SignDocSignatureParameters Class |
Parameters for signing a document.
Use SignDocDocument.createSignatureParameters() or
SignDocDocument.createSignatureParametersForTimeStamp()
to create objects of this type.
The available parameters depend both on the document type and on
the signature field for which the SignDocSignatureParameters object
has been created. All setters have a special value for one of their
arguments which can be used for checking if the parameter can be
set.
SignDocDocument.addSignature() may fail due to invalid parameters
even if all setters reported success as the setters do not check if
there are conflicts between parameters.
Which certificates are acceptable may be restricted by the
application (by using csf_software and csf_hardware of integer
parameter "SelectCertificate", blob parameters
"FilterCertificatesByIssuerCertificate" and
"FilterCertificatesBySubjectCertificate", and string parameters
"FilterCertificatesByPolicy" and
"FilterCertificatesBySubjectDN") and by the PDF document
(certificate seed value dictionary). If no
matching certificate is available (for instance, because integer
parameter "SelectCertificate" is zero),
SignDocDocument.addSignature() will throw SignDocNoCertificateException.
If more than one matching certificate is available but
csf_never_ask is specified in integer parameter
"SelectCertificate"), SignDocDocument.addSignature() will throw
SignDocAmbiguousCertificateException.
To make the signature maximally meaningful, integer parameter
"AddCertificates" should be ac_all (which
is the default value) and integer parameter
"AddRevocationInfo" should include #ari_add.
Unless you need a specific signing method, you should leave
integer parameter "Method" at its default value #m_default.
If you select a specific signing method and that method
is not allowed by the signature field's seed values,
signing will fail.
Unless you need a specific digest algorithm, you should leave
integer parameter "DetachedHashAlgorithm" at its default value
#dha_default.
If you select a specific digest algorithm and that algorithm
is not allowed by the signature field's seed values,
signing will fail.
The following name parameters control the signing method and
related aspects of the signature:
- DetachedHashAlgorithm (integer)
- IgnoreSeedValues (integer)
- Method (integer)
.
The following named parameters control the private key used for
signing:
- Certificate (blob)
- CertificatePrivateKey (blob)
- GenerateECCKeyPair(string)
- GenerateKeyPair (integer)
- PKCS#12Password (string)
.
The following named parameters control rendering of the signature
image from biometric data:
- BiometricData (blob)
- PenWidth (integer)
- RenderSignature (integer)
- RenderWidth (integer)
- SignatureColor (color)
.
The following named parameters put additional data into the
signature:
- ContactInfo (string)
- Filter (string)
- Location (string)
- Reason (string)
- Signer (string)
- Timestamp (string)
.
The following named parameters provide texts for the appearance
of a signature in PDF documents:
- Adviser (string)
- Comment (string)
- ContactInfo (string)
- Location (string)
- Reason (string)
- Signer (string)
- SignTime (string)
- Text1 through Text9 (string)
.
The following parameters control how a signed signature
field in a PDF document will look like(parameters marked with *
can be overridden with blob parameter "Template") :
- FontName(string) *
- FontSize(length) *
- Image (blob)
- ImageDPI(integer)
- ImageHAlignment (integer) *
- ImageMargin (length) *
- ImageTransparency (integer) *
- ImageVAlignment (integer) *
- SignatureColor (color)
- Template (blob)
- TextColor (color) *
- TextHAlignment (integer) *
- TextHMargin (length) *
- TextPosition (integer) *
- TextVAlignment (integer) *
The following named parameters control the signing certificate:
- Certificate (blob)
- PKCS#12Password (string)
.
The following named parameters are used for generating a self-signed
certificate on the fly (you also need to set at least one parameter
for the private key):
- CertificateSigningAlgorithm (integer)
- CommonName (string)
- Country (string)
- Locality (string)
- Organization (string)
- OrganizationUnit (string)
.
The following named parameters are used for putting biometric data
(handwritten signature) into the signature:
- BiometricData (blob)
- BiometricEncryption (integer)
- BiometricHashLocation(integer)
- BiometricKey (blob)
- BiometricKeyPath (string)
- BiometricPassphrase (string)
.
