Parameters for signing a document.
More...
#include <SignDocSDK-cpp.h>
Public Types |
| enum | Method {
m_default,
m_digsig_pkcs1,
m_digsig_pkcs7_detached,
m_digsig_pkcs7_sha1,
m_hash,
m_digsig_cades_detached,
m_digsig_cades_rfc3161
} |
| | Signing methods.
More...
|
| enum | DetachedHashAlgorithm {
dha_default,
dha_sha1,
dha_sha256,
dha_sha384,
dha_sha512,
dha_ripemd160,
dha_sha224
} |
| | Hash Algorithm to be used for a detached signature.
More...
|
| enum | AddCertificates { ac_all,
ac_none,
ac_trusted
} |
| | Values for integer parameter "AddCertificates".
More...
|
| enum | AddRevocationInfo { ari_add = 0x01
} |
| | Flags for integer parameter "AddRevocationInfo".
More...
|
| enum | RemoveXFA { rx_always,
rx_if_allowed,
rx_never
} |
| | Values for integer parameter "RemoveXFA".
More...
|
| enum | TimeStampHashAlgorithm {
tsha_default,
tsha_sha1,
tsha_sha256,
tsha_sha384,
tsha_sha512
} |
| | Hash Algorithm to be used for RFC 3161 timestamps.
More...
|
| enum | Optimize { o_optimize,
o_dont_optimize
} |
| | Optimization of document before signing.
More...
|
| enum | PDFAButtons { pb_freeze,
pb_dont_freeze,
pb_auto
} |
| | Fix appearance streams of check boxes and radio buttons for PDF/A-1 without Technical Corrigendum 2.
More...
|
| enum | CertificateSigningAlgorithm {
csa_sha1_rsa,
csa_md5_rsa,
csa_sha256_rsa,
csa_sha384_rsa,
csa_sha512_rsa,
csa_ripemd160_rsa,
csa_ecdsa_sha1,
csa_ecdsa_sha224,
csa_ecdsa_sha256,
csa_ecdsa_sha384,
csa_ecdsa_sha512
} |
| | Signing algorithms for self-signed certificates.
More...
|
| enum | RSASignatureScheme { rss_pkcs1,
rss_pss
} |
| | Signing scheme for RSA signatures.
More...
|
| enum | BiometricEncryption {
be_rsa,
be_fixed,
be_binary,
be_passphrase,
be_dont_store
} |
| | Select how to encrypt the biometric data.
More...
|
| enum | BiometricHashLocation { bhl_attr,
bhl_contents
} |
| | Select where to store the message digest computed over the document hash and the unencrypted biometric data.
More...
|
| enum | HAlignment {
ha_left,
ha_center,
ha_right,
ha_justify,
ha_auto,
ha_default = -1
} |
| | Horizontal alignment.
More...
|
| enum | VAlignment { va_top,
va_center,
va_bottom
} |
| | Vertical alignment.
More...
|
| enum | TextPosition {
tp_overlay,
tp_below,
tp_underlay,
tp_right_of,
tp_above,
tp_left_of
} |
| enum | ValueType { vt_abs,
vt_field_height,
vt_field_width
} |
| | Indicate how measurements are specified.
More...
|
| enum | TextItem {
ti_signer,
ti_sign_time,
ti_comment,
ti_adviser,
ti_contact_info,
ti_location,
ti_reason,
ti_text1,
ti_text2,
ti_text3,
ti_text4,
ti_text5,
ti_text6,
ti_text7,
ti_text8,
ti_text9
} |
| | Select a string for the appearance stream of PDF documents.
More...
|
| enum | TextGroup { tg_master,
tg_slave
} |
| | Text groups.
More...
|
| enum | TextItemDirection { tid_ltr = 0x1000,
tid_rtl = 0x2000,
tid_default_ltr = 0x4000,
tid_default_rtl = 0x8000
} |
| | Paragraph direction of a text item.
More...
|
| enum | IgnoreSeedValues { isv_SubFilter = 0x01,
isv_DigestMethod = 0x02
} |
| | Flags for ignoring mandatory requirements specified by the signature seed value dictionary.
More...
|
| enum | CertificateSelectionFlags {
csf_software = 0x01,
csf_hardware = 0x02,
csf_use_certificate_seed_values = 0x10,
csf_ask_if_ambiguous = 0x20,
csf_never_ask = 0x40,
csf_create_self_signed = 0x80
} |
| | Flags for selecting certificates.
More...
|
| enum | RenderSignatureFlags { rsf_bw = 0x01,
rsf_gray = 0x02,
rsf_antialias = 0x04,
rsf_limit_size = 0x08
} |
| | Flags for rendering the signature.
More...
|
| enum | ImageTransparency { it_opaque,
it_brightest
} |
| | Transparency of signature image.
More...
|
| enum | ReturnCode { rc_ok,
rc_unknown,
rc_not_supported,
rc_invalid_value
} |
| | Return codes.
More...
|
| enum | ParameterState {
ps_set,
ps_missing,
ps_supported,
ps_ignored,
ps_not_supported,
ps_unknown
} |
| | Status of a parameter.
More...
|
Public Member Functions |
| | SignDocSignatureParameters () |
| | Constructor.
|
| | ~SignDocSignatureParameters () |
| | Destructor.
|
| ParameterState | getState (const std::string &aName) |
| | Get the status of a parameter.
|
| ReturnCode | setString (Encoding aEncoding, const std::string &aName, const std::string &aValue) |
| | Set a string parameter.
|
| ReturnCode | setString (const std::string &aName, const wchar_t *aValue) |
| | Set a string parameter.
|
| ReturnCode | setInteger (const std::string &aName, int aValue) |
| | Set an integer parameter.
|
| ReturnCode | setBlob (const std::string &aName, const unsigned char *aData, size_t aSize) |
| | Set a blob parameter.
|
| ReturnCode | setLength (const std::string &aName, ValueType aType, double aValue) |
| | Set a length parameter.
|
| ReturnCode | setColor (const std::string &aName, const SignDocColor &aValue) |
| | Set a color parameter.
|
| ReturnCode | addTextItem (TextItem aItem, TextGroup aGroup) |
| | Add another string to be displayed, top down.
|
| ReturnCode | addTextItem2 (TextItem aItem, TextGroup aGroup, HAlignment aHAlignment, int aDirection) |
| | Add another string to be displayed, top down, with paragraph direction.
|
| ReturnCode | clearTextItems () |
| | Remove all strings that were to be displayed.
|
| ReturnCode | setTextItemDirection (TextItem aItem, HAlignment aHAlignment, int aDirection) |
| | Set the paragraph direction of text items.
|
| ReturnCode | setPKCS7 (SignPKCS7 *aPKCS7) |
| | Set an object which will create a PKCS #7 or CAdES signature.
|
| ReturnCode | setRSA (SignRSA *aRSA) |
| | Set an object which will compute an RSA signature.
|
| ReturnCode | setECDSA (SignECDSA *aECDSA) |
| | Set an object which will compute an ECDSA signature.
|
| int | getAvailableMethods () |
| | Get a bitset indicating which signing methods are available for this signature field.
|
| ReturnCode | getTemplate (std::vector< unsigned char > &aOutput) |
| | Get an XML document specifying the current layout.
|
| const char * | getErrorMessage (Encoding aEncoding) const |
| | Get an error message for the last function call.
|
| const wchar_t * | getErrorMessageW () const |
| | Get an error message for the last function call.
|
| | SignDocSignatureParameters (SIGNDOC_SignatureParameters *aP) |
| | Internal function.
|
| SIGNDOC_SignatureParameters * | getImpl () |
| | Internal function.
|
| const SIGNDOC_SignatureParameters * | getImpl () const |
| | Internal function.
|
| void | setImpl (SIGNDOC_SignatureParameters *aP) |
| | Internal function.
|
Detailed Description
Parameters for signing a document.
Use getErrorMessage() to get more information after a function call failed.
The available parameters depend both on the document type and on the signature field for which the SignDocSignatureParameters object has been created.
SignDocDocument::addSignature() may fail due to invalid parameters even if all setters reported success as the setters do not check if there are conflicts between parameters.
Which certificates are acceptable may be restricted by the application (by using csf_software and csf_hardware of integer parameter "SelectCertificate", blob parameters "FilterCertificatesByIssuerCertificate" and "FilterCertificatesBySubjectCertificate", and string parameters "FilterCertificatesByPolicy" and "FilterCertificatesBySubjectDN") and by the PDF document (certificate seed value dictionary). If no matching certificate is available (for instance, because integer parameter "SelectCertificate" is zero), SignDocDocument::addSignature() will fail with error SignDocDocument::rc_no_certificate. If more than one matching certificate is available but csf_never_ask is specified in integer parameter "SelectCertificate"), SignDocDocument::addSignature() will fail with error SignDocDocument::rc_ambiguous_certificate.
To make the signature maximally meaningful, integer parameter "AddCertificates" should be ac_all (which is the default value) and integer parameter "AddRevocationInfo" should include ari_add.
