Official Content

Warning: This data type will be discontinued in GeneXus 18 Upgrade 5. GeneXus Security API is on the way to replace this data type. It is recommended to migrate your code and use this API before GeneXus 18 Upgrade 5.

CryptoSign belongs to the Cryptography data types.

It enables us to handle digital signatures with a public key-private key, as per standard  PKCS#7/CMS or PKCS1, using X509 certificates.

CryptoSign Methods

Name Description
Sign(text:String[,detached:Boolean]):String  Returns the text that results from applying the signature algorithm, using the certificate specified by the text entered. The detached parameter indicates if only the signature is returned or if the signature is returned together with the content. The detached parameter is valid only when the PKCS7 format is used.
Verify(signature:String,text:String[,detached:Boolean]):Boolean With a given text and a signature, verifies if the signature corresponds to the text using the information of the configured certificate. The detached parameter is valid only when the PKCS7 format is used


Certificate:CryptoCertificate Allows us to specify the certificate that will be used in signing the text.
Algorithm:CryptoAlgorithmSign Allows us to specify the signature algorithm. SHA1withRSA is the default signature algorithm.
ValidateCertificate:Boolean Specifies whether the fact that the certificate is valid or not must be validated in the Verify method.
Standard:{PKCS7,PKCS1} Allows us to specify the standard that will be used. The default value is PKCS1. The detached parameter is valid only when the PKCS7 format is used, in which case the standard must be specified as PKCS7.


A. How to sign a text

In the example below, upon a given certificate in .pfx format, a text is signed using the Hash SignSHA1withRSA algorithm.
The first thing is to load the disk certificate. If the loading is error-free, we must request the private key to sign the text. If a key exists, a Hash algorithm is selected for the signature, and the Sign method is used to sign the text.

&errorCode = &CryptoCert.Load("my_keystore.pfx", &pwd) //&CryptoCert is of CryptoCertificate type.
if &errorCode = 0
    if (&CryptoCert.HasPrivateKey())
     &CryptoSign.Algorithm = CryptoSignAlgorithm.SHA1withRSA //&CryptoSign is of CryptoSign type. 
     //CryptoSignAlgorithm is an enumerated domain containing the signature algorithms supported. 
     &CryptoSign.Certificate = &CryptoCert
     &signedText = &CryptoSign.Sign(&textToSign, false)
     if &CryptoSign.ErrCode <> 0
       //Process Errors
     //Process Errors
  //Process Errors

B. How to validate a text’s signature

In the case of a certificate with a public key, the text signature is verified as shown in the following example:

&errorCode = &CryptoCert.Load("MyPublicKey.cer")
if &errorCode = 0
    &CryptoSign.Certificate = &CryptoCert //&CryptoSign is of CryptoSign type.
    &CryptoSign.ValidateCertificate = True //True means that the certificate is validated in the signature validation process.
    &CryptoSign.Algorithm = CryptoSignAlgorithm.SHA1withRSA
    &isOK = &CryptoSign.Verify(&SignedText,&TextToSign,false)
    if not &isOK
       //Process Errors
 //Process Errors


Generators:  .NET, Java


The SHA256withRSA is used by default since GeneXus Evolution v15 U10. The previous versions use SHA1withRSA.

Last update: November 2023 | © GeneXus. All rights reserved. GeneXus Powered by Globant