Click or drag to resize
SignDocSignatureParameters Class
Parameters for signing a document. Use SignDocDocument.createSignatureParameters() or SignDocDocument.createSignatureParametersForTimeStamp() to create objects of this type. The available parameters depend both on the document type and on the signature field for which the SignDocSignatureParameters object has been created. All setters have a special value for one of their arguments which can be used for checking if the parameter can be set. SignDocDocument.addSignature() may fail due to invalid parameters even if all setters reported success as the setters do not check if there are conflicts between parameters. Which certificates are acceptable may be restricted by the application (by using csf_software and csf_hardware of integer parameter "SelectCertificate", blob parameters "FilterCertificatesByIssuerCertificate" and "FilterCertificatesBySubjectCertificate", and string parameters "FilterCertificatesByPolicy" and "FilterCertificatesBySubjectDN") and by the PDF document (certificate seed value dictionary). If no matching certificate is available (for instance, because integer parameter "SelectCertificate" is zero), SignDocDocument.addSignature() will throw SignDocNoCertificateException. If more than one matching certificate is available but csf_never_ask is specified in integer parameter "SelectCertificate"), SignDocDocument.addSignature() will throw SignDocAmbiguousCertificateException. To make the signature maximally meaningful, integer parameter "AddCertificates" should be ac_all (which is the default value) and integer parameter "AddRevocationInfo" should include #ari_add. Unless you need a specific signing method, you should leave integer parameter "Method" at its default value #m_default. If you select a specific signing method and that method is not allowed by the signature field's seed values, signing will fail. Unless you need a specific digest algorithm, you should leave integer parameter "DetachedHashAlgorithm" at its default value #dha_default. If you select a specific digest algorithm and that algorithm is not allowed by the signature field's seed values, signing will fail. 
The following name parameters control the signing method and
related aspects of the signature:

-   DetachedHashAlgorithm (integer)
-   IgnoreSeedValues (integer)
-   Method (integer)
.

The following named parameters control the private key used for
signing:
-   Certificate (blob)
-   CertificatePrivateKey (blob)
-   GenerateECCKeyPair(string)
-   GenerateKeyPair (integer)
-   PKCS#12Password (string)
.

The following named parameters control rendering of the signature
image from biometric data:
-   BiometricData (blob)
-   PenWidth (integer)
-   RenderSignature (integer)
-   RenderWidth (integer)
-   SignatureColor (color)
.

The following named parameters put additional data into the
signature:
-   ContactInfo (string)
-   Filter (string)
-   Location (string)
-   Reason (string)
-   Signer (string)
-   Timestamp (string)
.

The following named parameters provide texts for the appearance
of a signature in PDF documents:
-   Adviser (string)
-   Comment (string)
-   ContactInfo (string)
-   Location (string)
-   Reason (string)
-   Signer (string)
-   SignTime (string)
-   Text1 through Text9 (string)
.

 The following parameters control how a signed signature
 field in a PDF document will look like(parameters marked with *
can be overridden with blob parameter "Template") :
-   FontName(string) *
-   FontSize(length) *
-   Image (blob)
-   ImageDPI(integer)
-   ImageHAlignment (integer) *
-   ImageMargin (length) *
-   ImageTransparency (integer) *
-   ImageVAlignment (integer) *
-   SignatureColor (color)
-   Template (blob)
-   TextColor (color) *
-   TextHAlignment (integer) *
-   TextHMargin (length) *
-   TextPosition (integer) *
-   TextVAlignment (integer) *


The following named parameters control the signing certificate:
-   Certificate (blob)
-   PKCS#12Password (string)
.

The following named parameters are used for generating a self-signed
certificate on the fly (you also need to set at least one parameter
for the private key):
-   CertificateSigningAlgorithm (integer)
-   CommonName (string)
-   Country (string)
-   Locality (string)
-   Organization (string)
-   OrganizationUnit (string)
.