Unless you need a specific signing method, you should leave integer parameter "Method" at its default value m_default. If you select a specific signing method and that method is not allowed by the signature field's seed values, signing will fail.
Unless you need a specific digest algorithm, you should leave integer parameter "DetachedHashAlgorithm" at its default value dha_default. If you select a specific digest algorithm and that algorithm is not allowed by the signature field's seed values, signing will fail.
The interaction between some parameters is quite complex; the following section tries to summarize the signing methods for PDF documents.
- (1a)
- Default method, private key and self-signed certificate created on the fly:
- Method: m_default
- CommonName: signer's name
- GenerateKeyPair: 1024-4096 (or GenerateECCKeyPair)
- (1b)
- Default method, the certificate and its key are provided as PKCS #12 blob:
- Method: m_default
- Certificate: PKCS #12 blob containing certificate (need not be self-signed) and its private key
- PKCS#12Password: password for private key in the PKCS #12 blob
- (1c)
- Default method, private key provided, certificate provided:
- Method: m_default
- Certificate: certificate
- CertificatePrivateKey: private key for the certificate
- (1d)
- Default method, user must select certificate:
- (1e)
- Default method, user may select certificate or choose to create a self-signed certificate, the private key of which will be generated:
- Method: m_default
- SelectCertificate: csf_software and/or csf_hardware
- CommonName: signer's name (for self-signed certificate)
- GenerateKeyPair: 1024-4096 (or GenerateECCKeyPair)
- (1f)
- Default method, the certificate is selected programmatically or by the PDF document without user interaction:
- Method: m_default
- SelectCertificate: csf_software and/or csf_hardware, csf_never_ask
- FilterCertificatesByPolicy: accept certificates having all of these certificate policies
- FilterCertificatesByIssuerCertificate: the acceptable issuer certificates (optional)
- FilterCertificatesBySubjectCertificate: the acceptable certificates (optional)
- FilterCertificatesBySubjectDN: accept certificates issued for these subjects (optional)
- (1g)
- Default method via SignRSA or SignECDSA interface:
See setRSA() and setECDSA() for details.
- (1h)
- Default method, private key provided, self-signed certificate created on the fly:
- Method: m_default
- CommonName: signer's name
- CertificatePrivateKey: private key for the self-signed certificate
- (1i)
- Default method, user may select certificate or choose to create a self-signed certificate, the private key of which is provided:
- Method: m_default
- SelectCertificate: csf_software and/or csf_hardware
- CommonName: signer's name (for self-signed certificate)
- CertificatePrivateKey: private key for the self-signed certificate
- (1j)
- Default method, user may select certificate or choose to "create" a self-signed certificate, the certificate to be used in that case and its key are provided separately:
- (1k)
- Default method, user may select certificate or choose to "create" a self-signed certificate, the certificate to be used in that case and its key are provided as PKCS #12 blob:
- (2a)
- PKCS #7 or CAdES, private key and self-signed certificate created on the fly:
- (2b)
- PKCS #7 or CAdES, the certificate and its key are provided as PKCS #12 blob:
- (2c)
- PKCS #7 or CAdES, private key provided, certificate provided:
- (2d)
- PKCS #7 or CAdES, user must select certificate:
- (2e)
- PKCS #7 or CAdES, user may select certificate or choose to create a self-signed certificate, the private key of which will be generated:
- (2f)
- PKCS #7 or CAdES, the certificate is selected programmatically or by the PDF document without user interaction:
- (2g)
- PKCS #7 or CAdES via SignRSA interface:
See setRSA() and setECDSA() for details.
- (2h)
- PKCS #7 or CAdES, private key provided, self-signed certificate created on the fly:
- (2i)
- PKCS #7 or CAdES, user may select certificate or choose to create a self-signed certificate, the private key of which is provided:
- (2j)
- PKCS #7 or CAdES, user may select certificate or choose to "create" a self-signed certificate, the certificate to be used in that case and its key are provided separately:
- (2k)
- PKCS #7 or CAdES, user may select certificate or choose to "create" a self-signed certificate, the certificate to be used in that case and its key are provided as PKCS #12 blob:
- (2l)
- PKCS #7 or CAdES via SignPKCS7 interface:
See setPKCS7() for details.
- (3a)
- PKCS #1, private key and self-signed certificate created on the fly:
- Method: m_digsig_pkcs1
- CommonName: signer's name
- GenerateKeyPair: 1024-4096 (or GenerateECCKeyPair)
- (3b)
- PKCS #1 via SignRSA interface:
See setRSA() and setECDSA() for details.
- (3c)
- PKCS #1, private key provided, self-signed certificate created on the fly:
- Method: m_digsig_pkcs1
- CommonName: signer's name
- CertificatePrivateKey: private key for the self-signed certificate
- (3d)
- PKCS #1, private key provided, self-signed certificate provided:
- Method: m_digsig_pkcs1
- Certificate: self-signed certificate
- CertificatePrivateKey: private key for self-signed certificate
- (4a)
- document time stamp using a SignDocSignatureParameters object created by SignDocDocument::createSignatureParametersForTimeStamp():
- TimeStampServerURL: URL of time stamp server
Additionally:
- You may want to set string parameter "Filter" to "Adobe.PPKLite".
- You may want to set integer parameter "IgnoreSeedValues" if you set integer parameter "Method" and/or "DetachedHashAlgorithm".
- Set integer parameter "Optimize" to o_optimize unless SignDocDocument::getRequiredSaveToFileFlags() indicates that SignDocDocument::sf_incremental must be used. Note that o_optimize requires string parameter "OutputPath".
For TIFF documents, an additional, simplified signing method is available:
- (4)
- just a hash:
- Method: m_hash
- CommonName: signer's name
The following parameters control the signing method and related aspects of the signature:
- DetachedHashAlgorithm (integer)
- IgnoreSeedValues (integer)
- Method (integer)
- RSASignatureScheme (integer)
The following parameters control the private key used for signing:
- Certificate (blob)
- CertificatePrivateKey (blob)
- GenerateECCKeyPair (string)
- GenerateKeyPair (integer)
- PKCS#12Password (string)
The following parameters control rendering of the signature image from biometric data:
- BiometricData (blob)
- PenWidth (integer)
- RenderSignature (integer)
- RenderWidth (integer)
- SignatureColor (color)
The following parameters put additional data into the signature:
- ContactInfo (string)
- Filter (string)
- Location (string)
- Reason (string)
- Signer (string)
- Timestamp (string)
The following parameters provide texts for the appearance of a signature in PDF documents:
- Adviser (string)
- Comment (string)
- ContactInfo (string)
- Location (string)
- Reason (string)
- Signer (string)
- SignTime (string)
- Template (blob)
- Text1 through Text9 (string)
The following parameters control how a signed signature field in a PDF document will look like (parameters marked with * can be overridden with blob parameter "Template"):
- FontName (string) *
- FontSize (length) *
- Image (blob)
- ImageDPI (integer)
- ImageHAlignment (integer) *
- ImageMargin (length) *
- ImageTransparency (integer) *
- ImageVAlignment (integer) *
- SignatureColor (color)
- Template (blob)
- TextColor (color) *
- TextHAlignment (integer) *
- TextHMargin (length) *
- TextPosition (integer) *
- TextVAlignment (integer) *
The following parameters control the signing certificate:
- Certificate (blob)
- PKCS#12Password (string)
The following parameters are used for generating a self-signed certificate on the fly (you also need to set at least one parameter for the private key):
- CertificateSigningAlgorithm (integer)
- CommonName (string)
- Country (string)
- Locality (string)
- Organization (string)
- OrganizationUnit (string)
The following parameters are used for putting biometric data (handwritten signature) into the signature:
- BiometricData (blob)
- BiometricEncryption (integer)
- BiometricHashLocation (integer)
- BiometricKey (blob)
- BiometricKeyPath (string)
- BiometricPassphrase (string)
The following parameters control the certificate selection dialog:
- FilterCertificatesByIssuerCertificate (blob)
- FilterCertificatesByPolicy (string)
- FilterCertificatesBySubjectCertificate (blob)
- FilterCertificatesBySubjectDN (string)
- SelectCertificate (integer)
- SelectCertificateMessage (string)
- SelectCertificateTitle (string)
The following parameters control RFC 3161 timestamps:
- TimeStampClientCertificatePath (string)
- TimeStampClientKeyPath (string)
- TimeStampHashAlgorithm (integer)
- TimeStampRetries (integer)
- TimeStampServerPassword (string)
- TimeStampServerTimeout (integer)
- TimeStampServerURL (string)
- TimeStampServerUser (string)
- TimeStampSize (integer)
- TimeStampUserAgent (string)
The following parameters put additional certificates and revocation information into the signature:
- AddCertificates (integer)
- AddRevocationInfo (integer)
- IntermediateCertificate (blob)
The following parameters do not fall into the above categories:
- OutputPath (string)
- Optimize (integer)
- PDFAButtons (integer)
- RemoveXFA (integer)
Member Enumeration Documentation
Values for integer parameter "AddCertificates".