The following named parameters control the certificate selection dialog:
- FilterCertificatesByIssuerCertificate (blob)
- FilterCertificatesByPolicy (string)
- FilterCertificatesBySubjectCertificate (blob)
- FilterCertificatesBySubjectDN (string)
- SelectCertificate (integer)
- SelectCertificateMessage (string)
- SelectCertificateTitle (string)
.
The following named parameters control RFC 3161 timestamps:
- TimeStampClientCertificatePath (string)
- TimeStampClientKeyPath (string)
- TimeStampHashAlgorithm (integer)
- TimeStampRetries (integer)
- TimeStampServerPassword (string)
- TimeStampServerTimeout (integer)
- TimeStampServerURL (string)
- TimeStampServerUser (string)
- TimeStampSize (integer)
- TimeStampUserAgent (string)
.
The following named parameters put additional certificates and
revocation information into the signature:
- AddCertificates (integer)
- AddRevocationInfo (integer)
- IntermediateCertificate (blob)
.
The following named parameters do not fall into the above categories:
- OutputPath (string)
- Optimize (integer)
- PDFAButtons (integer)
Inheritance Hierarchy SystemObject de.softpro.signdocsdkSignDocSignatureParameters
Namespace:
de.softpro.signdocsdk
Assembly:
SPSignDoc_4.3_DotNetLib (in SPSignDoc_4.3_DotNetLib.dll) Version: 1.0.6773.37566
Syntax public sealed class SignDocSignatureParameters : IDisposable
The SignDocSignatureParameters type exposes the following members.
Methods
| Name | Description |
---|
| addTextItem | Add another string to be displayed, top down.
For DigSig signature fields, this function adds another string to
the appearance stream of PDF documents.
The first call clears any default strings.
The default values depend on the profile passed to
SignDocDocument.createSignatureParameters().
Profile | Value |
---|
"" | #ti_signer/#tg_master, #ti_sign_time/#tg_master | "image" | (empty) |
The paragraph direction is 0 which is treated like #tid_ltr.
See also blob parameter "Template".
|
| addTextItem2 | Add another string to be displayed, top down, with
paragraph direction.
For DigSig signature fields, this function adds another string to
the appearance stream of PDF documents.
The first call clears any default strings.
The default values depend on the profile passed to
SignDocDocument.createSignatureParameters():
Profile | Value |
---|
"" | #ti_signer/#tg_master, #ti_sign_time/#tg_master | "image" | (empty) |
See also blob parameter "Template".
|
| clearTextItems | Remove all strings that were to be displayed.
addTextItem() cannot remove the default strings without adding
a new string. This function does.
See also blob parameter "Template".
|
| destroy | Destroy this object, overwriting sensitive data.
After calling this method, all methods of this object will throw.
|
| Dispose | Releases all resources used by the SignDocSignatureParameters |
| getAvailableMethods | Get a bitset indicating which signing methods are available
for this signature field.
|
| getErrorMessage | Get an error message for the last function call. |
| getStateBlob | Get the status of a parameter. |
| getStateCol | Get the status of a parameter. |
| getStateInt | Get the status of a parameter. |
| getStateLen | Get the status of a parameter. |
| getStateStr | Get the status of a parameter. |
| getTemplate | Get an XML document specifying the current layout.
This function can be used for debugging and for reporting bugs.
This function will fail if the "Template" blob parameter is invalid.
|
| setBlob | Set a blob parameter.
|
| setColor | Set a color parameter.
|
| setECDSA | Set an object which will compute an ECDSA signature.
By default, ECDSA signatures are computed internally which means
that the private key must be available on this machine.
Requirements for string parameters:
- GenerateECCKeyPair must not be set
.
Requirements for integer parameters:
- GenerateKeyPair must not be set
- SelectCertificate must be zero (which is the default value)
.
Requirements for blob parameters:
- Certificate must not be set
- CertificatePrivateKey must not be set
.
setRSA() and setPKCS7() must not have been called
|
| setInteger | Set an integer parameter.
|
| setLength | Set a length parameter. |
| setPKCS7 |
Set an object which will create a PKCS #7 or CAdES signature.
