// Data to sign
bufToSign is Buffer
bufDataSeparator is Buffer = ","
// Bundle containing the certificate and the private key with the requested type of algorithm:
// RSA 2048, Elliptic Curve Digital Signature Algorithm (ECDSA)....
sFileNameCerticateAndPrivateKeyForSignature is string
sFileNameCerticateAndPrivateKeyForSignature = fDataDir() + "\signature.p12"
// Password for the private key of certificate
sPasswordPrivateKeyCertificate is string = "passwordprivatekey"
// Certificate only or public key only, to be supplied to the applications/tools
// that must be able to check the signatures
sFileNameCerticateOnly is string = fDataDir() + ...
"\certificate.cer" //or fDataDir() + "\public.pem"
// Signature obtained
bufRoughSignature is Buffer
// Signature in Base64 URL format (printable characters only)
sSignaturebase64URL is string
// Data to sign, a combination of items in most cases:
// Line ID, Date and time (for signature = invoice date or payment date), ActionCode
// Third-party ID, Third-party caption,Third-party VAT num,Third-party country,
// Company name, Company VAT num, Company country,
// Author ID,Author name
// Invoice ID,Invoice ref,Invoice date
// Payment ID,Payment ref,Payment date
// Grand total,Amount (part on the invoice),Payment mode
// Amount BT,VAT amount,Amount tax 1,Amount tax 2,Amount IOT
// Example below with "hard-coded" values instead of item names:
arrItems is array of strings = ["LineID","InvoiiceDateTime", "ActionCode"]
bufToSign = ArrayToString(arrItems,bufDataSeparator) //Etc....
WHEN EXCEPTION IN
bufRoughSignature = CertificateSignString(bufToSign, ...
certSignatureOnly + certSHA256 ) //SHA2 = SHA256
// - to support the algorithms of some certificates
// (Elliptic Curve Digital Signature Algorithm (ECDSA)),
// you must specify the file name and
// YOU MUST NOT USE a certificate variable with CertifcateLoad.
// - the certificate can be included in the application library (.WDL or .EXE file)
// all you have to do is place it in the project dependencies ("Other"
// in the treeview of project explorer)
// - The update dated July 28, 2017 must have been downloaded:
Error("Signature failure", ExceptionInfo())
IF ErrorOccurred THEN
Error("Error during the signature", ErrorInfo())
// Transforms the signature into base64 URL, without non-printable characters
sSignaturebase64URL = Encode(bufRoughSignature, encodeBASE64URL)
Trace("Base64URL signature: " + sSignaturebase64URL)
// To check the signature in another process, use a code such as:
// Caution: You must use the file of public key
// and not the certificate with private key that requires a password
SWITCH CertificateCheckString(bufToSign, Decode(sSignaturebase64URL, encodeBASE64URL), ...
sFileNameCerticateOnly, certSignatureOnly + certSHA256)
CASE certificateOk: Info("Valid signature and trusted certificate")
CASE certificateInvalid: Info("Invalid signature or certificate", ErrorInfo())
CASE certificateExpired: Info("Valid signature but expired certificate", ErrorInfo())
CASE certificateUntrusted: Info("Valid signature but root confidence " + ...
"of certificate not reliable", ErrorInfo())
// Case for a self-signed certificate used on another computer/network
Error("Unexpected result of signature check", ErrorInfo())