- See also:
- setInteger()
- Enumerator:
| ac_all |
Include all intermediate certificates and the root certificate.
This requires building at signing time the complete certificate chain up to a self-signed certificate. It does not matter whether that self-signed certificate is a trusted root CA certificate or not.
|
| ac_none |
Do not include any certificates.
It is assumes that the signing certificate is a self-signed certificate or all intermediate certificates are available at verification time.
|
| ac_trusted |
Include all intermediate certificates and the root certificate, require the root certificate to be trusted.
This requires building at signing time the complete certificate chain up to a self-signed certificate. That self-signed certificate must be trusted, otherwise signing will fail.
|
Flags for integer parameter "AddRevocationInfo".
- See also:
- setInteger()
- Enumerator:
| ari_add |
Add revocation data.
This requires building at signing time the complete certificate chain up to a self-signed certificate. It does not matter whether that self-signed certificate is a trusted root CA certificate or not.
|
Select how to encrypt the biometric data.
Used for integer parameter "BiometricEncryption". The biometric data to be encrypted is specified by blob parameter "BiometricData".
- See also:
- setInteger(), setBlob()
- Enumerator:
| be_rsa |
Random session key encrypted with public RSA key.
Either blob parameter "BiometricKey" (see setBlob()) or string parameter "BiometricKeyPath" (see setString()) must be set.
- See also:
- Encryption of biometric data
|
| be_fixed |
Fixed key (no security).
|
| be_binary |
Binary 256-bit key.
Blob parameter "BiometricKey" (see setBlob()) must be set.
|
| be_passphrase |
Passphrase that will be hashed to a 256-bit key.
String parameter "BiometricPassphrase" (see setString()) must be set.
|
| be_dont_store |
The biometric data won't be stored in the document.
Use this value if you want to use the biometric data for generating the signature image only. Note that using an automatically generated self-signed certificate is secure only if biometric data is stored in the document using asymmetric encryption.
|
Select where to store the message digest computed over the document hash and the unencrypted biometric data.
Used for integer parameter "BiometricHashLocation".
- See also:
- setInteger()
- Enumerator:
| bhl_attr |
If possible, store the biometric hash as unauthenticated attribute in the PKCS #7 (or CMS) message.
For method m_digsig_pkcs1, the biometric hash will stored in the Contents entry of the signature dictionary (see bhl_contents).
For all other methods, the biometric hash will stored as unauthenticated attribute in the PKCS #7 (or CMS) message.
|
| bhl_contents |
Store the message digest in the Contents entry of the signature dictionary.
This is what SignDoc SDK 4.1 and older did; it violates a constraint of most PDF specifications.
|
Flags for selecting certificates.
Used for integer parameter "SelectCertificate".
- See also:
- setInteger()
- Enumerator:
| csf_software |
Include certificates with software-based private keys.
As software-based private keys and hardware-based private keys cannot be reliably distinguished, you should always set both csf_software and csf_hardware.
If neither csf_ask_if_ambiguous nor csf_never_ask is included, the certificate selection dialog will be displayed.
|
| csf_hardware |
Include certificates with hardware-based private keys.
As software-based private keys and hardware-based private keys cannot be reliably distinguished, you should always set both csf_software and csf_hardware.
If neither csf_ask_if_ambiguous nor csf_never_ask is included, the certificate selection dialog will be displayed.
|
| csf_use_certificate_seed_values |
include only certificates allowed by the PDF document's certificate seed value dictionary
|
| csf_ask_if_ambiguous |
ask the user to select a certificate if there is more than one matching certificate
|
| csf_never_ask |
never ask the user to select a certificate; exactly one certificate must match
|
| csf_create_self_signed |
offer to create a self-signed certificate (cannot be used with csf_never_ask and csf_ask_if_ambiguous)
|
Signing algorithms for self-signed certificates.
Used for integer parameter "CertificateSigningAlgorithm".
- See also:
- setInteger()
- Enumerator:
| csa_sha1_rsa |
SHA-1 with RSA.
|
| csa_md5_rsa |
MD5 with RSA.
|
| csa_sha256_rsa |
SHA-256 with RSA.
|
| csa_sha384_rsa |
SHA-384 with RSA.
|
| csa_sha512_rsa |
SHA-512 with RSA.
|
| csa_ripemd160_rsa |
RIPEMD-160 with RSA.
|
| csa_ecdsa_sha1 |
ECDSA with SHA-1.
|
| csa_ecdsa_sha224 |
ECDSA with SHA-224.
|
| csa_ecdsa_sha256 |
ECDSA with SHA-256224.
|
| csa_ecdsa_sha384 |
ECDSA with SHA-384.
|
| csa_ecdsa_sha512 |
ECDSA with SHA-512.
|
Hash Algorithm to be used for a detached signature.
Used for integer parameter "DetachedHashAlgorithm".
dha_sha256, dha_sha384, and dha_sha512 are supported under Linux, iOS, Android, OS X, and under Windows XP SP3 and later. If dha_sha256, dha_sha384, or dha_sha512 is selected but not supported, SignDocDocument::addSignature() will fall back to dha_sha1.
dha_ripemd160 is not supported under Windows.
dha_sha224 is supported for ECDSA signatures only.
- See also:
- setInteger()
- Enumerator:
| dha_default |
Default hash algorithm.
For RSA, use the hash algorithm specified by the DigestMethod values of the signature field seed value dictionary or, if not present, SHA-256 (if supported), or SHA-1 (as last resort).
For ECDSA, use the hash algorithm recommended for the elliptic curve used by the signing certificate's key.
|
| dha_sha1 |
SHA-1.
|
| dha_sha256 |
SHA-256.
|
| dha_sha384 |
SHA-384.
|
| dha_sha512 |
SHA-512.
|
| dha_ripemd160 |
RIPEMD-160.
|
| dha_sha224 |
SHA-224.
|
Horizontal alignment.
Used for integer parameters "ImageHAlignment" and "TextHAlignment" (see setInteger()) and for addTextItem2().
- Enumerator:
| ha_left |
Align left.
|
| ha_center |
Center.
|
| ha_right |
Align right.
|
| ha_justify |
Justify (align both and right, expanding white space).
- Note:
- Expanding white space is not the correct way to justify Arabic text.
|
| ha_auto |
Align left if the text begins with an LTR run, align right if the text begins with an RTL run.
|
| ha_default |
addTextItem2(): use integer parameter "TextHAlignment".
|
Flags for ignoring mandatory requirements specified by the signature seed value dictionary.
Used for integer parameter "IgnoreSeedValues".
- See also:
- setInteger()
- Todo:
- isv_Cert
- Enumerator:
| isv_SubFilter |
Ignore SubFilter (signing method).
If this flag is not set signing will fail if the signing method specified by integer parameter "Method" is neither m_default nor listed in the SubFilter entry of the signature field seed value dictionary.
If this flag is set, you can override the SubFilter entry of the signature field seed value dictionary with integer parameter "Method" without risking failure of signing due to a conflict between "Method" and SubFilter.
|
| isv_DigestMethod |
Ignore DigestMethod (hash algorithm).
If this flag is not set signing will fail if the hash algorithm specified by integer parameter "DetachedHashAlgorithm" is not dha_default (or is implied by integer parameter "Method") and is not listed in the DigestMethod entry of the signature field seed value dictionary.
If this flag is set, you can override the DigestMethod entry of the signature field seed value dictionary with integer parameter "DestachedHashAlgorithm" and/or "Method" without risking failure of signing due to a conflict with DigestMethod.
|
Transparency of signature image.
Used for integer parameter "ImageTransparency".
If the image has an alpha channel (or if its palette contains a transparent color), the image's transparency will be used no matter what value is set for "ImageTransparency".
Transparency is not supported for JPEG images and JPEG-compressed TIFF images. Signature images created from biometric data (according to the "RenderSignature" integer parameter) don't have an alpha channel.
- See also:
- setInteger()
- Enumerator:
| it_opaque |
Make signature image opaque.
The signature image will be opaque unless the image has an alpha channel or transparent colors in its palette.
|
| it_brightest |
Make the brightest color transparent.
If the image has an alpha channel (or if its palette contains a transparent color), the image's transparency will be used. Otherwise, white will be made transparent for truecolor images and the brightest color in the palette will be made transparent for indexed images (including grayscale images).
|
Signing methods.
Used for integer parameter "Method" and by SignDocVerificationResult::getMethod().
- See also:
- setInteger()
- Enumerator:
| m_default |
Default method.
For signature parameters created by SignDocDocument::createSignatureParametersForTimeStamp(), this value is treated as m_digsig_cades_rfc3161.
Use the method specified by the SubFilter values of the signature field seed value dictionary or, if not present, m_digsig_pkcs7_detached.
This is the recommended method unless you need an ETSI CAdES signature (m_digsig_cades_detached).
|
| m_digsig_pkcs1 |
PKCS #1 (RSA keys only).
Not allowed for PDF/A-2 and PDF/A-3.
|
| m_digsig_pkcs7_detached |
Detached PKCS #7.
|
| m_digsig_pkcs7_sha1 |
|
| m_hash |
|
| m_digsig_cades_detached |
|
| m_digsig_cades_rfc3161 |
|
Optimization of document before signing.