By default, PKCS #7 and CAdES signatures are handled internally
which means that the private key must be available on this
machine.
Requirements for string parameters:
- CommonName must not be set
- Country must not be set
- GenerateECCKeyPair must not be set
- Locality must not be set
- Organization must not be set
- OrganizationUnit must not be set
Requirements for integer parameters:
- GenerateKeyPair must not be set
- Method must be #m_digsig_pkcs7_detached,
#m_digsig_pkcs7_sha1, or #m_digsig_cades_detached
- SelectCertificate must be zero (which is the default value)
Requirements for blob parameters:
- Certificate must not be set
- CertificatePrivateKey must not be set
setECDSA() and setRSA() must not have been called
The SignPKCS7 interface is quite hard to use, please use setRSA()
and the SignRSA interface or setECDSA() and the SignECDSA interface
instead.
|
| setRSA | Set an object which will compute an RSA signature.
By default, RSA signatures are computed internally which means
that the private key must be available on this machine.
Requirements for string parameters :
- GenerateECCKeyPair must not be set.
Requirements for integer parameters:
- GenerateKeyPair must not be set
- SelectCertificate must be zero (which is the default value)
Requirements for blob parameters:
- Certificate must not be set
- CertificatePrivateKey must not be set
setECDSA() and setPKCS7() must not have been called
|
| setString | Set a string parameter.
|
| setTextItemDirection | Set the paragraph direction of text items.
This function sets the paragraph direction of all existing text items
matching @a aItem.
See also blob parameter "Template".
|
TopRemarks
The interaction between some parameters is quite complex; the following
section tries to summarize the signing methods for PDF documents.
- (1a)
- Default method, private key and self-signed certificate created
on the fly:
- Method: #m_default
- CommonName: signer's name
- GenerateKeyPair: 1024-4096 (or GenerateECCKeyPair)
- (1b)
- Default method, the certificate and its key are provided as
PKCS #12 blob:
- Method: #m_default
- Certificate: PKCS #12 blob containing certificate (need not be
self-signed) and its private key
- PKCS#12Password: password for private key in the PKCS #12 blob
- (1c)
- Default method, private key provided, certificate
provided:
- Method: #m_default
- Certificate: certificate
- CertificatePrivateKey: private key for the certificate
- (1d)
- Default method, user must select certificate:
- Method: #m_default
- SelectCertificate: #csf_software and/or #csf_hardware
- (1e)
- Default method, user may select certificate or choose to create
a self-signed certificate, the private key of which will be generated:
- Method: #m_default
- SelectCertificate: #csf_software and/or #csf_hardware
- CommonName: signer's name (for self-signed certificate)
- GenerateKeyPair: 1024-4096 (or GenerateECCKeyPair)
- (1f)
- Default method, the certificate is selected programmatically or
by the PDF document without user interaction:
- Method: #m_default
- SelectCertificate: #csf_software and/or #csf_hardware, #csf_never_ask
- FilterCertificatesByPolicy: accept certificates having all of these certificate policies
- FilterCertificatesByIssuerCertificate: the acceptable issuer certificates (optional)
- FilterCertificatesBySubjectCertificate: the acceptable certificates (optional)
- FilterCertificatesBySubjectDN: accept certificates issued for these subjects (optional)
- (1g)
- Default method via SignRSA or SignECDSA interface:
- Method: #m_default
.
See setRSA() and setECDSA() for details.
