Parameters for signing a document. More...

#include <SignDocSDK-cpp.h>

Public Types
enum	Type { t_undefined = 0, t_integer = 2, t_string = 4, t_color = 5, t_blob = 8, t_length = 9 }
	Return values of getType(). More...

enum	Method { m_default, m_digsig_pkcs1, m_digsig_pkcs7_detached, m_digsig_pkcs7_sha1, m_hash, m_digsig_cades_detached, m_digsig_cades_rfc3161 }
	Signing methods. More...

enum	AddCertificates { ac_all, ac_none, ac_trusted }
	Values for integer parameter "AddCertificates". More...

enum	AddRevocationInfo { ari_add = 0x01 }
	Flags for integer parameter "AddRevocationInfo". More...

enum	RemoveXFA { rx_always, rx_if_allowed, rx_never }
	Values for integer parameter "RemoveXFA". More...

enum	Optimize { o_optimize, o_dont_optimize, o_if_possible }
	Optimization of document before signing. More...

enum	PDFAButtons { pb_freeze, pb_dont_freeze, pb_auto }
	Fix appearance streams of check boxes and radio buttons for PDF/A-1 without Technical Corrigendum 2. More...

enum	BiometricEncryption { be_rsa, be_fixed, be_binary, be_passphrase, be_dont_store }
	Select how to encrypt the biometric data. More...

enum	BiometricHashLocation { bhl_attr, bhl_contents }
	Select where to store the message digest computed over the document hash and the unencrypted biometric data. More...

enum	HAlignment { ha_left, ha_center, ha_right, ha_justify, ha_auto, ha_default = -1 }
	Horizontal alignment. More...

enum	VAlignment { va_top, va_center, va_bottom }
	Vertical alignment. More...

enum	TextPosition { tp_overlay, tp_below, tp_underlay, tp_right_of, tp_above, tp_left_of }

enum	ValueType { vt_abs, vt_field_height, vt_field_width }
	Indicate how measurements are specified. More...

enum	TextGroup { tg_primary, tg_secondary, tg_master = tg_primary, tg_slave = tg_secondary }
	Text groups. More...

enum	TextItemDirection { tid_ltr = 0x1000, tid_rtl = 0x2000, tid_default_ltr = 0x4000, tid_default_rtl = 0x8000 }
	Paragraph direction of a text item. More...

enum	IgnoreSeedValues { isv_SubFilter = 0x01, isv_DigestMethod = 0x02 }
	Flags for ignoring mandatory requirements specified by the signature seed value dictionary. More...

enum	CertificateSelectionFlags { csf_software = 0x01, csf_hardware = 0x02, csf_use_certificate_seed_values = 0x10, csf_ask_if_ambiguous = 0x20, csf_never_ask = 0x40, csf_create_self_signed = 0x80 }
	Flags for selecting certificates. More...

enum	RenderSignatureFlags { rsf_bw = 0x01, rsf_gray = 0x02, rsf_antialias = 0x04, rsf_limit_size = 0x08 }
	Flags for rendering the signature. More...

enum	ImageTransparency { it_opaque, it_brightest }
	Transparency of signature image. More...

Public Member Functions
	SignDocSignatureParameters ()
	Constructor. More...

	~SignDocSignatureParameters ()
	Destructor. More...

ReturnCode	setString (Encoding aEncoding, const std::string &aName, const std::string &aValue)
	Set a string parameter. More...

ReturnCode	setString (const std::string &aName, const wchar_t *aValue)
	Set a string parameter. More...

ReturnCode	setInteger (const std::string &aName, int aValue)
	Set an integer parameter. More...

ReturnCode	setBlob (const std::string &aName, const unsigned char *aData, size_t aSize)
	Set a blob parameter. More...

ReturnCode	setLength (const std::string &aName, ValueType aType, double aValue)
	Set a length parameter. More...

ReturnCode	setColor (const std::string &aName, const SignDocColor &aValue)
	Set a color parameter. More...

ReturnCode	addTextItem (const std::string &aItem, TextGroup aGroup)
	Add another string to be displayed, top down. More...

ReturnCode	addTextItem2 (const std::string &aItem, TextGroup aGroup, HAlignment aHAlignment, int aDirection)
	Add another string to be displayed, top down, with paragraph direction. More...

ReturnCode	clearTextItems ()
	Remove all strings that were to be displayed. More...

ReturnCode	setTextItemDirection (const std::string &aItem, HAlignment aHAlignment, int aDirection)
	Set the paragraph direction of text items. More...

ReturnCode	setPKCS7 (SignPKCS7 *aPKCS7)
	Set an object which will create a PKCS #7 or CAdES signature. More...

ReturnCode	setRSA (SignRSA *aRSA)
	Set an object which will compute an RSA signature. More...

ReturnCode	setECDSA (SignECDSA *aECDSA)
	Set an object which will compute an ECDSA signature. More...

int	getAvailableMethods ()
	Get a bitset indicating which signing methods are available for this signature field. More...

ReturnCode	getTemplate (std::vector< unsigned char > &aOutput)
	Get an XML document specifying the current layout. More...

const char *	getErrorMessage (Encoding aEncoding) const
	Get an error message for the last function call. More...

const wchar_t *	getErrorMessageW () const
	Get an error message for the last function call. More...

	SignDocSignatureParameters (SIGNDOC_SignatureParameters *aP)
	Internal function. More...

SIGNDOC_SignatureParameters *	getImpl ()
	Internal function. More...

const SIGNDOC_SignatureParameters *	getImpl () const
	Internal function. More...

void	setImpl (SIGNDOC_SignatureParameters *aP)
	Internal function. More...

Static Public Member Functions
static Type	getType (const std::string &aName)
	Get the type of a parameter. More...

Detailed Description

Parameters for signing a document.

Use getErrorMessage() to get more information after a function call failed.

The available parameters depend both on the document type and on the signature field for which the SignDocSignatureParameters object has been created.

SignDocDocument::addSignature() may fail due to invalid parameters even if all setters reported success as the setters do not check if there are conflicts between parameters.

Which certificates are acceptable may be restricted by the application (by using csf_software and csf_hardware of integer parameter "SelectCertificate", blob parameters "FilterCertificatesByIssuerCertificate" and "FilterCertificatesBySubjectCertificate", and string parameters "FilterCertificatesByPolicy" and "FilterCertificatesBySubjectDN") and by the PDF document (certificate seed value dictionary). If no matching certificate is available (for instance, because integer parameter "SelectCertificate" is zero), SignDocDocument::addSignature() will fail with error ReturnCode::rc_no_certificate. If more than one matching certificate is available but csf_never_ask is specified in integer parameter "SelectCertificate"), SignDocDocument::addSignature() will fail with error ReturnCode::rc_ambiguous_certificate.

To make the signature maximally meaningful, integer parameter "AddCertificates" should be ac_all (which is the default value) and integer parameter "AddRevocationInfo" should include ari_add.

Unless you need a specific signing method, you should leave integer parameter "Method" at its default value m_default. If you select a specific signing method and that method is not allowed by the signature field's seed values, signing will fail.

Unless you need a specific digest algorithm, you should leave string parameter "DetachedHashAlgorithm" at its default value "default". If you select a specific digest algorithm and that algorithm is not allowed by the signature field's seed values, signing will fail.

The interaction between some parameters is quite complex; the following section tries to summarize the signing methods for PDF documents.

(1a)

Default method, private key and self-signed certificate created on the fly:

Method: m_default
CommonName: signer's name
GenerateKeyPair: 1024-4096 (or GenerateECCKeyPair)

(1b)

Default method, the certificate and its key are provided as PKCS #12 blob:

Method: m_default
Certificate: PKCS #12 blob containing certificate (need not be self-signed) and its private key
PKCS#12Password: password for private key in the PKCS #12 blob

(1c)

Default method, private key provided, certificate provided:

Method: m_default
Certificate: certificate
CertificatePrivateKey: private key for the certificate

(1d)

Default method, user must select certificate:

Method: m_default
SelectCertificate: csf_software and/or csf_hardware

(1e)

Default method, user may select certificate or choose to create a self-signed certificate, the private key of which will be generated:

Method: m_default
SelectCertificate: csf_software and/or csf_hardware
CommonName: signer's name (for self-signed certificate)
GenerateKeyPair: 1024-4096 (or GenerateECCKeyPair)

(1f)

Default method, the certificate is selected programmatically or by the PDF document without user interaction:

Method: m_default
SelectCertificate: csf_software and/or csf_hardware, csf_never_ask
FilterCertificatesByPolicy: accept certificates having all of these certificate policies
FilterCertificatesByIssuerCertificate: the acceptable issuer certificates (optional)
FilterCertificatesBySubjectCertificate: the acceptable certificates (optional)
FilterCertificatesBySubjectDN: accept certificates issued for these subjects (optional)

(1g)

Default method via SignRSA or SignECDSA interface:

Method: m_default

See setRSA() and setECDSA() for details.

