DigitalSignatureField Class |
Namespace: pdftron.PDF
public sealed class DigitalSignatureField : IClosable
The DigitalSignatureField type exposes the following members.
Name | Description | |
---|---|---|
DigitalSignatureField | Constructs a DigitalSignatureField from a Field.
|
Name | Description | |
---|---|---|
CalculateDigest | Calculates the digest of the relevant bytes of the document for this signature field, in order to allow
the caller to perform custom signing/processing. Signature field must first be prepared using one of the
non-sign overloads (CreateSigDictForCustomSigning/Certification), and then the document must be saved; after that, this function can be called.
The ByteRanges that the most recent save has entered into the signature dictionary within this signature field
will be used to calculate the digest. This overload uses a default algorithm -- SHA-256. | |
CalculateDigest(DigestAlgorithm) | Calculates the digest of the relevant bytes of the document for this signature field, in order to allow
the caller to perform custom signing/processing. Signature field must first be prepared using one of the
non-sign overloads (CreateSigDictForCustomSigning/Certification), and then the document must be saved; after that, this function can be called.
The ByteRanges that the most recent save has entered into the signature dictionary within this signature field
will be used to calculate the digest. | |
CertifyOnNextSave(Byte, String) | Must be called to prepare a signature for certification, which is done afterwards by calling Save. Throws if document already certified. Default document permission level is e_annotating_formfilling_signing_allowed. Throws if signature field already has a digital signature dictionary. | |
CertifyOnNextSave(String, String) |
Must be called to prepare a signature for certification, which is done afterwards by calling Save. Throws if document already certified. Default document permission level is e_annotating_formfilling_signing_allowed. Throws if signature field already has a digital signature dictionary.
| |
CertifyOnNextSaveWithCustomHandler | Must be called to prepare a signature for certification, which is done afterwards by calling Save. Throws if document already certified. Default document permission level is e_annotating_formfilling_signing_allowed. Throws if signature field already has a digital signature dictionary. | |
ClearSignature |
Clears cryptographic signature, if present. Otherwise, does nothing. Do not need to call HasCryptographicSignature before calling this. After clearing, other signatures should still pass validation. Clears the appearance as well.
| |
Close | ||
CreateSigDictForCustomCertification | Prepares the field for certification without actually performing certification.
Useful for custom signing workflows. It is not necessary to call HasCryptographicSignature
before calling this function. | |
CreateSigDictForCustomSigning | Prepares the field for approval signing without actually performing signing.
Useful for custom signing workflows. It is not necessary to call HasCryptographicSignature
before calling this function. | |
EnableLTVOfflineVerification |
Given a successful verification result that required online information to verify trust
(trust verification must have been enabledand successful during the verification),
embeds data into the PDF document that allows the signature to be verified offline.
(This is accomplished using DSSand VRI dictionaries.) When this operation is
successfully completed, one of the two components of secure long term validation(LTV)
will be in place.The other necessary component of secure long term validation is
to make sure to timestamp the document appropriately while the signature
is still verifiable to maintain a chain of unexpired secure timestamps
attesting to the integrity of the document.The verifiability of the signature
should thereafter be maintainable in such a fashion despite any possible
certificate expiry, algorithm compromise, or key compromise that would
have otherwise rendered it invalid if it were to be verified using a time in
the future rather than a securely - signed timestamp - derived time nearer the time
of signing(at which which the signature was verifiable without extra data).
This function, if given a good verification result, is also capable of making timestamp
(DocTimeStamp ETSI.RFC3161) signatures LTV - enabled, which is necessary to do first when
you intend to add another timestamp around an already - timestamped document to extend
or enhance its verifiability(as described above), as per the PDF 2.0 and
ETSI TS 102 778 - 4 (PAdES Level 4) specifications.
| |
Equals | (Inherited from Object.) | |
GenerateContentsWithEmbeddedTimestamp | ||
GetCert |
Gets a certificate in the certificate chain (Cert entry) of the digital signature dictionary by index. Throws if Cert is not Array or String, throws if index is out of range and Cert is Array, throws if index is less than 1 and Cert is string, otherwise retrieves the certificate. Only to be used for old-style adbe.x509.rsa_sha1 signatures; for other signatures, use CMS getter functions instead.
| |
GetCertCount |
Gets number of certificates in certificate chain (Cert entry of digital signature dictionary). Must call HasCryptographicSignature first and use it to check whether the signature is signed. Only to be used for old-style adbe.x509.rsa_sha1 signatures; for other signatures, use CMS getter functions instead.