The following named parameters are used for putting biometric data
(handwritten signature) into the signature:
-   BiometricData (blob)
-   BiometricEncryption (integer)
-   BiometricHashLocation(integer)
-   BiometricKey (blob)
-   BiometricKeyPath (string)
-   BiometricPassphrase (string)
.

The following named parameters control the certificate selection dialog:
-   FilterCertificatesByIssuerCertificate (blob)
-   FilterCertificatesByPolicy (string)
-   FilterCertificatesBySubjectCertificate (blob)
-   FilterCertificatesBySubjectDN (string)
-   SelectCertificate (integer)
-   SelectCertificateMessage (string)
-   SelectCertificateTitle (string)
.

The following named parameters control RFC 3161 timestamps:
-   TimeStampClientCertificatePath (string)
-   TimeStampClientKeyPath (string)
-   TimeStampHashAlgorithm (integer)
-   TimeStampRetries (integer)
-   TimeStampServerPassword (string)
-   TimeStampServerTimeout (integer)
-   TimeStampServerURL (string)
-   TimeStampServerUser (string)
-   TimeStampSize (integer)
-   TimeStampUserAgent (string)
.

The following named parameters put additional certificates and
revocation information into the signature:
-   AddCertificates (integer)
-   AddRevocationInfo (integer)
-   IntermediateCertificate (blob)
.

The following named parameters do not fall into the above categories:
-   OutputPath (string)
-   Optimize (integer)
-   PDFAButtons (integer)
Inheritance Hierarchy
SystemObject
  de.softpro.signdocsdkSignDocSignatureParameters

Namespace:  de.softpro.signdocsdk
Assembly:  SPSignDoc_4.3_DotNetLib (in SPSignDoc_4.3_DotNetLib.dll) Version: 1.0.6773.37566
Syntax
C#
Copy
public sealed class SignDocSignatureParameters : IDisposable

The SignDocSignatureParameters type exposes the following members.

Methods
  NameDescription
Public methodaddTextItem
Add another string to be displayed, top down. For DigSig signature fields, this function adds another string to the appearance stream of PDF documents. The first call clears any default strings. The default values depend on the profile passed to SignDocDocument.createSignatureParameters().
ProfileValue
""#ti_signer/#tg_master, #ti_sign_time/#tg_master
"image"(empty)
The paragraph direction is 0 which is treated like #tid_ltr. See also blob parameter "Template".
Public methodaddTextItem2
Add another string to be displayed, top down, with paragraph direction. For DigSig signature fields, this function adds another string to the appearance stream of PDF documents. The first call clears any default strings. The default values depend on the profile passed to SignDocDocument.createSignatureParameters():
ProfileValue
"" #ti_signer/#tg_master, #ti_sign_time/#tg_master
"image"(empty)
See also blob parameter "Template".
Public methodclearTextItems
Remove all strings that were to be displayed. addTextItem() cannot remove the default strings without adding a new string. This function does. See also blob parameter "Template".
Public methoddestroy
Destroy this object, overwriting sensitive data. After calling this method, all methods of this object will throw.
Public methodDispose
Releases all resources used by the SignDocSignatureParameters
Public methodgetAvailableMethods
Get a bitset indicating which signing methods are available for this signature field.
Public methodgetErrorMessage
Get an error message for the last function call.
Public methodgetStateBlob
Get the status of a parameter.
Public methodgetStateCol
Get the status of a parameter.
Public methodgetStateInt
Get the status of a parameter.
Public methodgetStateLen
Get the status of a parameter.
Public methodgetStateStr
Get the status of a parameter.
Public methodgetTemplate
Get an XML document specifying the current layout. This function can be used for debugging and for reporting bugs. This function will fail if the "Template" blob parameter is invalid.
Public methodsetBlob
Set a blob parameter.
Public methodsetColor
Set a color parameter.
Public methodsetECDSA
Set an object which will compute an ECDSA signature. By default, ECDSA signatures are computed internally which means that the private key must be available on this machine. Requirements for string parameters: - GenerateECCKeyPair must not be set . Requirements for integer parameters: - GenerateKeyPair must not be set - SelectCertificate must be zero (which is the default value) . Requirements for blob parameters: - Certificate must not be set - CertificatePrivateKey must not be set . setRSA() and setPKCS7() must not have been called
Public methodsetInteger
Set an integer parameter.
Public methodsetLength
Set a length parameter.
Public methodsetPKCS7

Set an object which will create a PKCS #7 or CAdES signature.