(1h)

Default method, private key provided, self-signed certificate created on the fly:

Method: m_default
CommonName: signer's name
CertificatePrivateKey: private key for the self-signed certificate

(1i)

Default method, user may select certificate or choose to create a self-signed certificate, the private key of which is provided:

Method: m_default
SelectCertificate: csf_software and/or csf_hardware
CommonName: signer's name (for self-signed certificate)
CertificatePrivateKey: private key for the self-signed certificate

(1j)

Default method, user may select certificate or choose to "create" a self-signed certificate, the certificate to be used in that case and its key are provided separately:

Method: m_default
SelectCertificate: csf_software and/or csf_hardware, csf_create_self_signed
Certificate: certificate
CertificatePrivateKey: private key for the certificate

(1k)

Default method, user may select certificate or choose to "create" a self-signed certificate, the certificate to be used in that case and its key are provided as PKCS #12 blob:

Method: m_default
SelectCertificate: csf_software and/or csf_hardware, csf_create_self_signed
Certificate: PKCS #12 blob containing certificate (need not be self-signed) and its private key
PKCS#12Password: password for private key in the PKCS #12 blob

(2a)

PKCS #7 or CAdES, private key and self-signed certificate created on the fly:

Method: m_digsig_pkcs7_detached, m_digsig_pkcs7_sha1, or m_digsig_cades_detached
DetachedHashAlgorithm: hash algorithm for m_digsig_pkcs7_detached and m_digsig_cades_detached
CommonName: signer's name
GenerateKeyPair: 1024-4096 (or GenerateECCKeyPair)

(2b)

PKCS #7 or CAdES, the certificate and its key are provided as PKCS #12 blob:

Method: m_digsig_pkcs7_detached, m_digsig_pkcs7_sha1, or m_digsig_cades_detached
DetachedHashAlgorithm: hash algorithm for m_digsig_pkcs7_detached and m_digsig_cades_detached
Certificate: PKCS #12 blob containing certificate (need not be self-signed) and its private key
PKCS#12Password: password for private key in the PKCS #12 blob

(2c)

PKCS #7 or CAdES, private key provided, certificate provided:

Method: m_digsig_pkcs7_detached, m_digsig_pkcs7_sha1, or m_digsig_cades_detached
DetachedHashAlgorithm: hash algorithm for m_digsig_pkcs7_detached and m_digsig_cades_detached
Certificate: certificate
CertificatePrivateKey: private key for the certificate

(2d)

PKCS #7 or CAdES, user must select certificate:

Method: m_digsig_pkcs7_detached, m_digsig_pkcs7_sha1, or m_digsig_cades_detached
DetachedHashAlgorithm: hash algorithm for m_digsig_pkcs7_detached and m_digsig_cades_detached
SelectCertificate: csf_software and/or csf_hardware

(2e)

PKCS #7 or CAdES, user may select certificate or choose to create a self-signed certificate, the private key of which will be generated:

Method: m_digsig_pkcs7_detached, m_digsig_pkcs7_sha1, or m_digsig_cades_detached
DetachedHashAlgorithm: hash algorithm for m_digsig_pkcs7_detached and m_digsig_cades_detached
SelectCertificate: csf_software and/or csf_hardware
CommonName: signer's name (for self-signed certificate)
GenerateKeyPair: 1024-4096 (or GenerateECCKeyPair)

(2f)

PKCS #7 or CAdES, the certificate is selected programmatically or by the PDF document without user interaction:

Method: m_digsig_pkcs7_detached, m_digsig_pkcs7_sha1, or m_digsig_cades_detached
DetachedHashAlgorithm: hash algorithm for m_digsig_pkcs7_detached and m_digsig_cades_detached
SelectCertificate: csf_software and/or csf_hardware, csf_never_ask
FilterCertificatesByPolicy: accept certificates having all of these certificate policies
FilterCertificatesByIssuerCertificate: the acceptable issuer certificates (optional)
FilterCertificatesBySubjectCertificate: the acceptable certificates (optional)
FilterCertificatesBySubjectDN: accept certificates issued for these subjects (optional)

(2g)

PKCS #7 or CAdES via SignRSA interface:

Method: m_digsig_pkcs7_detached, m_digsig_pkcs7_sha1, or m_digsig_cades_detached

See setRSA() and setECDSA() for details.

(2h)

PKCS #7 or CAdES, private key provided, self-signed certificate created on the fly:

Method: m_digsig_pkcs7_detached, m_digsig_pkcs7_sha1, or m_digsig_cades_detached
DetachedHashAlgorithm: hash algorithm for m_digsig_pkcs7_detached and m_digsig_cades_detached
CommonName: signer's name
CertificatePrivateKey: private key for the self-signed certificate

(2i)

PKCS #7 or CAdES, user may select certificate or choose to create a self-signed certificate, the private key of which is provided:

Method: m_digsig_pkcs7_detached, m_digsig_pkcs7_sha1, or m_digsig_cades_detached
DetachedHashAlgorithm: hash algorithm for m_digsig_pkcs7_detached and m_digsig_cades_detached
SelectCertificate: csf_software and/or csf_hardware
CommonName: signer's name (for self-signed certificate)
CertificatePrivateKey: private key for the self-signed certificate

(2j)

PKCS #7 or CAdES, user may select certificate or choose to "create" a self-signed certificate, the certificate to be used in that case and its key are provided separately:

Method: m_digsig_pkcs7_detached, m_digsig_pkcs7_sha1, or m_digsig_cades_detached
DetachedHashAlgorithm: hash algorithm for m_digsig_pkcs7_detached and m_digsig_cades_detached
SelectCertificate: csf_software and/or csf_hardware, csf_create_self_signed
Certificate: certificate
CertificatePrivateKey: private key for the certificate

(2k)

PKCS #7 or CAdES, user may select certificate or choose to "create" a self-signed certificate, the certificate to be used in that case and its key are provided as PKCS #12 blob:

Method: m_digsig_pkcs7_detached, m_digsig_pkcs7_sha1, or m_digsig_cades_detached
DetachedHashAlgorithm: hash algorithm for m_digsig_pkcs7_detached and m_digsig_cades_detached
SelectCertificate: csf_software and/or csf_hardware, csf_create_self_signed
Certificate: PKCS #12 blob containing certificate (need not be self-signed) and its private key
PKCS#12Password: password for private key in the PKCS #12 blob

(2l)

PKCS #7 or CAdES via SignPKCS7 interface:

Method: m_digsig_pkcs7_detached, m_digsig_pkcs7_sha1, or m_digsig_cades_detached

See setPKCS7() for details.

(3a)

PKCS #1, private key and self-signed certificate created on the fly:

Method: m_digsig_pkcs1
CommonName: signer's name
GenerateKeyPair: 1024-4096 (or GenerateECCKeyPair)

(3b)

PKCS #1 via SignRSA interface:

Method: m_digsig_pkcs1

See setRSA() and setECDSA() for details.

(3c)

PKCS #1, private key provided, self-signed certificate created on the fly:

Method: m_digsig_pkcs1
CommonName: signer's name
CertificatePrivateKey: private key for the self-signed certificate

(3d)

PKCS #1, private key provided, self-signed certificate provided:

Method: m_digsig_pkcs1
Certificate: self-signed certificate
CertificatePrivateKey: private key for self-signed certificate

(4a)

document time stamp using a SignDocSignatureParameters object created by SignDocDocument::createSignatureParametersForTimeStamp():

TimeStampServerURL: URL of time stamp server

Additionally:

You may want to set string parameter "Filter" to "Adobe.PPKLite".
You may want to set integer parameter "IgnoreSeedValues" if you set integer parameter "Method" and/or string parameter "DetachedHashAlgorithm".

