whole document
	_bstr_t bstrEncrypted = pXMLCrypto->EncryptData(szPaymentDocument, "", "", "");
	if(bstrEncrypted.length()>0)
	{
	    printf("The encrypted document is : \n%s\n", (const TCHAR*)bstrEncrypted);
	    // clear the object state
	    pXMLCrypto->Clear();
	    // now we can verify the signature
  	    _bstr_t bstrDecrypted = pXMLCrypto->DecryptData(bstrEncrypted, "");

	    printf("The decrypted document is\n%s.\n", (const TCHAR*)bstrDecrypted);
	}
    }
}

int main(int argc, char* argv[])
{
	CoInitialize(NULL);
	SignXMLDocument();
	EncryptXMLDocument();
	CoUninitialize();

	return 0;
}

A trial version of the XMLCrypto toolkit can be downloaded here. The package contains complete documentation and many other examples.

The product can be purchased online here using paypal.

Download | Purchase | ContactFeedback

Send mail to  info2-at-sqldata-dot-com with questions or comments about this web site.
Copyright 1997-2005 SQLData Systems, Inc.
Last modified: August 28, 2009