Used for integer parameter "Optimize".
- See also:
- setInteger()
- Enumerator:
| o_optimize |
Optimize document before signing for the first time.
|
| o_dont_optimize |
Don't optimize document.
|
Status of a parameter.
Don't make your code depend on the difference between ps_set and ps_supported.
- See also:
- getState()
- Enumerator:
| ps_set |
Parameter has been set (most parameters have a default value such as the empty string which may be treated as "set" or "not set" depending on the implementation's fancy)
|
| ps_missing |
Parameter must be set but is not set (ps_missing is currently not used).
|
| ps_supported |
Parameter is supported and optional, but has not been set or is set to the default value.
|
| ps_ignored |
Parameter can be (or is) set but will be ignored (ps_invalid is currently not used).
|
| ps_not_supported |
Parameter is not supported for this field.
|
| ps_unknown |
Unknown parameter.
|
Fix appearance streams of check boxes and radio buttons for PDF/A-1 without Technical Corrigendum 2.
Used for integer parameter "PDFAButtons".
Using pb_freeze (or pb_auto, if the document claims to conform with PDF/A-1 and has no signed signature fields) is equivalent to saving the document with SignDocDocument::sf_pdfa_buttons before signing.
- See also:
- setInteger()
- Enumerator:
| pb_freeze |
Freeze (fix) appearances.
This value should be used only if you need conformance with ISO 19005-1:2005 before Technical Corrigendum 2 (TC2), that is, if you need conformance with a standard that is no longer in force.
Note that TC2 is in force and using this value breaks conformance with TC2.
|
| pb_dont_freeze |
Don't freeze (fix) appearances.
This value should be used unless you need conformance with a standard (ISO 19005-1:2005 without Technical Corrigendum 2) that is no longer in force.
|
| pb_auto |
Freeze (fix) appearances if appropriate.
Freeze (fix) appearances if the document claims PDF/A-1 conformance and if there are no signed signature fields.
This value should be used only if you need conformance with ISO 19005-1:2005 without Technical Corrigendum 2 (TC2), that is, if you need conformance with a standard that is no longer in force.
Note that TC2 is in force and using this value breaks conformance with TC2.
|
Values for integer parameter "RemoveXFA".
- See also:
- setInteger()
- Enumerator:
| rx_always |
Always remove XFA.
Use this value if you intend to call setField() or addField() after signing. Adding the signature will fail if the document prohibits removal of XFA.
|
| rx_if_allowed |
Remove XFA if possible.
XFA will be removed unless the document prohibits removal of XFA. addField() and setField() will fail if XFA is still present after signing.
|
| rx_never |
Do not remove XFA.
addField() and setField() will fail if XFA is still present after signing.
|
Flags for rendering the signature.
Used for integer parameter "RenderSignature".
rsf_bw, rsf_gray, and rsf_antialias are mutually exclusive.
- See also:
- setInteger()
- Enumerator:
| rsf_bw |
Black and white.
|
| rsf_gray |
Use gray levels computed from pressure.
|
| rsf_antialias |
Use gray levels for antialiasing.
|
| rsf_limit_size |
Limit the size of the rendered signature to the size of the captured signature.
If this flag is set, the rendered signature won't be magnified. However, it may be shrunk to fit the signature field.
Set this flag only if you are sure that the capture resolution stored in the blob passed to blob parameter "BiometricData" is accurate.
|
Return codes.
- Enumerator:
| rc_ok |
Parameter set successfully.
|
| rc_unknown |
Unknown parameter.
|
| rc_not_supported |
Setting the parameter is not supported.
|
| rc_invalid_value |
The value for the parameter is invalid.
|
Signing scheme for RSA signatures.
Used for integer parameter "RSASignatureScheme".
- Enumerator:
| rss_pkcs1 |
PKCS #1 (RSA v1.5).
This signature scheme should be supported by all software that verifies DigSig signatures in PDF documents. However, it is considered obsolete due to security concerns.
|
| rss_pss |
Probabilistic Signature Scheme (PSS) (RSA v2.0 and v2.1).
Improved signature scheme, supposed to be more secure than PKCS #1. However, this signature scheme may not be supported by all software that verifies DigSig signatures in PDF documents. For instance, Adobe Acrobat DC supports RSA-PSS since April 2017 (Windows) and August 2017 (MacOS).
When using a certificate from a Windows certificate store (see integer parameter "SelectCertificate"), the private key must be provided by a CNG Key Storage Provider.
|
Text groups.
One font size is used per group and is chosen such that the text fits horizontally. The maximum font size is specified by length parameter "FontSize". The font size of the slave group cannot be greater than the font size of the master group, that is, long text in the slave group won't reduce the font size of the master group.
There must be at least one master text item if there is a slave text item.
- See also:
- addTextItem(), addTextItem2(), setLength()
- Enumerator:
| tg_master |
Master group.
|
| tg_slave |
Slave group.
|
Select a string for the appearance stream of PDF documents.
- See also:
- addTextItem(), addTextItem2(), setString()
- Enumerator:
| ti_signer |
String parameter "Signer".
|
| ti_sign_time |
String parameter "SignTime".
|
| ti_comment |
String parameter "Comment".
|
| ti_adviser |
String parameter "Adviser".
|
| ti_contact_info |
String parameter "ContactInfo".
|
| ti_location |
String parameter "Location".
|
| ti_reason |
String parameter "Reason".
|
| ti_text1 |
String parameter "Text1".
|
| ti_text2 |
String parameter "Text2".
|
| ti_text3 |
String parameter "Text3".
|
| ti_text4 |
String parameter "Text4".
|
| ti_text5 |
String parameter "Text5".
|
| ti_text6 |
String parameter "Text6".
|
| ti_text7 |
String parameter "Text7".
|
| ti_text8 |
String parameter "Text8".
|
| ti_text9 |
String parameter "Text9".
|
Paragraph direction of a text item.
- Enumerator:
| tid_ltr |
Paragraph direction: LTR.
|
| tid_rtl |
Paragraph direction: RTL.
|
| tid_default_ltr |
Choose direction automatically, default to LTR.
The base direction of each paragraph (BiDi paragraph level) will depend on the first strong directional character in the paragraph.
The paragraph level will be 0 (LTR) for paragraphs having no strong directional character.
|
| tid_default_rtl |
Choose direction automatically, default to RTL.
The base direction of each paragraph (BiDi paragraph level) will depend on the first strong directional character in the paragraph.
The paragraph level will be 1 (RTL) for paragraphs having no strong directional character.
|
Position of the text block w.r.t. to the image.
Used for integer parameter "TextPosition" (see setInteger()).
- Enumerator:
| tp_overlay |
Text and image are independent and overlap (text painted on image).
|
| tp_below |
Text is put below the image.
|
| tp_underlay |
Text and image are independent and overlap (image painted on text).
|
| tp_right_of |
Text is put on the right of the image.
|
| tp_above |
Text is put above the image.
|
| tp_left_of |
Text is put on the left of the image.
|
Hash Algorithm to be used for RFC 3161 timestamps.
Used for integer parameter "TimeStampHashAlgorithm".
tsha_sha256, tsha_sha384, and tsha_sha512 are supported under Linux, iOS, Android, OS X, and under Windows XP SP3 and later.
- See also:
- setInteger()
- Enumerator:
| tsha_default |
Default value.
For signatures, use the same hash algorithm as used for the document hash. For document time stamps, use SHA-256 (if supported by the time stamp server) or SHA-1 (if SHA-256 is not supported by the time stamp server).
The hash algorithm requested for the document hash will be used for the time stamp even if the document hash falls back to SHA-1 (see dha_default). SHA-256 will be used if the document hash is SHA-224. SHA-256 will be used if integer parameter DetachedHashAlgorithm is dha_default and the document hash is SHA-384 or SHA-512 (this can happen for keys using certain elliptic curves).
|
| tsha_sha1 |
SHA-1.
|
| tsha_sha256 |
SHA-256.
|
| tsha_sha384 |
SHA-384.
|
| tsha_sha512 |
SHA-512.
|
Vertical alignment.
Used for integer parameters "ImageVAlignment" and "TextVAlignment" (see setInteger()).
- Enumerator:
| va_top |
Align top.
|
| va_center |
Center.
|
| va_bottom |
Align bottom.
|
Indicate how measurements are specified.
- See also:
- setLength()
- Enumerator:
| vt_abs |
aValue is the value to be used (units of document coordinates).
|
| vt_field_height |
Multiply aValue by the field height.
|
| vt_field_width |
Multiply aValue by the field width.
|
Constructor & Destructor Documentation
| de::softpro::doc::SignDocSignatureParameters::SignDocSignatureParameters |
( |
) |
[inline] |
| de::softpro::doc::SignDocSignatureParameters::~SignDocSignatureParameters |
( |
) |
[inline] |
Destructor.