For TIFF documents, an additional, simplified signing method is available:

(4)

just a hash:

Method: m_hash
CommonName: signer's name

The following parameters control the signing method and related aspects of the signature:

DetachedHashAlgorithm (string)
IgnoreSeedValues (integer)
Method (integer)
RSASignatureScheme (string)

The following parameters control the private key used for signing:

Certificate (blob)
CertificatePrivateKey (blob)
GenerateECCKeyPair (string)
GenerateKeyPair (integer)
PKCS#12Password (string)

The following parameters control rendering of the signature image from biometric data:

BiometricData (blob)
PenWidth (integer)
RenderSignature (integer)
RenderWidth (integer)
SignatureColor (color)

The following parameters put additional data into the signature:

ContactInfo (string)
Filter (string)
Location (string)
Reason (string)
Signer (string)
Timestamp (string)

The following parameters provide texts for the appearance of a signature in PDF documents:

Adviser (string)
Comment (string)
ContactInfo (string)
Location (string)
Reason (string)
Signer (string)
SignTime (string)
Template (blob)
Text1 through Text9 (string)

The following parameters control how a signed signature field in a PDF document will look like (parameters marked with * can be overridden with blob parameter "Template"):

FontName (string) *
FontSize (length) *
Image (blob)
ImageDPI (integer)
ImageHAlignment (integer) *
ImageMargin (length) *
ImageTransparency (integer) *
ImageVAlignment (integer) *
SignatureColor (color)
Template (blob)
TextColor (color) *
TextHAlignment (integer) *
TextHMargin (length) *
TextPosition (integer) *
TextVAlignment (integer) *

The following parameters control the signing certificate:

Certificate (blob)
PKCS#12Password (string)

The following parameters are used for generating a self-signed certificate on the fly (you also need to set at least one parameter for the private key):

CertificateSigningAlgorithm (string)
CommonName (string)
Country (string)
Locality (string)
Organization (string)
OrganizationUnit (string)

The following parameters are used for putting biometric data (handwritten signature) into the signature:

BiometricData (blob)
BiometricEncryption (integer)
BiometricHashLocation (integer)
BiometricKey (blob)
BiometricKeyPath (string)
BiometricPassphrase (string)

The following parameters control the certificate selection dialog:

FilterCertificatesByIssuerCertificate (blob)
FilterCertificatesByPolicy (string)
FilterCertificatesBySubjectCertificate (blob)
FilterCertificatesBySubjectDN (string)
SelectCertificate (integer)
SelectCertificateMessage (string)
SelectCertificateTitle (string)

The following parameters control RFC 3161 timestamps:

TimeStampClientCertificatePath (string)
TimeStampClientKeyPath (string)
TimeStampHashAlgorithm (string)
TimeStampRetries (integer)
TimeStampServerPassword (string)
TimeStampServerTimeout (integer)
TimeStampServerURL (string)
TimeStampServerUser (string)
TimeStampSize (integer)
TimeStampUserAgent (string)

The following parameters put additional certificates and revocation information into the signature:

AddCertificates (integer)
AddRevocationInfo (integer)
IntermediateCertificate (blob)

The following parameters do not fall into the above categories:

OutputPath (string)
Optimize (integer)
PDFAButtons (integer)
RemoveXFA (integer)

Member Enumeration Documentation

enum AddCertificates

Values for integer parameter "AddCertificates".

See also: setInteger()

Enumerator

ac_all

Include all intermediate certificates and the root certificate.

This requires building at signing time the complete certificate chain up to a self-signed certificate. It does not matter whether that self-signed certificate is a trusted root CA certificate or not.

ac_none

Do not include any certificates.

It is assumes that the signing certificate is a self-signed certificate or all intermediate certificates are available at verification time.

ac_trusted

Include all intermediate certificates and the root certificate, require the root certificate to be trusted.

This requires building at signing time the complete certificate chain up to a self-signed certificate. That self-signed certificate must be trusted, otherwise signing will fail.

enum AddRevocationInfo

Flags for integer parameter "AddRevocationInfo".

See also: setInteger()

Enumerator

ari_add

Add revocation data.

This requires building at signing time the complete certificate chain up to a self-signed certificate. It does not matter whether that self-signed certificate is a trusted root CA certificate or not.

enum BiometricEncryption

Select how to encrypt the biometric data.

Used for integer parameter "BiometricEncryption". The biometric data to be encrypted is specified by blob parameter "BiometricData".

See also: setInteger(), setBlob()

Enumerator
be_rsa	Random session key encrypted with public RSA key. Either blob parameter "BiometricKey" (see setBlob()) or string parameter "BiometricKeyPath" (see setString()) must be set. See also Encryption of biometric data
be_fixed	Fixed key (no security).
be_binary	Binary 256-bit key. Blob parameter "BiometricKey" (see setBlob()) must be set.
be_passphrase	Passphrase that will be hashed to a 256-bit key. String parameter "BiometricPassphrase" (see setString()) must be set.
be_dont_store	The biometric data won't be stored in the document. Use this value if you want to use the biometric data for generating the signature image only. Note that using an automatically generated self-signed certificate is secure only if biometric data is stored in the document using asymmetric encryption.

enum BiometricHashLocation

Select where to store the message digest computed over the document hash and the unencrypted biometric data.

Used for integer parameter "BiometricHashLocation".

See also: setInteger()

Enumerator

bhl_attr

If possible, store the biometric hash as unauthenticated attribute in the PKCS #7 (or CMS) message.

For method m_digsig_pkcs1, the biometric hash will stored in the Contents entry of the signature dictionary (see bhl_contents).

For all other methods, the biometric hash will stored as unauthenticated attribute in the PKCS #7 (or CMS) message.

bhl_contents

Store the message digest in the Contents entry of the signature dictionary.

This is what SignDoc SDK 4.1 and older did; it violates a constraint of most PDF specifications.

enum CertificateSelectionFlags

Flags for selecting certificates.

Used for integer parameter "SelectCertificate".

See also: setInteger()

Enumerator
csf_software	Include certificates with software-based private keys. As software-based private keys and hardware-based private keys cannot be reliably distinguished, you should always set both csf_software and csf_hardware. If neither csf_ask_if_ambiguous nor csf_never_ask is included, the certificate selection dialog will be displayed.
csf_hardware	Include certificates with hardware-based private keys. As software-based private keys and hardware-based private keys cannot be reliably distinguished, you should always set both csf_software and csf_hardware. If neither csf_ask_if_ambiguous nor csf_never_ask is included, the certificate selection dialog will be displayed.
csf_use_certificate_seed_values	Include only certificates allowed by the PDF document's certificate seed value dictionary.
csf_ask_if_ambiguous	Ask the user to select a certificate if there is more than one matching certificate.
csf_never_ask	Never ask the user to select a certificate; exactly one certificate must match.
csf_create_self_signed	Offer to create a self-signed certificate (cannot be used with csf_never_ask and csf_ask_if_ambiguous).

enum HAlignment

Horizontal alignment.

Used for integer parameters "ImageHAlignment" and "TextHAlignment" and for addTextItem2().

See also: addTextItem2(), setInteger()

Enumerator
ha_left	Align left.
ha_center	Center.
ha_right	Align right.
ha_justify	Justify (align both and right, expanding white space). Note Expanding white space is not the correct way to justify Arabic text.
ha_auto	Align left if the text begins with an LTR run, align right if the text begins with an RTL run.
ha_default	addTextItem2(): use integer parameter "TextHAlignment".

enum IgnoreSeedValues

Flags for ignoring mandatory requirements specified by the signature seed value dictionary.

Used for integer parameter "IgnoreSeedValues".

See also: setInteger()

Enumerator

isv_SubFilter

Ignore SubFilter (signing method).

If this flag is not set signing will fail if the signing method specified by integer parameter "Method" is neither m_default nor listed in the SubFilter entry of the signature field seed value dictionary.

If this flag is set, you can override the SubFilter entry of the signature field seed value dictionary with integer parameter "Method" without risking failure of signing due to a conflict between "Method" and SubFilter.

isv_DigestMethod

Ignore DigestMethod (hash algorithm).

If this flag is not set, signing will fail if a hash algorithm is requested that is not listed in the DigestMethod entry of the signature field seed value dictionary. The hash algorithnm is specified by string parameter "DetachedHashAlgorithm" (if the value of that parameter is not "default"). It can also be implied by integer parameter "Method".

If this flag is set, you can override the DigestMethod entry of the signature field seed value dictionary with string parameter "DetachedHashAlgorithm" and/or integer parameter "Method" without risking failure of signing due to a conflict with DigestMethod.

enum ImageTransparency

Transparency of signature image.

Used for integer parameter "ImageTransparency".

If the image has an alpha channel (or if its palette contains a transparent color), the image's transparency will be used no matter what value is set for "ImageTransparency".

Transparency is not supported for JPEG images and JPEG-compressed TIFF images. Signature images created from biometric data (according to the "RenderSignature" integer parameter) don't have an alpha channel.

See also: setInteger()

Enumerator

it_opaque

Make signature image opaque.

The signature image will be opaque unless the image has an alpha channel or transparent colors in its palette.

it_brightest

Make the brightest color transparent.

If the image has an alpha channel (or if its palette contains a transparent color), the image's transparency will be used. Otherwise, white will be made transparent for truecolor images and the brightest color in the palette will be made transparent for indexed images (including grayscale images).

enum Method

Signing methods.

Used for integer parameter "Method" and by SignDocVerificationResult::getMethod().

See also: setInteger()

Enumerator
m_default	Default method. For signature parameters created by SignDocDocument::createSignatureParametersForTimeStamp(), this value is treated as m_digsig_cades_rfc3161. Use the method specified by the SubFilter values of the signature field seed value dictionary or, if not present, m_digsig_pkcs7_detached. This is the recommended method unless you need an ETSI CAdES signature (m_digsig_cades_detached).
m_digsig_pkcs1	PKCS #1 (RSA keys only). Not allowed for PDF/A-2 and PDF/A-3.
m_digsig_pkcs7_detached	Detached PKCS #7.
m_digsig_pkcs7_sha1
m_hash
m_digsig_cades_detached
m_digsig_cades_rfc3161

enum Optimize

Optimization of document before signing.