By default, PKCS #7 and CAdES signatures are handled internally which means that the private key must be available on this machine.

Requirements for string parameters: - CommonName must not be set - Country must not be set - GenerateECCKeyPair must not be set - Locality must not be set - Organization must not be set - OrganizationUnit must not be set

Requirements for integer parameters: - GenerateKeyPair must not be set - Method must be #m_digsig_pkcs7_detached, #m_digsig_pkcs7_sha1, or #m_digsig_cades_detached - SelectCertificate must be zero (which is the default value)

Requirements for blob parameters: - Certificate must not be set - CertificatePrivateKey must not be set setECDSA() and setRSA() must not have been called

The SignPKCS7 interface is quite hard to use, please use setRSA() and the SignRSA interface or setECDSA() and the SignECDSA interface instead.
Public methodsetRSA
Set an object which will compute an RSA signature. By default, RSA signatures are computed internally which means that the private key must be available on this machine. Requirements for string parameters : - GenerateECCKeyPair must not be set. Requirements for integer parameters: - GenerateKeyPair must not be set - SelectCertificate must be zero (which is the default value) Requirements for blob parameters: - Certificate must not be set - CertificatePrivateKey must not be set setECDSA() and setPKCS7() must not have been called
Public methodsetString
Set a string parameter.
Public methodsetTextItemDirection
Set the paragraph direction of text items. This function sets the paragraph direction of all existing text items matching @a aItem. See also blob parameter "Template".
Top
Remarks
The interaction between some parameters is quite complex; the following section tries to summarize the signing methods for PDF documents.
  • (1a)
    Default method, private key and self-signed certificate created on the fly: - Method: #m_default - CommonName: signer's name - GenerateKeyPair: 1024-4096 (or GenerateECCKeyPair)
  • (1b)
    Default method, the certificate and its key are provided as PKCS #12 blob: - Method: #m_default - Certificate: PKCS #12 blob containing certificate (need not be self-signed) and its private key - PKCS#12Password: password for private key in the PKCS #12 blob
  • (1c)
    Default method, private key provided, certificate provided: - Method: #m_default - Certificate: certificate - CertificatePrivateKey: private key for the certificate
  • (1d)
    Default method, user must select certificate: - Method: #m_default - SelectCertificate: #csf_software and/or #csf_hardware
  • (1e)
    Default method, user may select certificate or choose to create a self-signed certificate, the private key of which will be generated: - Method: #m_default - SelectCertificate: #csf_software and/or #csf_hardware - CommonName: signer's name (for self-signed certificate) - GenerateKeyPair: 1024-4096 (or GenerateECCKeyPair)
  • (1f)
    Default method, the certificate is selected programmatically or by the PDF document without user interaction: - Method: #m_default - SelectCertificate: #csf_software and/or #csf_hardware, #csf_never_ask - FilterCertificatesByPolicy: accept certificates having all of these certificate policies - FilterCertificatesByIssuerCertificate: the acceptable issuer certificates (optional) - FilterCertificatesBySubjectCertificate: the acceptable certificates (optional) - FilterCertificatesBySubjectDN: accept certificates issued for these subjects (optional)
  • (1g)
    Default method via SignRSA or SignECDSA interface: - Method: #m_default . See setRSA() and setECDSA() for details.
  • (1h)
    Default method, private key provided, self-signed certificate created on the fly: - Method: #m_default - CommonName: signer's name - CertificatePrivateKey: private key for the self-signed certificate
  • (1i)
    Default method, user may select certificate or choose to create a self-signed certificate, the private key of which is provided: - Method: #m_default - SelectCertificate: #csf_software and/or #csf_hardware - CommonName: signer's name (for self-signed certificate) - CertificatePrivateKey: private key for the self-signed certificate
  • (1j)
    Default method, user may select certificate or choose to "create" a self-signed certificate, the certificate to be used in that case and its key are provided separately: - Method: #m_default - SelectCertificate: #csf_software and/or #csf_hardware, #csf_create_self_signed - Certificate: certificate - CertificatePrivateKey: private key for the certificate
  • (1k)
    Default method, user may select certificate or choose to "create" a self-signed certificate, the certificate to be used in that case and its key are provided as PKCS #12 blob: - Method: #m_default - SelectCertificate: #csf_software and/or #csf_hardware, #csf_create_self_signed - Certificate: PKCS #12 blob containing certificate (need not be self-signed) and its private key - PKCS#12Password: password for private key in the PKCS #12 blob
  • (2a)
    PKCS #7 or CAdES, private key and self-signed certificate created on the fly: - Method: #m_digsig_pkcs7_detached, #m_digsig_pkcs7_sha1, or #m_digsig_cades_detached - DetachedHashAlgorithm: hash algorithm for #m_digsig_pkcs7_detached and #m_digsig_cades_detached - CommonName: signer's name - GenerateKeyPair: 1024-4096 (or GenerateECCKeyPair)
  • (2b)
    PKCS #7 or CAdES, the certificate and its key are provided as PKCS #12 blob: - Method: #m_digsig_pkcs7_detached, #m_digsig_pkcs7_sha1, or #m_digsig_cades_detached - DetachedHashAlgorithm: hash algorithm for #m_digsig_pkcs7_detached and #m_digsig_cades_detached - Certificate: PKCS #12 blob containing certificate (need not be self-signed) and its private key - PKCS#12Password: password for private key in the PKCS #12 blob
  • (2c)
    PKCS #7 or CAdES, private key provided, certificate provided: - Method: #m_digsig_pkcs7_detached, #m_digsig_pkcs7_sha1, or #m_digsig_cades_detached - DetachedHashAlgorithm: hash algorithm for #m_digsig_pkcs7_detached and #m_digsig_cades_detached - Certificate: certificate - CertificatePrivateKey: private key for the certificate
  • (2d)
    PKCS #7 or CAdES, user must select certificate: - Method: #m_digsig_pkcs7_detached, #m_digsig_pkcs7_sha1, or #m_digsig_cades_detached - DetachedHashAlgorithm: hash algorithm for #m_digsig_pkcs7_detached and #m_digsig_cades_detached - SelectCertificate: #csf_software and/or #csf_hardware
  • (2e)
    PKCS #7 or CAdES, user may select certificate or choose to create a self-signed certificate, the private key of which will be generated: - Method: #m_digsig_pkcs7_detached, #m_digsig_pkcs7_sha1, or #m_digsig_cades_detached - DetachedHashAlgorithm: hash algorithm for #m_digsig_pkcs7_detached and #m_digsig_cades_detached - SelectCertificate: #csf_software and/or #csf_hardware - CommonName: signer's name (for self-signed certificate) - GenerateKeyPair: 1024-4096
  • (2f)
    PKCS #7 or CAdES, the certificate is selected programmatically or by the PDF document without user interaction: - Method: #m_digsig_pkcs7_detached, #m_digsig_pkcs7_sha1, or #m_digsig_cades_detached - DetachedHashAlgorithm: hash algorithm for #m_digsig_pkcs7_detached and #m_digsig_cades_detached - SelectCertificate: #csf_software and/or #csf_hardware, #csf_never_ask - FilterCertificatesByPolicy: accept certificates having all of these certificate policies - FilterCertificatesByIssuerCertificate: the acceptable issuer certificates (optional) - FilterCertificatesBySubjectCertificate: the acceptable certificates (optional) - FilterCertificatesBySubjectDN: accept certificates issued for these subjects (optional)
  • (2g)