Overwrites this object's copies of the private key and biometric data.
| de::softpro::doc::SignDocSignatureParameters::SignDocSignatureParameters |
( |
SIGNDOC_SignatureParameters * |
aP ) |
[inline] |
Member Function Documentation
Add another string to be displayed, top down.
For DigSig signature fields, this function adds another string to the appearance stream of PDF documents. The first call clears any default strings. The default values depend on the profile passed to SignDocDocument::createSignatureParameters():
The paragraph direction is 0 which is treated like tid_ltr.
See also blob parameter "Template".
- Parameters:
-
| [in] | aItem | Select the string to be added. |
| [in] | aGroup | The string's group for font size computation. |
- Returns:
- rc_ok iff successful.
- See also:
- addTextItem2(), clearTextItems(), setTextItemDirection()
Add another string to be displayed, top down, with paragraph direction.
For DigSig signature fields, this function adds another string to the appearance stream of PDF documents. The first call clears any default strings. The default values depend on the profile passed to SignDocDocument::createSignatureParameters():
See also blob parameter "Template".
- Parameters:
-
| [in] | aItem | Select the string to be added. |
| [in] | aGroup | The string's group for font size computation. |
| [in] | aHAlignment | Horizontal alignment. This value overrides integer parameter "TextHAlignment" unless it is ha_default. |
| [in] | aDirection | The paragraph direction, see enum TextItemDirection. 0 is treated like tid_ltr. |
- Returns:
- rc_ok iff successful.
- See also:
- addTextItem(), clearTextItems(), setTextItemDirection()
| ReturnCode de::softpro::doc::SignDocSignatureParameters::clearTextItems |
( |
) |
[inline] |
Remove all strings that were to be displayed.
addTextItem() cannot remove the default strings without adding a new string. This function does.
See also blob parameter "Template".
- Returns:
- rc_ok iff successful.
- See also:
- addTextItem()
| int de::softpro::doc::SignDocSignatureParameters::getAvailableMethods |
( |
) |
[inline] |
| const char* de::softpro::doc::SignDocSignatureParameters::getErrorMessage |
( |
Encoding |
aEncoding ) |
const [inline] |
Get an error message for the last function call.
- Parameters:
-
| [in] | aEncoding | The encoding to be used for the error message. |
- Returns:
- A pointer to a string describing the reason for the failure of the last function call. The string is empty if the last call succeeded. The pointer is valid until this object is destroyed or a member function of this object is called.
- See also:
- getErrorMessageW()
| const wchar_t* de::softpro::doc::SignDocSignatureParameters::getErrorMessageW |
( |
) |
const [inline] |
Get an error message for the last function call.
- Returns:
- A pointer to a string describing the reason for the failure of the last function call. The string is empty if the last call succeeded. The pointer is valid until this object is destroyed or a member function of this object is called.
- See also:
- getErrorMessage()
| SIGNDOC_SignatureParameters* de::softpro::doc::SignDocSignatureParameters::getImpl |
( |
) |
[inline] |
| const SIGNDOC_SignatureParameters* de::softpro::doc::SignDocSignatureParameters::getImpl |
( |
) |
const [inline] |
| ParameterState de::softpro::doc::SignDocSignatureParameters::getState |
( |
const std::string & |
aName ) |
[inline] |
Get the status of a parameter.
- Parameters:
-
| [in] | aName | The name of the parameter (case-sensitive). |
- Returns:
- see enum ParameterState.
| ReturnCode de::softpro::doc::SignDocSignatureParameters::getTemplate |
( |
std::vector< unsigned char > & |
aOutput ) |
[inline] |
Get an XML document specifying the current layout.
This function can be used for debugging and for reporting bugs. This function will fail if the "Template" blob parameter is invalid.
- Parameters:
-
| [out] | aOutput | The XML document will be stored here. |
- Returns:
- rc_ok iff successful.
- See also:
- setBlob()
| ReturnCode de::softpro::doc::SignDocSignatureParameters::setBlob |
( |
const std::string & |
aName, |
|
|
const unsigned char * |
aData, |
|
|
size_t |
aSize |
|
) |
| [inline] |
Set a blob parameter.
Available blob parameters are:
- BiometricData The biometric data is stored in the document (see integer parameter "BiometricEncryption") and will be used for rendering the signature image if integer parameter "RenderSignature" is non-zero (unless a signature image is specified by blob parameter "Image"). If used for rendering, the data must be in a format supported by SignWare (e.g., created by SPFlatFileCreateFromSignature()).
- BiometricKey The public key (be_rsa) or the AES key (be_binary) for encrypting the biometric data. See also string parameter "BiometricKeyPath" and Encryption of biometric data.
- Certificate The signing certificate for the signature. The blob must contain a serialized X.509 certificate (DER or PEM) and blob parameter "CertificatePrivateKey" must contain the private key for that certificate. Alternatively, for PKCS #7 and CAdES detached signatures, the blob may contain the certificate and its private key in PKCS #12 format; string parameter "PKCS#12Password" contains the password for extracting the private key.
- CertificatePrivateKey The private key for the (self-signed) certificate in PKCS #1 format (DER or PEM) for RSA or in SEC 1 format, traditional format, or PKCS #8 format (DER or PEM) for ECDSA. If a certificate is passed in blob parameter "Certificate", this parameter must contain the private key for that certificate. If a self-signed certificate is to be generated, the private key can be either set with this parameter or generated with integer parameter "GenerateKeyPair" or with string parameter "GenerateECCKeyPair".
- FilterCertificatesByIssuerCertificate Acceptable issuer certificates. Setting this parameter adds the specified DER-encoded certificate to a list of acceptable issuer certificates. Pass 0 for aSize to clear the list. A PDF document may contain (in its certificate seed value dictionaries) additional restrictions for acceptable issuer certificates. A signer certificate is acceptable for the rule defined by this parameter if it chains up to any of the certificates in the list of acceptable issuer certificates. SignDocDocument::addSignature() will fail if no matching certificate is available for signing. Note that csf_software and/or csf_hardware must be included in integer parameter "SelectCertificate" to make certificates available at all.
- FilterCertificatesBySubjectCertificate Acceptable certificates. Setting this parameter adds the specified DER-encoded certificate to a list of acceptable certificates. Pass 0 for aSize to clear the list. A PDF document may contain (in its certificate seed value dictionaries) additional restrictions for acceptable certificates. SignDocDocument::addSignature() will fail if no matching certificate is available for signing. Note that csf_software and/or csf_hardware must be included in integer parameter "SelectCertificate" to make certificates available at all.
- Image The signature image. The image can be in BMP, JPEG, PNG, or TIFF format. If no image is set (or rendered, see integer parameter "RenderSignature"), the signature field may or may not show an image computed from the biometric data, depending on the document type and signature field type. This parameter overrides integer parameter "RenderSignature". See also integer parameters "ImageDPI" and "ImageTransparency" and blob parameter "Template".
- IntermediateCertificate An intermediate certificate for the signature. The blob must contain a DER-encoded X.509 certificate or one or more PEM-encoded X.509 certificates. setBlob() calls with name "IntermediateCertificate" are cumulative. Intermediate certificates can also be provided in the PKCS #12 blob passed to blob parameter "Certificate". See also integer parameter "AddCertificates".
- Template An XML document specifying the layout of the appearance of a signature in PDF documents. The XML document must conform to SignatureTemplate.dtd, which see for details. You can control the layout of the appearance of the signature by
- using the default values provided by SignDocDocument::createSignatureParameters(), or
- using only string parameters (such as "FontName"), integer parameters (such as "TextPosition"), and length parameters (such as "ImageMargin"), color parameters (such as "TextColor"), or
- using only blob parameter "Template", or
- a mixture of the above.
Initial values for the parameters are provided by SignDocDocument::createSignatureParameters(). If blob parameter "Template" is set, text items added by addTextItem() and friends are ignored, but other parameters provide default values for attributes not used in the XML document.
Additionally, you can store your own blobs in the signature by using a name starting with "Prop_", except for "Prop_AuthTime", "Prop_AuthType", "Prop_BiometricData", and "Prop_Build", see SignDocVerificationResult::getSignatureBlob(). The name shall contain the following characters only: 0-9, a-z, A-Z, '-', and '_'.
- Parameters:
-
| [in] | aName | The name of the parameter (case-sensitive). |
| [in] | aData | A pointer to the first octet of the value. |
| [in] | aSize | Size of the blob (number of octets). |
- Returns:
- rc_ok iff successful.
- See also:
- getTemplate()
- Todo:
- support PKCS #7 for "Certificate"
| ReturnCode de::softpro::doc::SignDocSignatureParameters::setColor |
( |
const std::string & |
aName, |
|
|
const SignDocColor & |
aValue |
|
) |
| [inline] |
Set a color parameter.
Available color parameters are:
- SignatureColor The foreground color for the rendered signature (see integer parameter "RenderSignature"). The default color is black.
- TextColor The color to be used for text in the appearance of a DigSig signature field in a PDF document. If this parameter is not set, the color will be taken from the field's text field attributes. If the field doesn't have text field attributes, the document's text field attributes will be used. If this also fails, the text will be black. See also string parameter "FontName", length parameter "FontSize", and blob parameter "Template".