Used for integer parameter "Optimize".

See also: setInteger()

Enumerator

o_optimize

Optimize document before signing for the first time.

o_dont_optimize

Don't optimize document.

o_if_possible

Optimize the document if possible.

Optimization is possible if there is not yet any signature.

enum PDFAButtons

Fix appearance streams of check boxes and radio buttons for PDF/A-1 without Technical Corrigendum 2.

Used for integer parameter "PDFAButtons".

Using pb_freeze (or pb_auto, if the document claims to conform with PDF/A-1 and has no signed signature fields) is equivalent to saving the document with SignDocDocument::sf_pdfa_buttons before signing.

See also: setInteger()

Enumerator

pb_freeze

Freeze (fix) appearances.

This value should be used only if you need conformance with ISO 19005-1:2005 before Technical Corrigendum 2 (TC2), that is, if you need conformance with a standard that is no longer in force.

Note that TC2 is in force and using this value breaks conformance with TC2.

pb_dont_freeze

Don't freeze (fix) appearances.

This value should be used unless you need conformance with a standard (ISO 19005-1:2005 without Technical Corrigendum 2) that is no longer in force.

pb_auto

Freeze (fix) appearances if appropriate.

Freeze (fix) appearances if the document claims PDF/A-1 conformance and if there are no signed signature fields.

This value should be used only if you need conformance with ISO 19005-1:2005 without Technical Corrigendum 2 (TC2), that is, if you need conformance with a standard that is no longer in force.

Note that TC2 is in force and using this value breaks conformance with TC2.

enum RemoveXFA

Values for integer parameter "RemoveXFA".

See also: setInteger()

Enumerator

rx_always

Always remove XFA.

Use this value if you intend to call SignDocDocument::setField() or SignDocDocument::addField() after signing. Adding the signature will fail if the document prohibits removal of XFA.

rx_if_allowed

Remove XFA if possible.

XFA will be removed unless the document prohibits removal of XFA. SignDocDocument::addField() and SignDocDocument::setField() will fail if XFA is still present after signing.

rx_never

Do not remove XFA.

SignDocDocument::addField() and SignDocDocument::setField() will fail if XFA is still present after signing.

enum RenderSignatureFlags

Flags for rendering the signature.

Used for integer parameter "RenderSignature".

rsf_bw, rsf_gray, and rsf_antialias are mutually exclusive.

See also: setInteger()

Enumerator
rsf_bw	Black and white.
rsf_gray	Use gray levels computed from pressure.
rsf_antialias	Use gray levels for antialiasing.
rsf_limit_size	Limit the size of the rendered signature to the size of the captured signature. If this flag is set, the rendered signature won't be magnified. However, it may be shrunk to fit the signature field. Set this flag only if you are sure that the capture resolution stored in the blob passed to blob parameter "BiometricData" is accurate.

enum TextGroup

Text groups.

One font size is used per group and is chosen such that the text fits horizontally. The maximum font size is specified by length parameter "FontSize". The font size of the secondary group cannot be greater than the font size of the primary group, that is, long text in the secondary group won't reduce the font size of the primary group.

There must be at least one primary text item if there is a secondary text item.

See also: addTextItem(), addTextItem2(), setLength()

Enumerator
tg_primary	Primary group.
tg_secondary	Secondary group.
tg_master
tg_slave

enum TextItemDirection

Paragraph direction of a text item.

Enumerator
tid_ltr	Paragraph direction: LTR.
tid_rtl	Paragraph direction: RTL.
tid_default_ltr	Choose direction automatically, default to LTR. The base direction of each paragraph (BiDi paragraph level) will depend on the first strong directional character in the paragraph. The paragraph level will be 0 (LTR) for paragraphs having no strong directional character.
tid_default_rtl	Choose direction automatically, default to RTL. The base direction of each paragraph (BiDi paragraph level) will depend on the first strong directional character in the paragraph. The paragraph level will be 1 (RTL) for paragraphs having no strong directional character.

enum TextPosition

Position of the text block w.r.t. to the image.

Used for integer parameter "TextPosition".

See also: setInteger()

Enumerator
tp_overlay	Text and image are independent and overlap (text painted on image).
tp_below	Text is put below the image.
tp_underlay	Text and image are independent and overlap (image painted on text).
tp_right_of	Text is put on the right of the image.
tp_above	Text is put above the image.
tp_left_of	Text is put on the left of the image.

enum Type

Return values of getType().

Enumerator
t_undefined	The specified parameter is not defined.
t_integer	Integer. See also setInteger()
t_string	String. See also setString()
t_color	Color. See also getColor(), setColor()
t_blob	Blob. See also setBlob()
t_length	Length. See also setLength()

enum VAlignment

Vertical alignment.

Used for integer parameters "ImageVAlignment" and "TextVAlignment" (see setInteger()).

Enumerator
va_top	Align top.
va_center	Center.
va_bottom	Align bottom.

enum ValueType

Indicate how measurements are specified.

See also: setLength()

Enumerator

vt_abs

aValue is the value to be used (units of document coordinates).

See Coordinate Systems.

vt_field_height

Multiply aValue by the field height.

vt_field_width

Multiply aValue by the field width.

Constructor & Destructor Documentation

SignDocSignatureParameters ( )

inline

Constructor.

Use SignDocDocument::createSignatureParameters() or SignDocDocument::createSignatureParametersForTimeStamp() instead.

~SignDocSignatureParameters ( )

inline

Destructor.

Overwrites this object's copies of the private key and biometric data.

SignDocSignatureParameters ( SIGNDOC_SignatureParameters * aP )

inline

Internal function.

Member Function Documentation

ReturnCode addTextItem	(	const std::string &	aItem,
		TextGroup	aGroup
	)

inline

Add another string to be displayed, top down.

For DigSig signature fields, this function adds another string to the appearance stream of PDF documents. The first call clears any default strings. The default values depend on the profile passed to SignDocDocument::createSignatureParameters():

Profile	Value
""	"Signer"/tg_primary, "SignTime"/tg_primary
"image"	(empty)

The paragraph direction is 0 which is treated like tid_ltr.

See also blob parameter "Template".

Parameters

[in]	aItem	Select the string to be added: Signer String parameter "Signer". SignTime String parameter "SignTime". Comment String parameter "Comment". Adviser String parameter "Adviser". ContactInfo String parameter "ContactInfo". Location String parameter "Location". Reason String parameter "Reason". Text1 String parameter "Text1". Text2 String parameter "Text2". Text3 String parameter "Text3". Text4 String parameter "Text4". Text5 String parameter "Text5". Text6 String parameter "Text6". Text7 String parameter "Text7". Text8 String parameter "Text8". Text9 String parameter "Text9".
[in]	aGroup	The string's group for font size computation.

Returns: ReturnCode::rc_ok iff successful.

See also: addTextItem2(), clearTextItems(), setTextItemDirection()

ReturnCode addTextItem2	(	const std::string &	aItem,
		TextGroup	aGroup,
		HAlignment	aHAlignment,
		int	aDirection
	)

inline

Add another string to be displayed, top down, with paragraph direction.

For DigSig signature fields, this function adds another string to the appearance stream of PDF documents. The first call clears any default strings. The default values depend on the profile passed to SignDocDocument::createSignatureParameters():

Profile	Value
""	"Signer"/tg_primary, "SignTime"/tg_primary
"image"	(empty)

See also blob parameter "Template".

Parameters

[in]	aItem	Select the string to be added: Signer String parameter "Signer". SignTime String parameter "SignTime". Comment String parameter "Comment". Adviser String parameter "Adviser". ContactInfo String parameter "ContactInfo". Location String parameter "Location". Reason String parameter "Reason". Text1 String parameter "Text1". Text2 String parameter "Text2". Text3 String parameter "Text3". Text4 String parameter "Text4". Text5 String parameter "Text5". Text6 String parameter "Text6". Text7 String parameter "Text7". Text8 String parameter "Text8". Text9 String parameter "Text9".
[in]	aGroup	The string's group for font size computation.
[in]	aHAlignment	Horizontal alignment. This value overrides integer parameter "TextHAlignment" unless it is ha_default.
[in]	aDirection	The paragraph direction, see enum TextItemDirection. 0 is treated like tid_ltr.

Returns: ReturnCode::rc_ok iff successful.

See also: addTextItem(), clearTextItems(), setTextItemDirection()

ReturnCode clearTextItems ( )

inline

Remove all strings that were to be displayed.

addTextItem() cannot remove the default strings without adding a new string. This function does.

See also blob parameter "Template".

Returns: ReturnCode::rc_ok iff successful.

See also: addTextItem()

int getAvailableMethods ( )

inline

Get a bitset indicating which signing methods are available for this signature field.

Returns: 1<<SignDocSignatureParameters::m_digsig_pkcs1 etc.

See also: SignDocDocument::getAvailableMethods()

const char * getErrorMessage ( Encoding aEncoding ) const

inline

Get an error message for the last function call.

Parameters

[in] aEncoding The encoding to be used for the error message.