    PKCS #7 or CAdES via SignRSA or SignECDSA interface: - Method: m_digsig_pkcs7_detached, m_digsig_pkcs7_sha1, or m_digsig_cades_detached . See setRSA() for and setECDSA() details.
  • (2h)
    PKCS #7 or CAdES, private key provided, self-signed certificate created on the fly: - Method: #m_digsig_pkcs7_detached, #m_digsig_pkcs7_sha1, or #m_digsig_cades_detached - DetachedHashAlgorithm: hash algorithm for #m_digsig_pkcs7_detached and #m_digsig_cades_detached - CommonName: signer's name - CertificatePrivateKey: private key for the self-signed certificate
  • (2i)
    PKCS #7 or CAdES, user may select certificate or choose to create a self-signed certificate, the private key of which is provided: - Method: #m_digsig_pkcs7_detached, #m_digsig_pkcs7_sha1, or #m_digsig_cades_detached - DetachedHashAlgorithm: hash algorithm for #m_digsig_pkcs7_detached and #m_digsig_cades_detached - SelectCertificate: #csf_software and/or #csf_hardware - CommonName: signer's name (for self-signed certificate) - CertificatePrivateKey: private key for the self-signed certificate
  • (2j)
    PKCS #7 or CAdES, user may select certificate or choose to "create" a self-signed certificate, the certificate to be used in that case and its key are provided separately: - Method: #m_digsig_pkcs7_detached, #m_digsig_pkcs7_sha1, or #m_digsig_cades_detached - DetachedHashAlgorithm: hash algorithm for #m_digsig_pkcs7_detached and #m_digsig_cades_detached - SelectCertificate: #csf_software and/or #csf_hardware, #csf_create_self_signed - Certificate: certificate - CertificatePrivateKey: private key for the certificate
  • (2k)
    PKCS #7 or CAdES, user may select certificate or choose to "create" a self-signed certificate, the certificate to be used in that case and its key are provided as PKCS #12 blob: - Method: #m_digsig_pkcs7_detached, #m_digsig_pkcs7_sha1, or #m_digsig_cades_detached - DetachedHashAlgorithm: hash algorithm for #m_digsig_pkcs7_detached and #m_digsig_cades_detached - SelectCertificate: #csf_software and/or #csf_hardware, #csf_create_self_signed - Certificate: PKCS #12 blob containing certificate (need not be self-signed) and its private key - PKCS#12Password: password for private key in the PKCS #12 blob
  • (2l)
    PKCS #7 or CAdES via SignPKCS7 interface: - Method: #m_digsig_pkcs7_detached, #m_digsig_pkcs7_sha1, or #m_digsig_cades_detached . See setPKCS7() for details.
  • (3a)
    PKCS #1, private key and self-signed certificate created on the fly: - Method: #m_digsig_pkcs1 - CommonName: signer's name - GenerateKeyPair: 1024-4096
  • (3b)
    PKCS #1 via SignRSA or SignECDSA interface: - Method: m_digsig_pkcs1 . See setRSA() and setECDSA() for details.
  • (3c)
    PKCS #1, private key provided, self-signed certificate created on the fly: - Method: #m_digsig_pkcs1 - CommonName: signer's name - CertificatePrivateKey: private key for the self-signed certificate
  • (3d)
    PKCS #1, private key provided, self-signed certificate provided: - Method: #m_digsig_pkcs1 - Certificate: self-signed certificate - CertificatePrivateKey: private key for the certificate
  • (4a)
    document time stamp using a SignDocSignatureParameters object created by SignDocDocument.createSignatureParametersForTimeStamp() : -TimeStampServerURL : URL of time stamp server
Additionally: You may want to set string parameter "Filter" to "Adobe.PPKLite". -You may want to set integer parameter "IgnoreSeedValues" if you set integer parameter "Method" and / or "DetachedHashAlgorithm". - Set integer parameter "Optimize" to o_optimize unless SignDocDocument.getRequiredSaveToFileFlags() indicates that SignDocDocument.sf_incremental must be used. Note that o_optimize requires string parameter "OutputPath" or "TemporaryDirectory". . For TIFF documents, an additional, simplified signing method is available: (4)just a hash: - Method: m_hash - CommonName: signer's name
See Also