- (1h)
- Default method, private key provided, self-signed certificate
created on the fly:
- Method: #m_default
- CommonName: signer's name
- CertificatePrivateKey: private key for the self-signed certificate
- (1i)
- Default method, user may select certificate or choose to create
a self-signed certificate, the private key of which is provided:
- Method: #m_default
- SelectCertificate: #csf_software and/or #csf_hardware
- CommonName: signer's name (for self-signed certificate)
- CertificatePrivateKey: private key for the self-signed certificate
- (1j)
- Default method, user may select certificate or choose to "create"
a self-signed certificate, the certificate to be used in that case
and its key are provided separately:
- Method: #m_default
- SelectCertificate: #csf_software and/or #csf_hardware, #csf_create_self_signed
- Certificate: certificate
- CertificatePrivateKey: private key for the certificate
- (1k)
- Default method, user may select certificate or choose to "create"
a self-signed certificate, the certificate to be used in that case
and its key are provided as PKCS #12 blob:
- Method: #m_default
- SelectCertificate: #csf_software and/or #csf_hardware, #csf_create_self_signed
- Certificate: PKCS #12 blob containing certificate (need not be
self-signed) and its private key
- PKCS#12Password: password for private key in the PKCS #12 blob
- (2a)
- PKCS #7 or CAdES, private key and self-signed certificate created
on the fly:
- Method: #m_digsig_pkcs7_detached, #m_digsig_pkcs7_sha1, or
#m_digsig_cades_detached
- DetachedHashAlgorithm: hash algorithm for #m_digsig_pkcs7_detached
and #m_digsig_cades_detached
- CommonName: signer's name
- GenerateKeyPair: 1024-4096 (or GenerateECCKeyPair)
- (2b)
- PKCS #7 or CAdES, the certificate and its key are provided as
PKCS #12 blob:
- Method: #m_digsig_pkcs7_detached, #m_digsig_pkcs7_sha1, or
#m_digsig_cades_detached
- DetachedHashAlgorithm: hash algorithm for #m_digsig_pkcs7_detached
and #m_digsig_cades_detached
- Certificate: PKCS #12 blob containing certificate (need not be
self-signed) and its private key
- PKCS#12Password: password for private key in the PKCS #12 blob
- (2c)
- PKCS #7 or CAdES, private key provided, certificate
provided:
- Method: #m_digsig_pkcs7_detached, #m_digsig_pkcs7_sha1, or
#m_digsig_cades_detached
- DetachedHashAlgorithm: hash algorithm for #m_digsig_pkcs7_detached
and #m_digsig_cades_detached
- Certificate: certificate
- CertificatePrivateKey: private key for the certificate
- (2d)
- PKCS #7 or CAdES, user must select certificate:
- Method: #m_digsig_pkcs7_detached, #m_digsig_pkcs7_sha1, or
#m_digsig_cades_detached
- DetachedHashAlgorithm: hash algorithm for #m_digsig_pkcs7_detached
and #m_digsig_cades_detached
- SelectCertificate: #csf_software and/or #csf_hardware
- (2e)
- PKCS #7 or CAdES, user may select certificate or choose to create
a self-signed certificate, the private key of which will be generated:
- Method: #m_digsig_pkcs7_detached, #m_digsig_pkcs7_sha1, or
#m_digsig_cades_detached
- DetachedHashAlgorithm: hash algorithm for #m_digsig_pkcs7_detached
and #m_digsig_cades_detached
- SelectCertificate: #csf_software and/or #csf_hardware
- CommonName: signer's name (for self-signed certificate)
- GenerateKeyPair: 1024-4096
- (2f)
- PKCS #7 or CAdES, the certificate is selected programmatically or
by the PDF document without user interaction:
- Method: #m_digsig_pkcs7_detached, #m_digsig_pkcs7_sha1, or
#m_digsig_cades_detached
- DetachedHashAlgorithm: hash algorithm for #m_digsig_pkcs7_detached
and #m_digsig_cades_detached
- SelectCertificate: #csf_software and/or #csf_hardware, #csf_never_ask
- FilterCertificatesByPolicy: accept certificates having all of these certificate policies
- FilterCertificatesByIssuerCertificate: the acceptable issuer certificates (optional)
- FilterCertificatesBySubjectCertificate: the acceptable certificates (optional)
- FilterCertificatesBySubjectDN: accept certificates issued for these subjects (optional)
- (2g)
- PKCS #7 or CAdES via SignRSA or SignECDSA interface:
- Method: m_digsig_pkcs7_detached, m_digsig_pkcs7_sha1, or
m_digsig_cades_detached
.
See setRSA() for and setECDSA() details.