Returns: A pointer to a string describing the reason for the failure of the last function call. The string is empty if the last call succeeded. The pointer is valid until this object is destroyed or a member function of this object is called.

See also: getErrorMessageW()

const wchar_t * getErrorMessageW ( ) const

inline

Get an error message for the last function call.

Returns: A pointer to a string describing the reason for the failure of the last function call. The string is empty if the last call succeeded. The pointer is valid until this object is destroyed or a member function of this object is called.

See also: getErrorMessage()

SIGNDOC_SignatureParameters* getImpl ( )

inline

Internal function.

const SIGNDOC_SignatureParameters* getImpl ( ) const

inline

Internal function.

ReturnCode getTemplate ( std::vector< unsigned char > & aOutput )

inline

Get an XML document specifying the current layout.

This function can be used for debugging and for reporting bugs. This function will fail if the "Template" blob parameter is invalid.

Parameters

[out] aOutput The XML document will be stored here.

Returns: ReturnCode::rc_ok iff successful.

See also: setBlob()

SignDocSignatureParameters::Type getType ( const std::string & aName )

inlinestatic

Get the type of a parameter.

Parameters

[in] aName The name of the parameter (case-sensitive).

Returns: The type of the parameter, see enum Type.

ReturnCode setBlob	(	const std::string &	aName,
		const unsigned char *	aData,
		size_t	aSize
	)

inline

Set a blob parameter.

Available blob parameters are:

BiometricData The biometric data is stored in the document (see integer parameter "BiometricEncryption") and will be used for rendering the signature image if integer parameter "RenderSignature" is non-zero (unless a signature image is specified by blob parameter "Image"). If used for rendering, the data must be in a format supported by SignWare (e.g., created by SPFlatFileCreateFromSignature()).
BiometricKey The public key (be_rsa) or the AES key (be_binary) for encrypting the biometric data. See also string parameter "BiometricKeyPath" and Encryption of biometric data.
Certificate The signing certificate for the signature. The blob must contain a serialized X.509 certificate (DER or PEM) and blob parameter "CertificatePrivateKey" must contain the private key for that certificate. Alternatively, for PKCS #7 and CAdES detached signatures, the blob may contain the certificate and its private key in PKCS #12 format; string parameter "PKCS#12Password" contains the password for extracting the private key.
CertificatePrivateKey The private key for the (self-signed) certificate in PKCS #1 format (DER or PEM) for RSA or in SEC 1 format, traditional format, or PKCS #8 format (DER or PEM) for ECDSA. If a certificate is passed in blob parameter "Certificate", this parameter must contain the private key for that certificate. If a self-signed certificate is to be generated, the private key can be either set with this parameter or generated with integer parameter "GenerateKeyPair" or with string parameter "GenerateECCKeyPair".
FilterCertificatesByIssuerCertificate Acceptable issuer certificates. Setting this parameter adds the specified DER-encoded certificate to a list of acceptable issuer certificates. Pass 0 for aSize to clear the list. A PDF document may contain (in its certificate seed value dictionaries) additional restrictions for acceptable issuer certificates. A signer certificate is acceptable for the rule defined by this parameter if it chains up to any of the certificates in the list of acceptable issuer certificates. SignDocDocument::addSignature() will fail if no matching certificate is available for signing. Note that csf_software and/or csf_hardware must be included in integer parameter "SelectCertificate" to make certificates available at all.
FilterCertificatesBySubjectCertificate Acceptable certificates. Setting this parameter adds the specified DER-encoded certificate to a list of acceptable certificates. Pass 0 for aSize to clear the list. A PDF document may contain (in its certificate seed value dictionaries) additional restrictions for acceptable certificates. SignDocDocument::addSignature() will fail if no matching certificate is available for signing. Note that csf_software and/or csf_hardware must be included in integer parameter "SelectCertificate" to make certificates available at all.
Image The signature image. The image can be in BMP, JPEG, PNG, or TIFF format. If no image is set (or rendered, see integer parameter "RenderSignature"), the signature field may or may not show an image computed from the biometric data, depending on the document type and signature field type. This parameter overrides integer parameter "RenderSignature". See also integer parameters "ImageDPI" and "ImageTransparency" and blob parameter "Template".
IntermediateCertificate An intermediate certificate for the signature. The blob must contain a DER-encoded X.509 certificate or one or more PEM-encoded X.509 certificates. setBlob() calls with name "IntermediateCertificate" are cumulative. Intermediate certificates can also be provided in the PKCS #12 blob passed to blob parameter "Certificate". See also integer parameter "AddCertificates".
Template An XML document specifying the layout of the appearance of a signature in PDF documents. The XML document must conform to SignatureTemplate.dtd, which see for details. You can control the layout of the appearance of the signature by
- using the default values provided by SignDocDocument::createSignatureParameters(), or
- using only string parameters (such as "FontName"), integer parameters (such as "TextPosition"), and length parameters (such as "ImageMargin"), color parameters (such as "TextColor"), or
- using only blob parameter "Template", or
- a mixture of the above.
Initial values for the parameters are provided by SignDocDocument::createSignatureParameters(). If blob parameter "Template" is set, text items added by addTextItem() and friends are ignored, but other parameters provide default values for attributes not used in the XML document.

Additionally, you can store your own blobs in the signature by using a name starting with "Prop_", except for "Prop_AuthTime", "Prop_AuthType", "Prop_Build", and any name starting with "Prop_BiometricData", see SignDocVerificationResult::getSignatureBlob(). The name shall contain the following characters only: 0-9, a-z, A-Z, '-', and '_'.

Parameters

[in]	aName	The name of the parameter (case-sensitive).
[in]	aData	A pointer to the first octet of the value.
[in]	aSize	Size of the blob (number of octets).

Returns: ReturnCode::rc_ok iff successful.

See also: getTemplate()

ReturnCode setColor	(	const std::string &	aName,
		const SignDocColor &	aValue
	)

inline

Set a color parameter.

Available color parameters are:

SignatureColor The foreground color for the rendered signature (see integer parameter "RenderSignature"). The default color is black.
TextColor The color to be used for text in the appearance of a DigSig signature field in a PDF document. If this parameter is not set, the color will be taken from the field's text field attributes. If the field doesn't have text field attributes, the document's text field attributes will be used. If this also fails, the text will be black. See also string parameter "FontName", length parameter "FontSize", and blob parameter "Template".

Parameters

[in]	aName	The name of the parameter (case-sensitive).
[in]	aValue	The value of the parameter.

Returns: ReturnCode::rc_ok iff successful.

ReturnCode setECDSA ( SignECDSA * aECDSA )

inline

Set an object which will compute an ECDSA signature.

By default, ECDSA signatures are computed internally which means that the private key must be available on this machine.

Requirements for string parameters:

GenerateECCKeyPair must not be set

Requirements for integer parameters:

GenerateKeyPair must not be set
SelectCertificate must be zero (which is the default value)

Requirements for blob parameters:

Certificate must not be set
CertificatePrivateKey must not be set

setRSA() and setPKCS7() must not have been called

Parameters

[in] aECDSA The object that will compute the ECDSA signature. This function does not take ownership of that object. It must still be alive when addSignature() is called.

Returns: ReturnCode::rc_ok iff successful.

See also: setPKCS7(), setRSA()

void setImpl ( SIGNDOC_SignatureParameters * aP )

inline

Internal function.

ReturnCode setInteger	(	const std::string &	aName,
		int	aValue
	)

inline

Set an integer parameter.

Available integer parameters are:

AddCertificates This parameter controls inclusion of intermediate and root certificates. See enum AddCertificates. The default value is ac_all. If you are using setPKCS7(), you'll have to include the certificates yourself. See also integer parameter "AddRevocationInfo" and blob parameter "IntermediateCertificate".
AddRevocationInfo This parameter controls inclusion of revocation data (CRL and OCSP) for the signing certificate (unless it is self-signed) and the intermediate certificates. See enum AddRevocationInfo. If the parameter is zero (which is the default value), revocation data won't be included. If the signature field has a mandatory AddRevInfo seed value, with value true, AddRevocationInfo is assumed to have ari_add set. If revocation data is to be added, integer parameter "Method" must be set to m_digsig_pkcs7_detached, m_digsig_pkcs7_sha1, or m_digsig_cades_detached, otherwise signing will fail. Integer parameter "AddCertificates" must be ac_all or ac_trusted, otherwise signing will fail. If revocation data is to be included, SignDocVerificationParameters::vf_check_revocation is assumed to be set in the value of integer parameter "VerificationFlags" of the verification parameters. Integer parameter "VerificationModel" of addSignature()'s aVerificationParameters is assumed to be SignDocVerificationParameters::vm_chain if it is SignDocVerificationParameters::vm_minimal (to enable inclusion of all certificates but the root certificate). If revocation data cannot be retrieved or if any of the certificates for which revocation information is retrieved is revoked or has unknown revocation status, signing will fail. If you are using setPKCS7(), you'll have to include revocation information yourself.
BiometricEncryption Specifies how biometric data is to be encrypted (enum BiometricEncryption). If not set, biometric data will not be embedded in the signature.
BiometricHashLocation Specifies where to store the message digest computed over the document hash and the unencrypted biometric data (enum BiometricHashLocation). This parameter is used for PDF documents only. The default value is bhl_attr.
DocMDP To create a certification signature rather than an approval signature, set this parameter to a positive value (PDF only):
- 1 no changes to the document shall be permitted
- 2 only filling in forms, instantiating page templates, and signing shall be permitted
- 3 only filling in forms, instantiating page templates, signing, creating annotations, deleting annotations, and modifying annotations shall be permitted.
To create an approval signature, set this parameter to 0 or -1. The default value is -1. A positive MDP value from the signature seed value dictionary overrides this parameter, see SignDocField::getSeedValueMDP(). A PDF document can have at most one certification signature. If you want the certification signature to be invisible, create the signature field with zero for the left, bottom, right, and top coordinates.
GenerateKeyPair Start generation of an RSA key pair for the self-signed certificate. The value is the number of bits (1024 through 4096, multiple of 8). When a self-signed certificate is to be generated, the private key can be either be generated by setting this parameter or set as blob parameter "CertificatePrivateKey". See also string parameter "GenerateECCKeyPair". "GenerateECCKeyPair" and "GenerateKeyPair" are mutually exclusive.
IgnoreSeedValues Specifies what entries in the signature field seed value dictionary shall be ignored. This parameter contains a set of flags taken from enum IgnoreSeedValues. The default value is 0 which means that signing might fail due to a conflict between integer parameter "Method" and string parameter "DetachedHashAlgorithm" on one hand and the SubFilter and DigestMethod entries of the signature field seed value dictionary on the other hand. The Cert entry of the signature field seed value dictionary is currently ignored by default, see csf_use_certificate_seed_values of integer parameter "SelectCertificate". This parameter is ignored for TIFF documents.
ImageDPI Resolution in DPI of the image passed in blob parameter "Image" for PDF signature fields. The width and height of the image computed by multiplying the resolution with the number of horizontal pixels and vertical pixels, respectively, limits the size of the image in the signature field: The image will never be wider or higher than that width and height, respectively. (You can cheat by specifying a smaller resolution.) Positive values of this parameter specify the horizontal resolution in DPI, zero means that the resolution is taken from the image (the behavior is undefined if the image does not specify a resolution), -1 means that the size of the image in the signature field won't be limited by values computed from its size (apart from the aspect ratio). The default value is -1. This parameter is ignored for TIFF documents.
ImageHAlignment The horizontal alignment of the image (enum HAlignment, ha_left, ha_center, or ha_right). For DigSig signature fields, this parameter defines the horizontal alignment of the image in the appearance stream of PDF documents. The default value depends on the profile passed to SignDocDocument::createSignatureParameters():

Profile Value

"" ha_center

"image" ha_center

See also blob parameter "Template".
ImageVAlignment The vertical alignment of the image (enum VAlignment). For DigSig signature fields, this parameter defines the vertical alignment of the image in the appearance stream of PDF documents. The default value depends on the profile passed to SignDocDocument::createSignatureParameters():

Profile Value

"" va_top

"image" va_center

See also blob parameter "Template".
ImageTransparency Image transparency (enum ImageTransparency). For DigSig signature fields, this parameter defines how to handle transparency for signature image (either the image passed in the "Image" blob parameter or the image computed according to the "RenderSignature" integer parameter). The default value is it_brightest. See also blob parameter "Template".
Method The signing method (enum Method). The default value is m_default. See also string parameter "DetachedHashAlgorithm" and integer parameter "IgnoreSeedValues".
Optimize Set whether this is the first signature of the document and the document shall be optimized or whether the document shall not be optimized. Use one of the values of enum Optimize. The default value is o_if_possible. If the return value of getRequiredSaveToFileFlags() includes SignDocDocument::sf_incremental, signing with this parameter set to o_optimize will fail.
PDFAButtons Set whether appearance streams of check boxes and radio buttons shall be frozen (fixed) for conformance with PDF/A-1 without TC2 before signing. Use one of the values of enum PDFAButtons. The default value is pb_dont_freeze.
PenWidth Pen width for rendering the signature (see blob parameter "BiometricData") for the signature image. Ignored unless integer parameter "RenderSignature" is non-zero. The pen width is specified in micrometers, the default value is 500 (0.5mm).
RemoveXFA This parameter controls whether the XFA entry of the interactive form dictionary of the PDF document shall be removed. SignDoc SDK does not support XFA (XML Forms Architecture) and therefore SignDocDocument::addSignature(), SignDocDocument::addField(), SignDocDocument::applyFdf(), and SignDocDocument::setField() remove XFA from the document to avoid descrepancies between "classic" form fields and XFA. Use one of the values of enum RemoveXFA. The default value is rx_if_allowed. This parameter is ignored for TIFF documents.
RenderSignature Specifies whether and how the signature (see blob parameter "BiometricData") is to be rendered for the signature image. This parameter contains a set of flags taken from enum RenderSignatureFlags. If this value is 0, the signature won't be rendered. If no image is rendered (or set, see blob parameter "Image"), the signature field may or may not show an image computed from the biometric data, depending on the document type and signature field type. This parameter is ignored if blob parameter "Image" is set. The default value is 0. See also integer parameters "ImageTransparency", "PenWidth", and "RenderWidth" and color parameter "SignatureColor".
RenderWidth Specifies the width (in pixels) for the signature image rendered from biometric data for PDF documents. This parameter is ignored for TIFF documents. The default value is 600. If the signature is higher than wide, this value specified the height of the signature image.
SelectCertificate Let the user and/or the application select the certificate for the signature. The parameter contains a set of flags taken from enum CertificateSelectionFlags. If this parameter is zero (which is the default value), the user won't be asked and the certificate will either be generated on the fly or be supplied by the "Certificate" blob parameter and SignDocDocument::addSignature() will fail if the PDF document restricts acceptable certificates by means of a certificate seed value dictionary. This parameter is not yet implemented for Linux, iOS, Android, OS X, and Windows Store apps. See also string parameters "SelectCertificateMessage" and "SelectCertificateTitle".
TextHAlignment The horizontal alignment of text lines (enum HAlignment). For DigSig signature fields, this parameter defines the horizontal alignment of text lines in the appearance stream of PDF documents. The default value depends on the profile passed to SignDocDocument::createSignatureParameters():

Profile Value

"" ha_center

"image" ha_center

See also blob parameter "Template".
TextPosition The position of the text block w.r.t. the image (enum TextPosition). For DigSig signature fields, this parameter defines the position of the text block in the appearance stream of PDF documents. The default value depends on the profile passed to SignDocDocument::createSignatureParameters().

Profile Value

"" tp_below

"image" tp_overlay

See also blob parameter "Template".
TextVAlignment The vertical alignment of text lines (enum VAlignment). For DigSig signature fields, this parameter defines the vertical alignment of text lines in the appearance stream of PDF documents. The default value depends on the profile passed to SignDocDocument::createSignatureParameters():

Profile Value

"" va_bottom

"image" va_center

See also blob parameter "Template".
TimeStampRetries The maximum number of retries for obtaining an RFC 3161 timestamp after a timeout. The default value is 0. See also string parameter "TimeStampServerURL".
TimeStampServerTimeout Timeout in milliseconds for retrieving a time stamp from an RFC 3161 time-stamp server. The value must be positive. The default value is 10000. See also string parameter "TimeStampServerURL".
TimeStampSize If the value of this parameter is positive, add this many octets for the RFC 3161 timestamp to the anticipated size of the PKCS #7 message. If the value is zero or negative, a dummy time stamping request will be sent to the time-stamp server and the value of this parameter will be subtracted from the size of the response; as the response will be wrapped in an attribute, the value of this parameter should be smaller than -25. The default value is 8192. See also string parameter "TimeStampServerURL".

Parameters

[in]	aName	The name of the parameter (case-sensitive).
[in]	aValue	The value of the parameter.

Returns: ReturnCode::rc_ok iff successful.

ReturnCode setLength	(	const std::string &	aName,
		ValueType	aType,
		double	aValue
	)

inline

Set a length parameter.

Available length parameters are:

FontSize The maximum font size. For DigSig signature fields, this parameter defines the maximum font size for the appearance stream of PDF documents. The font size will be reduced to make all text lines fit horizontally into the signature field. The default value depends on the profile passed to SignDocDocument::createSignatureParameters():

Profile Value

"" vt_field_height and 0.1

"image" vt_field_height and 0.1

See also string parameter "FontName", color parameter "TextColor", and blob parameter "Template".
ImageMargin The margin to add around the image. For DigSig signature fields, this parameter defines the margin to be added around the image in the appearance stream of PDF documents. This margin is added at all four edges of the image. The default value depends on the profile passed to SignDocDocument::createSignatureParameters().