| |
GetContactInfo |
Should not be called when SubFilter is ETSI.RFC3161 (i.e. on a DocTimeStamp). Returns the contact information of the signer from the digital signature dictionary. Must call HasCryptographicSignature first and use it to check whether the signature is signed.
| |
GetDocumentPermissions |
If HasCryptographicSignature, returns most restrictive permissions found in any reference entries in this digital signature. Returns Lock-resident (i.e. tentative) permissions otherwise. Throws if invalid permission value is found.
| |
GetHashCode | Serves as a hash function for a particular type. (Inherited from Object.) | |
GetLocation |
Should not be called when SubFilter is ETSI.RFC3161 (i.e. on a DocTimeStamp). Returns the Location of the signature from the digital signature dictionary. Must call HasCryptographicSignature first and use it to check whether the signature is signed.
| |
GetLockedFields |
Returns the fully-qualified names of all fields locked by this signature using the field permissions feature. Retrieves from the digital signature dictionary if the form field HasCryptographicSignature. Otherwise, retrieves from the Lock entry of the digital signature form field. Result is invalidated by any field additions or removals. Does not take document permissions restrictions into account.
| |
GetReason |
Should not be called when SubFilter is ETSI.RFC3161 (i.e. on a DocTimeStamp). Returns the Reason for the signature from the digital signature dictionary. Must call HasCryptographicSignature first and use it to check whether the signature is signed.
| |
GetSDFObj | Gets the SDFObj. | |
GetSignatureName |
Should not be called when SubFilter is ETSI.RFC3161 (i.e. on a DocTimeStamp). Returns the name of the signer of the signature from the digital signature dictionary. Must call HasCryptographicSignature first and use it to check whether the signature is signed.
| |
GetSignerCertFromCMS |
Returns the signing certificate. Must only be called on signed adbe.pkcs7.detached signatures.
| |
GetSigningTime | Should not be called when SubFilter is ETSI.RFC3161 (i.e. on a DocTimeStamp).
Returns the "M" entry from the digital signature dictionary, which represents the
signing date/time. Must call HasCryptographicSignature first and use it to check whether the
signature is signed. | |
GetSubFilter |
Returns the SubFilter type of the digital signature. Specification says that one must check the SubFilter before using various getters. Must call HasCryptographicSignature first and use it to check whether the signature is signed.
| |
GetType | Gets the Type of the current instance. (Inherited from Object.) | |
HasCryptographicSignature | Assignment operator | |
HasVisibleAppearance |
Returns whether the field has a visible appearance. Can be called without checking HasCryptographicSignature first, since it operates on the surrounding Field dictionary, not the "V" entry (i.e. digital signature dictionary). Performs the zero-width+height check, the Hidden bit check, and the NoView bit check as described by the PDF 2.0 specification, section 12.7.5.5 "Signature fields".
| |
IsCertification |
Returns whether or not this signature is a certification.
| |
IsLockedByDigitalSignature |
Returns whether this digital signature field is locked against modifications by any digital signatures. Can be called when this field is unsigned.
| |
Set | Sets this DigitalSignatureField equal to a given DigitalSignatureField | |
SetContactInfo |
Should not be called when SubFilter is ETSI.RFC3161 (i.e. on a DocTimeStamp). Sets the ContactInfo entry in the digital signature dictionary. Must create a digital signature dictionary first using [Certify/Sign]OnNextSave[WithCustomHandler]. If this function is called on a digital signature field that has already been cryptographically signed with a valid hash, the hash will no longer be valid, so do not call Save (to sign/create the hash) until after you call this function, if you need to call this function in the first place. Essentially, call this function after [Certify/Sign]OnNextSave[WithCustomHandler] and before Save.
| |
SetDocumentPermissions |
Sets the document locking permission level for this digital signature field. Call only on unsigned signatures, otherwise a valid hash will be invalidated.
| |
SetFieldPermissions(DigitalSignatureFieldFieldPermissions) | Tentatively sets which fields are to be locked by this digital signature upon signing. It is not necessary to call HasCryptographicSignature before using this function. | |
SetFieldPermissions(DigitalSignatureFieldFieldPermissions, String) | Tentatively sets which fields are to be locked by this digital signature upon signing. It is not necessary to call HasCryptographicSignature before using this function. Throws if non-empty array of field names is passed along with FieldPermissions Action == e_lock_all. | |
SetLocation |
Should not be called when SubFilter is ETSI.RFC3161 (i.e. on a DocTimeStamp). Sets the Location entry in the digital signature dictionary. Must create a digital signature dictionary first using [Certify/Sign]OnNextSave[WithCustomHandler]. If this function is called on a digital signature field that has already been cryptographically signed with a valid hash, the hash will no longer be valid, so do not call Save (to sign/create the hash) until after you call this function, if you need to call this function in the first place. Essentially, call this function after [Certify/Sign]OnNextSave[WithCustomHandler] and before Save.
| |
SetPreferredDigestAlgorithm(DigestAlgorithm) | Sets the preferred digest algorithm to use when signing this field. This is done by setting DigestMethod
in the Seed Value dictionary. This function can be called before a signature field is even prepared for signing.
This overload sets the algorithm as mandatory. | |
SetPreferredDigestAlgorithm(DigestAlgorithm, Boolean) | Sets the preferred digest algorithm to use when signing this field. This is done by setting DigestMethod
in the Seed Value dictionary. This function can be called before a signature field is even prepared for signing. | |
SetReason |
Should not be called when SubFilter is ETSI.RFC3161 (i.e. on a DocTimeStamp). Sets the Reason entry in the digital signature dictionary. Must create a digital signature dictionary first using [Certify/Sign]OnNextSave[WithCustomHandler]. If this function is called on a digital signature field that has already been cryptographically signed with a valid hash, the hash will no longer be valid, so do not call Save (to sign/create the hash) until after you call this function, if you need to call this function in the first place. Essentially, call this function after [Certify/Sign]OnNextSave[WithCustomHandler] and before Save.
| |
SetSigDictTimeOfSigning | Adds the "M" key and value, representing the PDF-time-of-signing (not to be confused with
embedded timestamps, DocTimeStamps, or CMS signing time), to the digital signature dictionary.
The digital signature field must have been prepared for signing first. This function should
only be used if no secure embedded timestamping support is available from your signing provider.
Useful for custom signing workflows, where signing time is not set automatically by the PDFTron SDK,
unlike in the usual standard handler signing workflow. | |
SignDigest(Byte, Byte, String, Boolean, DigestAlgorithm) | Returns a CMS detached signature incorporating a digest that is provided using the provided PKCS #12 key buffer (.pfx). | |
SignDigest(Byte, String, String, Boolean, DigestAlgorithm) | Returns a CMS detached signature incorporating a digest that is provided using the provided PKCS #12 key buffer (.pfx). | |
SignOnNextSave(Byte, String) | Must be called to prepare a signature for signing, which is done afterwards by calling Save. Cannot sign two signatures during one save (throws). Default document permission level is e_annotating_formfilling_signing_allowed. Throws if signature field already has a digital signature dictionary. | |
SignOnNextSave(String, String) |
Must be called to prepare a signature for signing, which is done afterwards by calling Save. Cannot sign two signatures during one save (throws). Default document permission level is e_annotating_formfilling_signing_allowed. Throws if signature field already has a digital signature dictionary.
| |
SignOnNextSaveWithCustomHandler | Must be called to prepare a signature for signing, which is done afterwards by calling Save. Cannot sign two signatures during one save (throws). Default document permission level is e_annotating_formfilling_signing_allowed. Throws if signature field already has a digital signature dictionary. | |
TimestampOnNextSave |
Must be called to prepare a secure PDF-embedded timestamp signature (RFC 3161
DocTimeStamp) for signing, which is done afterwards by calling Save on the
document with an e_incremental flag.Throws if document is locked by other
signatures, if signature is already signed, or if another signature has already
been prepared for signing on the next save(because only one signing operation
can be done per incremental save).Default document permission level is
NOTE: A failure in timestamp response verification will result in document Save
throwing an exception.It is recommended to use TimestampingConfiguration.TestConfiguration
with the VerificationOptions ahead of time to avoid this. ///
| |
ToString | Returns a string that represents the current object. (Inherited from Object.) | |
UseSubFilter(DigitalSignatureFieldSubFilterType) |
Sets the requested SubFilter value (which identifies a signature type) as the only one to use during future signing, overwriting all such previous settings.
It is not necessary to call HasCryptographicSignature before calling this function. For example, this function can be used to switch to PAdES signing mode.
| |
UseSubFilter(DigitalSignatureFieldSubFilterType, Boolean) |
Sets the requested SubFilter value (which identifies a signature type) as the only one to use during future signing, overwriting all such previous settings.
It is not necessary to call HasCryptographicSignature before calling this function. For example, this function can be used to switch to PAdES signing mode.
| |
Verify |
Verifies this cryptographic digital signature in the manner specified by the VerificationOptions. EXPERIMENTAL. Digital signature verification is undergoing active development, but currently does not support a number of features. If we are missing a feature that is important to you, or if you have files that do not act as expected, please contact us using one of the following forms: https://www.pdftron.com/form/trial-support/ or https://www.pdftron.com/form/request/
|