- (2h)
- PKCS #7 or CAdES, private key provided, self-signed certificate
created on the fly:
- Method: #m_digsig_pkcs7_detached, #m_digsig_pkcs7_sha1, or
#m_digsig_cades_detached
- DetachedHashAlgorithm: hash algorithm for #m_digsig_pkcs7_detached
and #m_digsig_cades_detached
- CommonName: signer's name
- CertificatePrivateKey: private key for the self-signed certificate
- (2i)
- PKCS #7 or CAdES, user may select certificate or choose to create
a self-signed certificate, the private key of which is provided:
- Method: #m_digsig_pkcs7_detached, #m_digsig_pkcs7_sha1, or
#m_digsig_cades_detached
- DetachedHashAlgorithm: hash algorithm for #m_digsig_pkcs7_detached
and #m_digsig_cades_detached
- SelectCertificate: #csf_software and/or #csf_hardware
- CommonName: signer's name (for self-signed certificate)
- CertificatePrivateKey: private key for the self-signed certificate
- (2j)
- PKCS #7 or CAdES, user may select certificate or choose to "create"
a self-signed certificate, the certificate to be used in that case
and its key are provided separately:
- Method: #m_digsig_pkcs7_detached, #m_digsig_pkcs7_sha1,
or #m_digsig_cades_detached
- DetachedHashAlgorithm: hash algorithm for #m_digsig_pkcs7_detached
and #m_digsig_cades_detached
- SelectCertificate: #csf_software and/or #csf_hardware, #csf_create_self_signed
- Certificate: certificate
- CertificatePrivateKey: private key for the certificate
- (2k)
- PKCS #7 or CAdES, user may select certificate or choose to "create"
a self-signed certificate, the certificate to be used in that case
and its key are provided as PKCS #12 blob:
- Method: #m_digsig_pkcs7_detached, #m_digsig_pkcs7_sha1,
or #m_digsig_cades_detached
- DetachedHashAlgorithm: hash algorithm for #m_digsig_pkcs7_detached
and #m_digsig_cades_detached
- SelectCertificate: #csf_software and/or #csf_hardware, #csf_create_self_signed
- Certificate: PKCS #12 blob containing certificate (need not be
self-signed) and its private key
- PKCS#12Password: password for private key in the PKCS #12 blob
- (2l)
- PKCS #7 or CAdES via SignPKCS7 interface:
- Method: #m_digsig_pkcs7_detached, #m_digsig_pkcs7_sha1, or
#m_digsig_cades_detached
.
See setPKCS7() for details.
- (3a)
- PKCS #1, private key and self-signed certificate created on the fly:
- Method: #m_digsig_pkcs1
- CommonName: signer's name
- GenerateKeyPair: 1024-4096
- (3b)
- PKCS #1 via SignRSA or SignECDSA interface:
- Method: m_digsig_pkcs1
.
See setRSA() and setECDSA() for details.
- (3c)
- PKCS #1, private key provided, self-signed certificate created on
the fly:
- Method: #m_digsig_pkcs1
- CommonName: signer's name
- CertificatePrivateKey: private key for the self-signed certificate
- (3d)
- PKCS #1, private key provided, self-signed certificate provided:
- Method: #m_digsig_pkcs1
- Certificate: self-signed certificate
- CertificatePrivateKey: private key for the certificate
- (4a)
- document time stamp using a SignDocSignatureParameters object created by
SignDocDocument.createSignatureParametersForTimeStamp() :
-TimeStampServerURL : URL of time stamp server
Additionally:
You may want to set string parameter "Filter" to "Adobe.PPKLite".
-You may want to set integer parameter "IgnoreSeedValues" if you
set integer parameter "Method" and / or "DetachedHashAlgorithm".
- Set integer parameter "Optimize" to o_optimize unless
SignDocDocument.getRequiredSaveToFileFlags()
indicates that SignDocDocument.sf_incremental must be used.
Note that o_optimize requires string parameter "OutputPath" or
"TemporaryDirectory".
.
For TIFF documents, an additional, simplified signing method is available:
(4)just a hash:
- Method: m_hash
- CommonName: signer's name
See Also