Profile Value

"" vt_abs and 1.0

"image" vt_abs and 1.0

See also blob parameter "Template".
TextHMargin The horizontal margin for text. For DigSig signature fields, this parameter defines the horizontal margin of text in the appearance stream of PDF documents. The margin will be added on both sides of the text. The default value depends on the profile passed to SignDocDocument::createSignatureParameters():

Profile Value

"" vt_field_height and 0.1

"image" vt_field_height and 0.1

See also blob parameter "Template".

Parameters

[in]	aName	The name of the parameter (case-sensitive).
[in]	aType	Define how the length is specified.
[in]	aValue	The value of the parameter.

Returns: ReturnCode::rc_ok iff successful.

ReturnCode setPKCS7 ( SignPKCS7 * aPKCS7 )

inline

Set an object which will create a PKCS #7 or CAdES signature.

By default, PKCS #7 and CAdES signatures are handled internally which means that the private key must be available on this machine.

Requirements for string parameters:

CommonName must not be set
Country must not be set
GenerateECCKeyPair must not be set
Locality must not be set
Organization must not be set
OrganizationUnit must not be set

Requirements for integer parameters:

GenerateKeyPair must not be set
Method must be m_digsig_pkcs7_detached, m_digsig_pkcs7_sha1 or m_digsig_cades_detached
SelectCertificate must be zero (which is the default value)

Requirements for blob parameters:

Certificate must not be set
CertificatePrivateKey must not be set

setRSA() and setECDSA() must not have been called

The SignPKCS7 interface is quite hard to use, please use setRSA() and the SignRSA interface or setECDSA() and the SignECDSA interface instead.

Parameters

[in] aPKCS7 The object that will create the PKCS #7 or CAdES signature. This function does not take ownership of that object. It must still be alive when addSignature() is called.

Returns: ReturnCode::rc_ok iff successful.

See also: setECDSA(), setRSA()

ReturnCode setRSA ( SignRSA * aRSA )

inline

Set an object which will compute an RSA signature.

By default, RSA signatures are computed internally which means that the private key must be available on this machine.

Requirements for string parameters:

GenerateECCKeyPair must not be set

Requirements for integer parameters:

GenerateKeyPair must not be set
SelectCertificate must be zero (which is the default value)

Requirements for blob parameters:

Certificate must not be set
CertificatePrivateKey must not be set

setECDSA() and setPKCS7() must not have been called

Parameters

[in] aRSA The object that will compute the RSA signature. This function does not take ownership of that object. It must still be alive when addSignature() is called.

Returns: ReturnCode::rc_ok iff successful.

See also: setECDSA(), setPKCS7()

ReturnCode setString	(	Encoding	aEncoding,
		const std::string &	aName,
		const std::string &	aValue
	)

inline

Set a string parameter.

Available string parameters are:

Adviser The adviser. For DigSig signature fields, the adviser may be used for the appearance stream of PDF documents. The default value is empty. Complex scripts are supported, see Complex Scripts.
BiometricKeyPath The pathname of a file containing the public key in PKCS #1 or X.509 format for encrypting the biometric data with integer parameter "BiometricEncryption" set to be_rsa. See also blob parameter "BiometricKey" and Encryption of biometric data. See Using SignDoc SDK in Windows Store apps for restrictions on pathnames in Windows Store apps.
BiometricPassphrase Passphrase to be used if integer parameter "BiometricEncryption" is be_passphrase. Should contain ASCII characters only.
CertificateSigningAlgorithm The signing algorithm for the self-signed certificate:
- "ECDSA-SHA-1"
- "ECDSA-SHA-224"
- "ECDSA-SHA-256"
- "ECDSA-SHA-384"
- "ECDSA-SHA-512"
- "RSA-MD5"
- "RSA-RIPEMD-160"
- "RSA-SHA-1"
- "RSA-SHA-256"
- "RSA-SHA-384"
- "RSA-SHA-512"
When a self-signed certificate is to be generated, the signing algorithm can be set. If not set, a suitable default value will be used.
Comment The comment. For DigSig signature fields, the comment may be used for the appearance stream of PDF documents. The comment can contain multiple lines which are separated by '
'. The default value is empty. Complex scripts are supported, see Complex Scripts.
CommonName The common name for the self-signed certificate. When a self-signed certificate is to be generated, the common name (CN) must be set. See also string parameter "Signer".
ContactInfo The contact information provided by the signer. For DigSig signature fields, the contact information will be stored in the digital signature. For DigSig signature fields, the contact information may be used for the appearance stream of PDF documents. The default value is empty. Complex scripts are supported, see Complex Scripts.
Country The country name for the self-signed certificate. When a self-signed certificate is to be generated, the country name (C) should be set. Use ISO 3166 country codes. The default value is empty.
DetachedHashAlgorithm Hash algorithm to be used for a detached signature (ie, if integer parameter "Method" is m_digsig_pkcs7_detached or m_digsig_cades_detached). The following values are supported:
- "default": default hash algorithm. For RSA, use the hash algorithm specified by the DigestMethod values of the signature field seed value dictionary or, if not present, SHA-256 (if supported), or SHA-1 (as last resort). For ECDSA, use the hash algorithm recommended for the elliptic curve used by the signing certificate's key.
- "RIPEMD-160". Not supported under Windows.
- "SHA-1". Deprecated, but supported everywhere.
- "SHA-224". Supported for ECDSA signatures only.
- "SHA-256". If SHA-256 is selected but not supported, SignDocDocument::addSignature() will fall back to SHA-1.
- "SHA-384". If SHA-384 is selected but not supported, SignDocDocument::addSignature() will fall back to SHA-1.
- "SHA-512". If SHA-384 is selected but not supported, SignDocDocument::addSignature() will fall back to SHA-1.
The default value is "default". See also integer parameters "Method" and "IgnoreSeedValues".
Filter The name of the preferred filter. For DigSig signature fields, the filter name will be stored in the digital signature. The default value is "SOFTPRO DigSig Security". You might want to set the filter to "Adobe.PPKLite".
FilterCertificatesByPolicy A required certificate policy. Setting this parameter adds the specified OID to a list of required policy object identifiers. All specified policies are required for a certificate to be accepted. Pass an empty value to clear the list. The value must be a valid ASN.1 object identifier. A PDF document may contain (in its certificate seed value dictionaries) additional restrictions for acceptable certificates. SignDocDocument::addSignature() will fail if no matching certificate is available for signing. Note that csf_software and/or csf_hardware must be included in integer parameter "SelectCertificate" to make certificates available at all.
FilterCertificatesBySubjectDN An acceptable subject Distinguished Name (DN). Setting this parameter adds the specified DN to a list of acceptable DNs. Pass an empty value to clear the list. The DN must be formatted according to RFC 4514, using short names for the attribute types. Multi-valued RDNs and multiple RDNs specifying a value for the same attribute are not allowed. A PDF document may contain (in its certificate seed value dictionaries) additional restrictions for acceptable certificates. SignDocDocument::addSignature() will fail if no matching certificate is available for signing. Note that csf_software and/or csf_hardware must be included in integer parameter "SelectCertificate" to make certificates available at all.
FontName The name of the font to be used for text in the appearance of a DigSig signature field in a PDF document. The font name can be the name of a standard font, the name of an already embedded font, or the name of a font defined by a font configuration file. If the name is empty, the font name will be taken from the field's text field attributes. If the field doesn't have text field attributes, the document's text field attributes will be used. If this also fails, standard font Helvetica will be used (which will break PDF/A conformance). The default value is empty. See also length parameter "FontSize", color parameter "TextColor", and blob parameter "Template".
GenerateECCKeyPair Start generation of an elliptic curve key pair for the self-signed certificate. The value is the name or the object identifier of the curve, e.g., prime256v1. When a self-signed certificate is to be generated, the private key can be either be generated by setting this parameter or set as blob parameter "CertificatePrivateKey". See also integer parameter "GenerateKeyPair". "GenerateECCKeyPair" and "GenerateKeyPair" are mutually exclusive.
Locality The location name for the self-signed certificate. When a self-signed certificate is to be generated, the location name (L) should be set. The default value is empty. Do not confuse "Locality" and "Location"!
Location The host name or physical location of signing. For DigSig signature fields, the location will be stored in the digital signature. For DigSig signature fields, the location may be used for the appearance stream of PDF documents. The default value is empty. Complex scripts are supported, see Complex Scripts. Do not confuse "Location" and "Locality"!
Organization The organization name for the self-signed certificate. When a self-signed certificate is to be generated, the organization name (O) should be set. The default value is empty.
OrganizationUnit The organization unit name for the self-signed certificate. When a self-signed certificate is to be generated, the organization unit name (OU) should be set. The default value is empty.
OutputPath Specify the file to which the signed document shall be saved. If this parameter is non-empty, the file backing the document, if any, won't be modified. If this parameter is empty and the document is backed by a file (ie, the last load or save operation was from or to a file, respectively), the signed document will be written to that file. The special value "<memory>" causes the document to be saved to and signed in memory (available for PDF documents only). The default value is empty. See Using SignDoc SDK in Windows Store apps for restrictions on pathnames in Windows Store apps.
PKCS#12Password The password for extracting the private key from the PKCS #12 blob set as blob parameter "Certificate". The password must contain ASCII characters only.
Reason The reason for the signing. For DigSig signature fields, the reason will be stored in the digital signature. For DigSig signature fields, the reason may be used for the appearance stream of PDF documents. The default value is empty. Complex scripts are supported, see Complex Scripts.
RSASignatureScheme The RSA signature scheme to be used for PKCS #7 signatures with RSA keys:
- "PKCS1": PKCS #1 (RSA v1.5). This signature scheme should be supported by all software that verifies DigSig signatures in PDF documents. However, it is considered obsolete due to security concerns.
- "PSS": Probabilistic Signature Scheme (PSS) (RSA v2.0 and v2.1). Improved signature scheme, supposed to be more secure than PKCS #1 However, this signature scheme may not be supported by all software that verifies DigSig signatures in PDF documents. For instance, Adobe Acrobat DC supports RSA-PSS since April 2017 (Windows) and August 2017 (MacOS). When using a certificate from a Windows certificate store (see integer parameter "SelectCertificate"), the private key must be provided by a CNG Key Storage Provider.
The default value is "PKCS1".
SelectCertificateMessage A message to be displayed in the certificate selection dialog, see integer parameter "SelectCertificate".
SelectCertificateTitle The title of the certificate selection dialog, see integer parameter "SelectCertificate". A localized version of "Select Certificate" will be used if empty or not set.
Signer The signer name. This is the signer name that will be stored in the digital signature. If not set, the name will be taken from the signing certificate. For DigSig signature fields, the signer name may be used for the appearance stream of PDF documents. The default value is empty (meaning that the name will be taken from the certificate). See also string parameter "CommonName". Complex scripts are supported, see Complex Scripts.
SignTime The time of signing in free format. For DigSig signature fields, the time of signing may be used for the appearance stream of PDF documents. The default value is empty. See also string parameter "Timestamp".
Text1 A text to be included in the appearance stream of DigSig signature fields in PDF documents. The text can contain multiple lines which are separated by '
'. The default value is empty. Complex scripts are supported, see Complex Scripts. See also blob parameter "Template".
Text2 See Text1.
Text3 See Text1.
Text4 See Text1.
Text5 See Text1.
Text6 See Text1.
Text7 See Text1.
Text8 See Text1.
Text9 See Text1.
Timestamp The timestamp to be used in the digital signature (instead of the current time). ISO 8601 format must be used: "yyyy-mm-ddThh:mm:ss" with optional timezone. For DigSig signature fields, the timestamp will be stored in the signature dictionary (transformed suitably for the M entry). If empty, the current time will be used. If the value is "-", the M entry will be omitted (this is only allowed if the PKCS #7 message contains a signingTime or timeStampToken attribute; note that the signingTime attribute is not allowed for method m_digsig_cades_detached). The default value is empty. See also string parameters "SignTime" and "TimeStampServerURL".
TimeStampClientCertificatePath The pathname of a file containing the certificate in PEM format for authenticating to an RFC 3161 time-stamp server over HTTPS. If the is non-empty, string parameter "TimeStampClientKeyPath" must also be set. If the value is empty, the client won't authenticate itself. The default value is empty. See also string parameters "TimeStampServerURL", and "TimeStampClientKeyPath". See Using SignDoc SDK in Windows Store apps for restrictions on pathnames in Windows Store apps.
TimeStampClientKeyPath The pathname of a file containing the private key in PEM format for authenticating to an RFC 3161 time-stamp server over HTTPS. If the is non-empty, string parameter "TimeStampClientCertificatePath" must also be set. If the value is empty, the client won't authenticate itself. The default value is empty. See also string parameters "TimeStampServerURL" and "TimeStampClientKeyPath". See Using SignDoc SDK in Windows Store apps for restrictions on pathnames in Windows Store apps.
TimeStampHashAlgorithm Hash algorithm for RFC 3161 time stamps:
- "default": use a default value. For signatures, use the same hash algorithm as used for the document hash. For document time stamps, SHA-256 (if supported by the time stamp server) SHA-1 (if SHA-256 is not supported by the time stamp server) will be used. The hash algorithm requested for the document hash will be used for the time stamp even if the document hash falls back to SHA-1 (see "default" for string parameter "DetachedHashAlgorithm"). SHA-256 will be used if the document hash is SHA-224. SHA-256 will be used if string parameter "DetachedHashAlgorithm" is "default" and the document hash is SHA-384 or SHA-512 (this can happen for keys using certain elliptic curves).
- "SHA-1"
- "SHA-256"
- "SHA-384"
- "SHA-512"
The default value is "default". See also string parameter "TimeStampServerURL".
TimeStampServerPassword The password for Basic/Digest HTTP authentication to the time-stamp server. Non-ASCII values probably don't work. If this parameter is set, string parameter "TimeStampServerUser" must also be set.
TimeStampServerURL The URL of an RFC 3161 time-stamp server. If string parameter "Timestamp" is empty and string parameter "TimeStampServerURL" is non-empty, a time stamp will be obtained from a time-stamp server. The scheme of the URL must be either "http" or "https". The time-stamp server URL specified by the document's signature field seed value dictionary overrides the "TimeStampServerURL" parameter. An error will be returned by SignDocDocument::addSignature() if a time-stamp server is to be used and integer parameter "Method" is not m_digsig_pkcs7_detached, m_digsig_pkcs7_sha1, or m_digsig_cades_detached. See also integer parameters "TimeStampRetries", "TimeStampServerTimeout", and "TimeStampSize", and string parameters "TimeStampClientCertificatePath", "TimeStampClientKeyPath", "TimeStampHashAlgorithm", "TimeStampServerPassword", "TimeStampServerUser", and "TimeStampUserAgent". See also SignDocDocumentLoader::loadTrustedCertificatesFromFile(), SignDocDocumentLoader::loadTrustedCertificatesFromMemory(), and SignDocDocumentLoader::loadTrustedCertificatesFromStream().
TimeStampServerUser The user name for Basic/Digest HTTP authentication to the time-stamp server. Non-ASCII values probably don't work. If this parameter is set, string parameter "TimeStampServerPassword" must also be set.
TimeStampUserAgent The value of the User-Agent header field sent to the time-stamp server. The default value is "SignDoc".

Additionally, you can store your own strings in the signature by using a name starting with "Prop_", except for "Prop_AuthTime", "Prop_AuthType", "Prop_Build", and any name starting with "Prop_BiometricData", see SignDocVerificationResult::getSignatureString(). The name shall contain the following characters only: 0-9, a-z, A-Z, '-', and '_'. The length of the value is restricted for PDF documents and depends on the characters being used; the value encoded as PDF text string shall not exceed 32767 octets.

Parameters

[in]	aEncoding	The encoding used for aValue.
[in]	aName	The name of the parameter (case-sensitive).
[in]	aValue	The value of the parameter. The encoding is specified by aEncoding.

Returns: ReturnCode::rc_ok iff successful.

ReturnCode setString	(	const std::string &	aName,
		const wchar_t *	aValue
	)

inline

Set a string parameter.

See setString(Encoding aEncoding, const std::string &aName, const std::string &aValue) for a list of available string parameters.

Parameters

[in]	aName	The name of the parameter (case-sensitive).
[in]	aValue	The value of the parameter.

Returns: ReturnCode::rc_ok iff successful.

ReturnCode setTextItemDirection	(	const std::string &	aItem,
		HAlignment	aHAlignment,
		int	aDirection
	)

inline

Set the paragraph direction of text items.

This function sets the paragraph direction of all existing text items matching aItem.

See also blob parameter "Template".

Parameters

[in]	aItem	Select the text items: Signer String parameter "Signer". SignTime String parameter "SignTime". Comment String parameter "Comment". Adviser String parameter "Adviser". ContactInfo String parameter "ContactInfo". Location String parameter "Location". Reason String parameter "Reason". Text1 String parameter "Text1". Text2 String parameter "Text2". Text3 String parameter "Text3". Text4 String parameter "Text4". Text5 String parameter "Text5". Text6 String parameter "Text6". Text7 String parameter "Text7". Text8 String parameter "Text8". Text9 String parameter "Text9".
[in]	aHAlignment	Horizontal alignment. This value overrides integer parameter "TextHAlignment" unless it is ha_default.
[in]	aDirection	The paragraph direction, see enum TextItemDirection. 0 is treated like tid_ltr.

Returns: ReturnCode::rc_ok iff successful.

See also: addTextItem()

The documentation for this class was generated from the following file:

SignDocSDK-cpp.h

Public Types

Public Member Functions

Static Public Member Functions

Detailed Description

Member Enumeration Documentation

Constructor & Destructor Documentation

Member Function Documentation