CIB pdf toolbox technical guide (EN)

6. PDF signature with certificate

6.2. Properties for signing and verifying the signature

Property description

Type

Funcionality

Kind

SignPdf

String

Property, to activate signing of the output PDF.

Possible values:

„0“       No signing (default)

„1“       PDF will be signed

Any signatures contained in the input PDFs are deleted by default.

If SignPdf=1, NeedAppearances=0 has to be set. (Then the field "/NeedAppearances" will be set “false” in the PDF document.) Otherwise the generated signature will not be visible in the Adobe signature window.

Set

SignPdf.DocMDP

String

The signature gets the type „DocMDP“ (author signature).

This means that only changes that have been allowed exexplicitly by the author will be made in the PDF afterwards. Other changes invalidate the signature.

Requirements: SignPdf=1 and the output file PDF version is higher or equal to 1.5.

Possible values:

„“    No DocMDP signature (default)

„1“   No changes allowed

„2“   Allows signing, filling in form fields and creating new pages from page templates:

„3“   Allows same processes as in“2”,
but additionally all changes in comments

Otherwise: no DocMDP signature

Note: documents with DocMDP signature can only be read by Adobe Reader 7.0 onwards.

Set

SignPdf.Lock

String

The signature gets the lock type. This means that no changes to form fields are allowed and visible signatures can no longer be added. Requirements: SignPdf=1, SignPdf.DocMDP is not set, and PDF Version of the output is higher or equal to 1.5.

Possible values:

„0“   No lock for the document (default)

„1“   Document will be locked as described above. This corresponds to the "Lock Document After Signing" option in Adobe Professional. The Adobe Reader displays: ”The document is locked by that signature”.

Set

CertificateFilename

String

Setting the name (with path if necessary) of the certificate file. This must be a PKCS12 certificate file (usual ending ".p12" or ".pfx").

The signature via PEM files is not available yet. There was no suficient testing yet. Multiple PEM files can be specified. They need to be separated by the “;” symbol. All files have to be togheter with only one private key, Additionally, they need to contain the public key and the (optinal) key string of the signer. If a PEM file contains more private keys, the first one that fits to “CerficatePassword” will be used.

Set

CertificatePassword

String

Setting the password for the certificate file.

Set

RemovePdfSignatures

String

This property is used to control if existing signatures in the input files will be deleted.

Possible values:

„0“     Signatures will not be removed.

„1“     All signatures will be removed

There is a different standard behavior:

When signing (SignPdf=1), RemovePdfSignatures=1 is default.

Otherwise (and thus also during verification, CheckPdfSignatures=1) RemovePdfSignatures=0 is default.

Set

RemovePdfSignaturesKeepAppearance

String

This property will only be used whether RemovePdfSignatures=1 or SignPdf=1 is set.

Possible values:

„0“     When removing the signature, also the visible part of the signatures will be removed. (default)

„1“     When removing the signature, the visible part of the signatures will be maintained (e.g. image or text). But the signature will be removed.

Set

CheckPdfSignatures

String

This property controls whether signatures present in the input files are verified or not.

Possible values:

„0“     No signature will be verified (default)

„1“       All signatures will be verified.

Set

TrustedCertificatesDirectory

String

Directory containing the trusted certificates (with the public keys) for the CIB pdf toolbox.

This directory is mandatory for checking the trustworthiness of the signature certificates in the PDF document with CheckPdfSignature=1.Default: ””.

If this property is empty, it is not possible to verify if the signature certificates are trustworthy. But the verification of the signature is still not aborted!

The following certificate files with public keys are supported:           

-         CER files („.cer“) in DER and Base64 encoding

-         CRT files („.crt“) in DER and Base64 encoding

-         PEM files („.pem“)

-         P7B files („.p7b“) in DER encoding

-         P7C files („.p7c“) in DER encoding

-         SPC files („.spc“) in DER encoding

Files with other extensions will be ignored. The certificate files should only contain public keys.

Set

OutputFormat

String

The verification behavior (i.e. only with CheckPdfSignature=1) of the CIB pdf toolbox is controlled by the assignment of the "OutputFormat" property. A new value "FormatAnalyse" was introduced for this purpose. OutputFormat=”FormatAnalyse”


The verification process is always executed completely and the SignedDocument.xxx properties are set for the signature. This allows to track which processing steps were successful and which not.
 

-         OutputFormat not equal to “FormatAnalyse”


As soon as the signature of an input file is not valid, the processing will be aborted with an error and therefore, none of the SignedDocument.xxx properties will be set.
The SignedDocument.xxx properties will only be set if processing is successful.

Set

SignedDocument.DocumentIsUnmodified

String

The change status for each input PDF will be given.
(Only relevent if OutputFormat=“FormatAnalyse“ and CheckPdfSignatures=”1”)

A value will be given for each input file in form of a list, separated by the ; symbol.
E.g..: „1;0;no signature“.

Possible values:

“”    Not used by CIB pdf toolbox   (default)

“1”   The document has not been changed after signing.

“0”   The document has been changed after signing.

“not implemented”  This functionality has not been implemented.

“no signature”  The PDF does not contain any signature.

Get

SignedDocument.DocumentModificationsAreAllowed

String

For each input PDF, any changes made are classified.
(Only relevant for

OutputFormat=“FormatAnalyse“ and CheckPdfSignatures=”1”)

For every input data there will be given a value in form of a list, values separated by ; symbol

E.g.: „1;0;no signature“.

Attention:
This property is not fully implemented yet, so the value "not implemented" can occur often.

Possible values:

“”    Not used by CIB pdf toolbox   (default)

“1”   The document has not been changed after signing.

“0”   The document has been changed after signing.

“not implemented”  This functionality has not been implemented.

“no signature”  The PDF does not contain any signature.

Get

SignedDocument.DocumentSignatureDateIsValid

String

Only signature date will be verified for each input PDF.

(Only relevant for OutputFormat=“FormatAnalyse“ and CheckPdfSignatures=”1”)

For every input data there will be given a value in form of a list, values separated by ; symbol

E.g.: „1;0;no signature“.

Possible values:

“”    Not used by CIB pdf toolbox   (default)

“1”   The document has not been changed after signing.

“0”   The document has been changed after signing.

“not implemented”  This functionality has not been implemented.

“no signature”  The PDF does not contain any signature.

Get

SignedDocument.CertificateChainIsValid

String

For each input PDF it will be verified whether the certificate chain is valid throughout.
(Only relevant for OutputFormat=“FormatAnalyse“ and CheckPdfSignatures=”1”)

For every input data there will be given a value in form of a list, values separated by ; symbol

E.g.: „1;0;no signature“.

Possible values:

“”    Not used by CIB pdf toolbox   (default)

“1”   The document has not been changed after signing.

“0”   The document has been changed after signing.

“not implemented”  This functionality has not been implemented.

“no signature”  The PDF does not contain any signature.

Get

SignedDocument.CertificateIsTrusted

String

For each input PDF the trustworthiness of the signatures will be verified.

(Only relevant for OutputFormat=“FormatAnalyse“ and CheckPdfSignatures=”1”)

For every input data there will be given a value in form of a list, values separated by ; symbol

E.g.: „1;0;no signature“.

Possible values:

“”    Not used by CIB pdf toolbox   (default)

“1”   The document has not been changed after signing.

“0”   The document has been changed after signing.

“not implemented”  This functionality has not been implemented.

“no signature”  The PDF does not contain any signature.

Get