ONLINE HELP
 WINDEVWEBDEV AND WINDEV MOBILE

This content has been translated automatically.  Click here  to view the French version.
Help / WLanguage / WLanguage functions / Standard functions / Certificate functions
  • Validity of certificate (syntax 1)
  • Managing certificates in WEBDEV
WINDEV
WindowsLinuxJavaReports and QueriesUser code (UMC)
WEBDEV
WindowsLinuxPHPWEBDEV - Browser code
WINDEV Mobile
AndroidAndroid Widget iPhone/iPadIOS WidgetApple WatchMac Catalyst
Others
Stored procedures
Creates the signature of a character string.
WINDEVReports and QueriesUser code (UMC)
// Signature de chaîne selon un certificat installé sur la machine 
// Attention : cette syntaxe utilise une variable de type Certificat. 
// Cette syntaxe n'est pas compatible avec la mise en conformité 
// des logiciels de caisse (Norme NF525).
// L'exemple correspondant à la norme NF525 est disponible dans 
// les exemples supplémentaires

MonCertificat is Certificate

// Ouverture du sélecteur de certificat de Windows
MonCertificat = CertificateSelect()
// Annulation ou erreur
IF MonCertificat.Name = "" THEN
	RETURN
END

// Teste la validité du certificat pour la signature
IF MonCertificat.ValidForSignature = False THEN
	Info("Le certificat sélectionné ne permet de pas de générer une signature.")
	RETURN
END

// Récupération du buffer contenant la signature
bufSignature is Buffer
bufSignature = CertificateSignString("Chaîne de caractères à signer", MonCertificat)

// Récupération du certificat contenu dans le buffer de la signature
MonCertificatExtrait is Certificate
MonCertificatExtrait = CertificateExtract(bufSignature)

// Gestion des erreurs
IF MonCertificatExtrait = Null THEN
	RETURN
END

// Ouverture de la fenêtre des propriétés du certificat
CertificateOpenProperties(MonCertificatExtrait)
Syntax
WINDEVWEBDEV - Server codeReports and QueriesUser code (UMC)

Signing a string via a Certificate variable Hide the details

<Result> = CertificateSignString(<String to Sign> , <Certificate>)
<Result>: Buffer
Signature of string (in PKCS7 format (DER)). This buffer can be used later by CertificateCheckString to check the correspondence between the signature and the string.
<String to Sign>: Ansi or Unicode character string or Buffer
Character string to sign.
<Certificate>: Certificate variable
Name of the Certificate variable containing the certificate that will be used to sign the string.

Signing a string via a numeric signature Hide the details

<Result> = CertificateSignString(<String to Sign> , <Certificate file> , <Password> , <Option>)
<Result>: Buffer
Signature of string (in requested format). This buffer can be used later by CertificateCheckString to check the correspondence between the signature and the string.
<String to Sign>: Ansi or Unicode character string or Buffer
Character string to sign.
<Certificate file>: Character string or Buffer
  • Full path to a PKCS12 file (.p12/.pfx) containing the private key and the certificates. This file can be included in the application library (WDL file).
  • Buffer containing the private key and certificates.
    If the certSignatureOnly constant is used, this buffer can contain only the private key.
<Password>: Character string or Secret string
Password that will be used to decrypt the certificate file if this one is password-protected.
New in version 2025
Secret strings: If you use the secret string vault, the type of secret string used for this parameter must be "ANSI or Unicode string".
To learn more about secret strings and how to use the vault, see Secret string vault.
<Option>: Integer constant (or combination of constants)
Allows you to specify:
  • the hashing algorithm used (optional for a signature in PKCS7 format):
    certMD5MD5 algorithm.
    Not recommended because unreliable. This type of algorithm is not allowed with the "elliptic curve" signatures.
    certSHA160SHA1 algorithm.
    certSHA256SHA2 algorithm. A 256-bit result is produced.
    certSHA384SHA-384 algorithm. A 384-bit result is produced.
    This type of algorithm is not supported by the "DSA" signatures.
    certSHA512SHA-512 algorithm. A 512-bit result is produced.
    This type of algorithm is not supported by the "DSA" signatures.
  • the signature format:
    certPKCS7EnvelopedContainer in PKCS7 format (DER) containing the signature, the string of certificates and the signed data.
    Note: if this constant is used, the hash algorithm is optional. If it is not specified, an appropriate algorithm will be automatically chosen.
    certPKCS7Enveloped + certPKCS7PEMContainer in PKCS7 format (PEM) containing the signature, the string of certificates and the signed data.
    Note: if this constant is used, the hash algorithm is optional. If it is not specified, an appropriate algorithm will be automatically chosen.
    certPKCS7WithCertificateContainer in PKCS7 format (DER) containing the signature and the string of certificates.
    Note: if this constant is used, the hash algorithm is optional. If it is not specified, an appropriate algorithm will be automatically chosen.
    certPKCS7WithCertificate + certPKCS7PEMContainer in PKCS7 format (PEM) containing the signature and the string of certificates.
    Note: if this constant is used, the hash algorithm is optional. If it is not specified, an appropriate algorithm will be automatically chosen.
    certPKCS7WithoutCertificateContainer in PKCS7 format (DER) containing the signature.
    Note: if this constant is used, the hash algorithm is optional. If it is not specified, an appropriate algorithm will be automatically chosen.
    certPKCS7WithoutCertificate + certPKCS7PEMContainer in PKCS7 format (PEM) containing the signature.
    Note: if this constant is used, the hash algorithm is optional. If it is not specified, an appropriate algorithm will be automatically chosen.
    certSignatureOnlyThe output contains only the raw signature, without any container.
    This options is required for the compliance of accountancy software (NF525 standard). With this option, only the key section of PFX file will be used (the certificate section containing the date will not be used).
    Caution: if this constant is used, the hash algorithm must be specified.
Note: The signature algorithm is determined by the private key (RSA, DSA, Elliptic curve)..
Remarks

Validity of certificate (syntax 1)

Before signing a string, it is recommended to check the validity of the certificate (ValidForSignature property of the Certificate variable). This property is used to find out whether the certificate owns a private key as well as all the characteristics required to perform a signature. CertificateSignString returns an error if this property is set to False.
WEBDEV - Server code

Managing certificates in WEBDEV

In order for the certificates to be visible to the site user, they must be installed on the server in the store of custom certificates of the Internet user.
Business / UI classification: Business Logic
Component: wd300std.dll
Minimum version required
  • Version 16
This page is also available for…
Comments
Click [Add] to post a comment

Last update: 05/16/2025

Send a report | Local help