- Parameters:
-
| [in] | aName | The name of the parameter (case-sensitive). |
| [in] | aValue | The value of the parameter. |
- Returns:
- rc_ok iff successful.
| ReturnCode de::softpro::doc::SignDocSignatureParameters::setECDSA |
( |
SignECDSA * |
aECDSA ) |
[inline] |
Set an object which will compute an ECDSA signature.
By default, ECDSA signatures are computed internally which means that the private key must be available on this machine.
Requirements for string parameters:
- GenerateECCKeyPair must not be set
Requirements for integer parameters:
- GenerateKeyPair must not be set
- SelectCertificate must be zero (which is the default value)
Requirements for blob parameters:
- Certificate must not be set
- CertificatePrivateKey must not be set
setRSA() and setPKCS7() must not have been called
- Parameters:
-
| [in] | aECDSA | The object that will compute the ECDSA signature. This function does not take ownership of that object. It must still be alive when addSignature() is called. |
- Returns:
- rc_ok iff successful.
- See also:
- setPKCS7(), setRSA()
| void de::softpro::doc::SignDocSignatureParameters::setImpl |
( |
SIGNDOC_SignatureParameters * |
aP ) |
[inline] |
| ReturnCode de::softpro::doc::SignDocSignatureParameters::setInteger |
( |
const std::string & |
aName, |
|
|
int |
aValue |
|
) |
| [inline] |
Set an integer parameter.
Available integer parameters are:
- AddCertificates This parameter controls inclusion of intermediate and root certificates. See enum AddCertificates. The default value is ac_all. If you are using setPKCS7(), you'll have to include the certificates yourself. See also integer parameter "AddRevocationInfo" and blob parameter "IntermediateCertificate".
- AddRevocationInfo This parameter controls inclusion of revocation data (CRL and OCSP) for the signing certificate (unless it is self-signed) and the intermediate certificates. See enum AddRevocationInfo. If the parameter is zero (which is the default value), revocation data won't be included. If the signature field has a mandatory AddRevInfo seed value, with value true, AddRevocationInfo is assumed to have ari_add set. If revocation data is to be added, integer parameter "Method" must be set to m_digsig_pkcs7_detached, m_digsig_pkcs7_sha1, or m_digsig_cades_detached, otherwise signing will fail. Integer parameter "AddCertificates" must be ac_all or ac_trusted, otherwise signing will fail. If revocation data is to be included, vf_check_revocation is assumed to be set in the value of integer parameter "VerificationFlags" of the verification parameters. Integer parameter "VerificationModel" of addSignature()'s aVerificationParameters is assumed to be vm_chain if it is vm_minimal (to enable inclusion of all certificates but the root certificate). If revocation data cannot be retrieved or if any of the certificates for which revocation information is retrieved is revoked or has unknown revocation status, signing will fail. If you are using setPKCS7(), you'll have to include revocation information yourself.
- BiometricEncryption Specifies how biometric data is to be encrypted (enum BiometricEncryption). If not set, biometric data will not be embedded in the signature.
- BiometricHashLocation Specifies where to store the message digest computed over the document hash and the unencrypted biometric data (enum BiometricHashLocation). This parameter is used for PDF documents only. The default value is bhl_attr.
- CertificateSigningAlgorithm The signing algorithm for the self-signed certificate (enum CertificateSigningAlgorithm). When a self-signed certificate is to be generated, the signing algorithm can be set. If not set, a suitable default value will be used.
- DetachedHashAlgorithm Hash algorithm to be used for a detached signature (ie, if integer parameter "Method" is m_digsig_pkcs7_detached or m_digsig_cades_detached). See enum DetachedHashAlgorithm. The default value is dha_default. See also integer parameters "Method" and "IgnoreSeedValues".
- DocMDP To create a certification signature rather than an approval signature, set this parameter to a positive value (PDF only):
- 1 no changes to the document shall be permitted
- 2 only filling in forms, instantiating page templates, and signing shall be permitted
- 3 only filling in forms, instantiating page templates, signing, creating annotations, deleting annotations, and modifying annotations shall be permitted.
To create an approval signature, set this parameter to 0 or -1. The default value is -1. A positive MDP value from the signature seed value dictionary overrides this parameter, see SignDocField::getSeedValueMDP(). A PDF document can have at most one certification signature. If you want the certification signature to be invisible, create the signature field with zero for the left, bottom, right, and top coordinates.
- GenerateKeyPair Start generation of an RSA key pair for the self-signed certificate. The value is the number of bits (1024 through 4096, multiple of 8). When a self-signed certificate is to be generated, the private key can be either be generated by setting this parameter or set as blob parameter "CertificatePrivateKey". See also string parameter "GenerateECCKeyPair". "GenerateECCKeyPair" and "GenerateKeyPair" are mutually exclusive.
- IgnoreSeedValues Specifies what entries in the signature field seed value dictionary shall be ignored. This parameter contains a set of flags taken from enum IgnoreSeedValues. The default value is 0 which means that signing might fail due to a conflict between integer parameters "Method" and "DetachedHashAlgorithm" on one hand and the SubFilter and DigestMethod entries of the signature field seed value dictionary on the other hand. The Cert entry of the signature field seed value dictionary is currently ignored by default, see csf_use_certificate_seed_values of integer parameter "SelectCertificate". This parameter is ignored for TIFF documents.
- ImageDPI Resolution in DPI of the image passed in blob parameter "Image" for PDF signature fields. The width and height of the image computed by multiplying the resolution with the number of horizontal pixels and vertical pixels, respectively, limits the size of the image in the signature field: The image will never be wider or higher than that width and height, respectively. (You can cheat by specifying a smaller resolution.) Positive values of this parameter specify the horizontal resolution in DPI, zero means that the resolution is taken from the image (the behavior is undefined if the image does not specify a resolution), -1 means that the size of the image in the signature field won't be limited by values computed from its size (apart from the aspect ratio). The default value is -1. This parameter is ignored for TIFF documents.
- ImageHAlignment The horizontal alignment of the image (enum HAlignment, ha_left, ha_center, or ha_right). For DigSig signature fields, this parameter defines the horizontal alignment of the image in the appearance stream of PDF documents. The default value depends on the profile passed to SignDocDocument::createSignatureParameters():
See also blob parameter "Template".
- ImageVAlignment The vertical alignment of the image (enum VAlignment). For DigSig signature fields, this parameter defines the vertical alignment of the image in the appearance stream of PDF documents. The default value depends on the profile passed to SignDocDocument::createSignatureParameters():
See also blob parameter "Template".
- ImageTransparency Image transparency (enum ImageTransparency). For DigSig signature fields, this parameter defines how to handle transparency for signature image (either the image passed in the "Image" blob parameter or the image computed according to the "RenderSignature" integer parameter). The default value is it_brightest. See also blob parameter "Template".
- Method The signing method (enum Method). The default value is m_default. See also integer parameters "DetachedHashAlgorithm" and "IgnoreSeedValues".
- Optimize Set whether this is the first signature of the document and the document shall be optimized or whether the document shall not be optimized. Use one of the values of enum Optimize. For PDF documents, o_optimize requires saving to a new file, see string parameter "OutputPath". The default value is o_dont_optimize. If the return value of getRequiredSaveToFileFlags() includes sf_incremental, signing with this parameter set to o_optimize will fail.
- PDFAButtons Set whether appearance streams of check boxes and radio buttons shall be frozen (fixed) for conformance with PDF/A-1 without TC2 before signing. Use one of the values of enum PDFAButtons. The default value is pb_dont_freeze.
- PenWidth Pen width for rendering the signature (see blob parameter "BiometricData") for the signature image. Ignored unless integer parameter "RenderSignature" is non-zero. The pen width is specified in micrometers, the default value is 500 (0.5mm).
- RemoveXFA This parameter controls whether the XFA entry of the interactive form dictionary of the PDF document shall be removed. SignDoc SDK does not support XFA (XML Forms Architecture) and therefore addSignature(), addField(), applyFdf(), and setField() remove XFA from the document to avoid descrepancies between "classic" form fields and XFA. Use one of the values of enum RemoveXFA. The default value is rx_if_allowed. This parameter is ignored for TIFF documents.
- RenderSignature Specifies whether and how the signature (see blob parameter "BiometricData") is to be rendered for the signature image. This parameter contains a set of flags taken from enum RenderSignatureFlags. If this value is 0, the signature won't be rendered. If no image is rendered (or set, see blob parameter "Image"), the signature field may or may not show an image computed from the biometric data, depending on the document type and signature field type. This parameter is ignored if blob parameter "Image" is set. The default value is 0. See also integer parameters "ImageTransparency", "PenWidth", and "RenderWidth" and color parameter "SignatureColor".
- RenderWidth Specifies the width (in pixels) for the signature image rendered from biometric data for PDF documents. This parameter is ignored for TIFF documents. The default value is 600. If the signature is higher than wide, this value specified the height of the signature image.
- RSASignatureScheme The RSA signature scheme to be used for PKCS #7 signatures with RSA keys, see enum RSASignatureScheme. The default value is rss_pkcs1.
- SelectCertificate Let the user and/or the application select the certificate for the signature. The parameter contains a set of flags taken from enum CertificateSelectionFlags. If this parameter is zero (which is the default value), the user won't be asked and the certificate will either be generated on the fly or be supplied by the "Certificate" blob parameter and SignDocDocument::addSignature() will fail if the PDF document restricts acceptable certificates by means of a certificate seed value dictionary. This parameter is not yet implemented for Linux, iOS, Android, OS X, and Windows Store apps. See also string parameters "SelectCertificateMessage" and "SelectCertificateTitle".
- TextHAlignment The horizontal alignment of text lines (enum HAlignment). For DigSig signature fields, this parameter defines the horizontal alignment of text lines in the appearance stream of PDF documents. The default value depends on the profile passed to SignDocDocument::createSignatureParameters():
See also blob parameter "Template".
- TextPosition The position of the text block w.r.t. the image (enum TextPosition). For DigSig signature fields, this parameter defines the position of the text block in the appearance stream of PDF documents. The default value depends on the profile passed to SignDocDocument::createSignatureParameters().
See also blob parameter "Template".
- TextVAlignment The vertical alignment of text lines (enum VAlignment). For DigSig signature fields, this parameter defines the vertical alignment of text lines in the appearance stream of PDF documents. The default value depends on the profile passed to SignDocDocument::createSignatureParameters():
See also blob parameter "Template".
- TimeStampRetries The maximum number of retries for obtaining an RFC 3161 timestamp after a timeout. The default value is 0. See also string parameter "TimeStampServerURL".
- TimeStampHashAlgorithm Hash algorithm for RFC 3161 time stamps. See enum TimeStampHashAlgorithm. The default value is tsha_default. See also string parameter "TimeStampServerURL".
- TimeStampServerTimeout Time out in milliseconds for retrieving a time stamp from an RFC 3161 time-stamp server. The value must be positive. The default value is 10000. See also string parameter "TimeStampServerURL".
- TimeStampSize If the value of this parameter is positive, add this many octets for the RFC 3161 timestamp to the anticipated size of the PKCS #7 message. If the value is zero or negative, a dummy time stamping request will be sent to the time-stamp server and the value of this parameter will be subtracted from the size of the response; as the response will be wrapped in an attribute, the value of this parameter should be smaller than -25. The default value is 8192. See also string parameter "TimeStampServerURL".
- Parameters:
-
| [in] | aName | The name of the parameter (case-sensitive). |
| [in] | aValue | The value of the parameter. |
- Returns:
- rc_ok iff successful.
- Todo:
document when "SelectCertificate" presents the dialog
implement "SelectCertificate" for Linux
| ReturnCode de::softpro::doc::SignDocSignatureParameters::setLength |
( |
const std::string & |
aName, |
|
|
ValueType |
aType, |
|
|
double |
aValue |
|
) |
| [inline] |
Set a length parameter.
Available length parameters are:
- FontSize The maximum font size. For DigSig signature fields, this parameter defines the maximum font size for the appearance stream of PDF documents. The font size will be reduced to make all text lines fit horizontally into the signature field. The default value depends on the profile passed to SignDocDocument::createSignatureParameters():
See also string parameter "FontName", color parameter "TextColor", and blob parameter "Template".
- ImageMargin The margin to add around the image. For DigSig signature fields, this parameter defines the margin to be added around the image in the appearance stream of PDF documents. This margin is added at all four edges of the image. The default value depends on the profile passed to SignDocDocument::createSignatureParameters().
See also blob parameter "Template".
- TextHMargin The horizontal margin for text. For DigSig signature fields, this parameter defines the horizontal margin of text in the appearance stream of PDF documents. The margin will be added on both sides of the text. The default value depends on the profile passed to SignDocDocument::createSignatureParameters():
See also blob parameter "Template".
- Parameters:
-
| [in] | aName | The name of the parameter (case-sensitive). |
| [in] | aType | Define how the length is specified. |
| [in] | aValue | The value of the parameter. |
- Returns:
- rc_ok iff successful.
| ReturnCode de::softpro::doc::SignDocSignatureParameters::setPKCS7 |
( |
SignPKCS7 * |
aPKCS7 ) |
[inline] |
Set an object which will create a PKCS #7 or CAdES signature.
By default, PKCS #7 and CAdES signatures are handled internally which means that the private key must be available on this machine.
Requirements for string parameters:
- CommonName must not be set
- Country must not be set
- GenerateECCKeyPair must not be set
- Locality must not be set
- Organization must not be set
- OrganizationUnit must not be set
Requirements for integer parameters:
Requirements for blob parameters:
- Certificate must not be set
- CertificatePrivateKey must not be set
setRSA() and setECDSA() must not have been called
The SignPKCS7 interface is quite hard to use, please use setRSA() and the SignRSA interface or setECDSA() and the SignECDSA interface instead.
- Parameters:
-
| [in] | aPKCS7 | The object that will create the PKCS #7 or CAdES signature. This function does not take ownership of that object. It must still be alive when addSignature() is called. |
- Returns:
- rc_ok iff successful.
- See also:
- setECDSA(), setRSA()
| ReturnCode de::softpro::doc::SignDocSignatureParameters::setRSA |
( |
SignRSA * |
aRSA ) |
[inline] |
Set an object which will compute an RSA signature.
By default, RSA signatures are computed internally which means that the private key must be available on this machine.
Requirements for string parameters:
- GenerateECCKeyPair must not be set
Requirements for integer parameters:
- GenerateKeyPair must not be set
- SelectCertificate must be zero (which is the default value)
Requirements for blob parameters:
- Certificate must not be set
- CertificatePrivateKey must not be set
setECDSA() and setPKCS7() must not have been called
- Parameters:
-
| [in] | aRSA | The object that will compute the RSA signature. This function does not take ownership of that object. It must still be alive when addSignature() is called. |
- Returns:
- rc_ok iff successful.
- See also:
- setECDSA(), setPKCS7()
| ReturnCode de::softpro::doc::SignDocSignatureParameters::setString |
( |
const std::string & |
aName, |
|
|
const wchar_t * |
aValue |
|
) |
| [inline] |
Set a string parameter.
See the other setString() function for a list of available string parameters.
- Parameters:
-
| [in] | aName | The name of the parameter (case-sensitive). |
| [in] | aValue | The value of the parameter. |
- Returns:
- rc_ok iff successful.
| ReturnCode de::softpro::doc::SignDocSignatureParameters::setString |
( |
Encoding |
aEncoding, |
|
|
const std::string & |
aName, |
|
|
const std::string & |
aValue |
|
) |
| [inline] |
Set a string parameter.
Available string parameters are:
- Adviser The adviser. For DigSig signature fields, the adviser may be used for the appearance stream of PDF documents (see ti_adviser). The default value is empty. Complex scripts are supported, see Complex Scripts.
- BiometricKeyPath The pathname of a file containing the public key in PKCS #1 or X.509 format for encrypting the biometric data with integer parameter "BiometricEncryption" set to be_rsa. See also blob parameter "BiometricKey" and Encryption of biometric data. See Using SignDoc SDK in Windows Store apps for restrictions on pathnames in Windows Store apps.
- BiometricPassphrase Passphrase to be used if integer parameter "BiometricEncryption" is be_passphrase. Should contain ASCII characters only.
- Comment The comment. For DigSig signature fields, the comment may be used for the appearance stream of PDF documents (see ti_comment). The comment can contain multiple lines which are separated by '
'. The default value is empty. Complex scripts are supported, see Complex Scripts.
- CommonName The common name for the self-signed certificate. When a self-signed certificate is to be generated, the common name (CN) must be set. See also string parameter "Signer".
- ContactInfo The contact information provided by the signer. For DigSig signature fields, the contact information will be stored in the digital signature. For DigSig signature fields, the contact information may be used for the appearance stream of PDF documents (see ti_contact_info). The default value is empty. Complex scripts are supported, see Complex Scripts.
- Country The country name for the self-signed certificate. When a self-signed certificate is to be generated, the country name (C) should be set. Use ISO 3166 country codes. The default value is empty.
- Filter The name of the preferred filter. For DigSig signature fields, the filter name will be stored in the digital signature. The default value is "SOFTPRO
DigSig Security". You might want to set the filter to "Adobe.PPKLite".
- FilterCertificatesByPolicy A required certificate policy. Setting this parameter adds the specified OID to a list of required policy object identifiers. All specified policies are required for a certificate to be accepted. Pass an empty value to clear the list. The value must be a valid ASN.1 object identifier. A PDF document may contain (in its certificate seed value dictionaries) additional restrictions for acceptable certificates. SignDocDocument::addSignature() will fail if no matching certificate is available for signing. Note that csf_software and/or csf_hardware must be included in integer parameter "SelectCertificate" to make certificates available at all.
- FilterCertificatesBySubjectDN An acceptable subject Distinguished Name (DN). Setting this parameter adds the specified DN to a list of acceptable DNs. Pass an empty value to clear the list. The DN must be formatted according to RFC 4514, using short names for the attribute types. Multi-valued RDNs and multiple RDNs specifying a value for the same attribute are not allowed. A PDF document may contain (in its certificate seed value dictionaries) additional restrictions for acceptable certificates. SignDocDocument::addSignature() will fail if no matching certificate is available for signing. Note that csf_software and/or csf_hardware must be included in integer parameter "SelectCertificate" to make certificates available at all.
- FontName The name of the font to be used for text in the appearance of a DigSig signature field in a PDF document. The font name can be the name of a standard font, the name of an already embedded font, or the name of a font defined by a font configuration file. If the name is empty, the font name will be taken from the field's text field attributes. If the field doesn't have text field attributes, the document's text field attributes will be used. If this also fails, standard font Helvetica will be used (which will break PDF/A conformance). The default value is empty. See also length parameter "FontSize", color parameter "TextColor", and blob parameter "Template".
- GenerateECCKeyPair Start generation of an elliptic curve key pair for the self-signed certificate. The value is the name or the object identifier of the curve, e.g., prime256v1. When a self-signed certificate is to be generated, the private key can be either be generated by setting this parameter or set as blob parameter "CertificatePrivateKey". See also integer parameter "GenerateKeyPair". "GenerateECCKeyPair" and "GenerateKeyPair" are mutually exclusive.
- Locality The location name for the self-signed certificate. When a self-signed certificate is to be generated, the location name (L) should be set. The default value is empty. Do not confuse "Locality" and "Location"!
- Location The host name or physical location of signing. For DigSig signature fields, the location will be stored in the digital signature. For DigSig signature fields, the location may be used for the appearance stream of PDF documents (see ti_location). The default value is empty. Complex scripts are supported, see Complex Scripts. Do not confuse "Location" and "Locality"!
- Organization The organization name for the self-signed certificate. When a self-signed certificate is to be generated, the organization name (O) should be set. The default value is empty.
- OrganizationUnit The organization unit name for the self-signed certificate. When a self-signed certificate is to be generated, the organization unit name (OU) should be set. The default value is empty.
- OutputPath Specify the file to which the signed document shall be saved. If this parameter is empty and the document is backed by a file (ie, the last load or save operation was from or to a file, respectively), the signed document will be written to that file. The special value "<memory>" causes the document to be saved to and signed in memory (available for PDF documents only). See also integer parameter "Optimize". The default value is empty. See Using SignDoc SDK in Windows Store apps for restrictions on pathnames in Windows Store apps.
- PKCS#12Password The password for extracting the private key from the PKCS #12 blob set as blob parameter "Certificate". The password must contain ASCII characters only.
- Reason The reason for the signing. For DigSig signature fields, the reason will be stored in the digital signature. For DigSig signature fields, the reason may be used for the appearance stream of PDF documents (see ti_reason). The default value is empty. Complex scripts are supported, see Complex Scripts.
- SelectCertificateMessage A message to be displayed in the certificate selection dialog, see integer parameter "SelectCertificate".
- SelectCertificateTitle The title of the certificate selection dialog, see integer parameter "SelectCertificate". A localized version of "Select Certificate" will be used if empty or not set.
- Signer The signer name. This is the signer name that will be stored in the digital signature. If not set, the name will be taken from the signing certificate. For DigSig signature fields, the signer name may be used for the appearance stream of PDF documents (see ti_signer). The default value is empty (meaning that the name will be taken from the certificate). See also string parameter "CommonName". Complex scripts are supported, see Complex Scripts.
- SignTime The time of signing in free format. For DigSig signature fields, the time of signing may be used for the appearance stream of PDF documents (see ti_sign_time). The default value is empty. See also string parameter "Timestamp".
- Text1 A text to be included in the appearance stream of DigSig signature fields in PDF documents (see ti_text1). The text can contain multiple lines which are separated by '
'. The default value is empty. Complex scripts are supported, see Complex Scripts. See also blob parameter "Template".
- Text2 See Text1 and ti_text2.
- Text3 See Text1 and ti_text3.
- Text4 See Text1 and ti_text4.
- Text5 See Text1 and ti_text5.
- Text6 See Text1 and ti_text6.
- Text7 See Text1 and ti_text7.
- Text8 See Text1 and ti_text8.
- Text9 See Text1 and ti_text9.
- Timestamp The timestamp to be used in the digital signature (instead of the current time). ISO 8601 format must be used: "yyyy-mm-ddThh:mm:ss" with optional timezone. For DigSig signature fields, the timestamp will be stored in the signature dictionary (transformed suitably for the M entry). If empty, the current time will be used. If the value is "-", the M entry will be omitted (this is only allowed if the PKCS #7 message contains a signingTime or timeStampToken attribute; note that the signingTime attribute is not allowed for method m_digsig_cades_detached). The default value is empty. If this parameter is set to a non-empty value, no time stamp will be retrieved from an RFC 3161 time-stamp server, even if specified by the signature field seed value dictionary. Do not set this parameter if a self-signed certificate is to be created. See also string parameters "SignTime" and "TimeStampServerURL".
- TimeStampClientCertificatePath The pathname of a file containing the certificate in PEM format for authenticating to an RFC 3161 time-stamp server over HTTPS. If the is non-empty, string parameter "TimeStampClientKeyPath" must also be set. If the value is empty, the client won't authenticate itself. The default value is empty. See also string parameters "TimeStampServerURL", and "TimeStampClientKeyPath". See Using SignDoc SDK in Windows Store apps for restrictions on pathnames in Windows Store apps.
- TimeStampClientKeyPath The pathname of a file containing the private key in PEM format for authenticating to an RFC 3161 time-stamp server over HTTPS. If the is non-empty, string parameter "TimeStampClientCertificatePath" must also be set. If the value is empty, the client won't authenticate itself. The default value is empty. See also string parameters "TimeStampServerURL" and "TimeStampClientKeyPath". See Using SignDoc SDK in Windows Store apps for restrictions on pathnames in Windows Store apps.
- TimeStampServerPassword The password for Basic/Digest HTTP authentication to the time-stamp server. Non-ASCII values probably don't work. If this parameter is set, string parameter "TimeStampServerUser" must also be set.
- TimeStampServerURL The URL of an RFC 3161 time-stamp server. If string parameter "Timestamp" is empty and string parameter "TimeStampServerURL" is non-empty, a time stamp will be obtained from a time-stamp server. The scheme of the URL must be either "http" or "https". The time-stamp server URL specified by the document's signature field seed value dictionary overrides the "TimeStampServerURL" parameter. An error will be returned by SignDocDocument::addSignature() if a time-stamp server is to be used and integer parameter "Method" is not m_digsig_pkcs7_detached, m_digsig_pkcs7_sha1, or m_digsig_cades_detached. See also integer parameters "TimeStampHashAlgorithm", "TimeStampRetries", "TimeStampServerTimeout", and "TimeStampSize", and string parameters "TimeStampClientCertificatePath", "TimeStampClientKeyPath", "TimeStampServerPassword", "TimeStampServerUser", and "TimeStampUserAgent". See also SignDocDocumentLoader::loadTrustedCertificatesFromFile().
- TimeStampServerUser The user name for Basic/Digest HTTP authentication to the time-stamp server. Non-ASCII values probably don't work. If this parameter is set, string parameter "TimeStampServerPassword" must also be set.
- TimeStampUserAgent The value of the User-Agent header field sent to the time-stamp server. The default value is "SignDoc".
Additionally, you can store your own strings in the signature by using a name starting with "Prop_", except for "Prop_AuthTime", "Prop_AuthType", "Prop_BiometricData", and "Prop_Build", see SignDocVerificationResult::getSignatureString(). The name shall contain the following characters only: 0-9, a-z, A-Z, '-', and '_'. The length of the value is restricted for PDF documents and depends on the characters being used; the value encoded as PDF text string shall not exceed 32767 octets.
- Parameters:
-
| [in] | aEncoding | The encoding used for aValue. |
| [in] | aName | The name of the parameter (case-sensitive). |
| [in] | aValue | The value of the parameter. The encoding is specified by aEncoding. |
- Returns:
- rc_ok iff successful.
| ReturnCode de::softpro::doc::SignDocSignatureParameters::setTextItemDirection |
( |
TextItem |
aItem, |
|
|
HAlignment |
aHAlignment, |
|
|
int |
aDirection |
|
) |
| [inline] |
Set the paragraph direction of text items.
This function sets the paragraph direction of all existing text items matching aItem.
See also blob parameter "Template".
- Parameters:
-
| [in] | aItem | Select the text items. |
| [in] | aHAlignment | Horizontal alignment. This value overrides integer parameter "TextHAlignment" unless it is ha_default. |
| [in] | aDirection | The paragraph direction, see enum TextItemDirection. 0 is treated like tid_ltr. |
- Returns:
- rc_ok iff successful.
- See also:
- addTextItem()
The documentation for this class was generated from the following file:
