CIB pdf toolbox technical guide (EN)
6. PDF signature with certificate
6.2. Properties for signing and verifying the signature
|
Property description |
Type |
Funcionality |
Kind |
|
SignPdf |
String |
Property, to activate signing of the output PDF. Possible values: „0“ No signing (default) „1“ PDF will be signed Any signatures contained in the input PDFs are deleted by default. If SignPdf=1, NeedAppearances=0 has to be set. (Then the field "/NeedAppearances" will be set “false” in the PDF document.) Otherwise the generated signature will not be visible in the Adobe signature window. |
Set |
|
SignPdf.DocMDP |
String |
The signature gets the type „DocMDP“ (author signature). This means that only changes that have been allowed exexplicitly by the author will be made in the PDF afterwards. Other changes invalidate the signature. Requirements: SignPdf=1 and the output file PDF version is higher or equal to 1.5. Possible values: „“ No DocMDP signature (default) „1“ No changes allowed „2“ Allows signing, filling in form fields and creating new pages from page templates: „3“ Allows same processes as in“2”, Otherwise: no DocMDP signature Note: documents with DocMDP signature can only be read by Adobe Reader 7.0 onwards. |
Set |
|
SignPdf.Lock |
String |
The signature gets the lock type. This means that no changes to form fields are allowed and visible signatures can no longer be added. Requirements: SignPdf=1, SignPdf.DocMDP is not set, and PDF Version of the output is higher or equal to 1.5. Possible values: „0“ No lock for the document (default) „1“ Document will be locked as described above. This corresponds to the "Lock Document After Signing" option in Adobe Professional. The Adobe Reader displays: ”The document is locked by that signature”. |
Set |
|
CertificateFilename |
String |
Setting the name (with path if necessary) of the certificate file. This must be a PKCS12 certificate file (usual ending ".p12" or ".pfx"). The signature via PEM files is not available yet. There was no suficient testing yet. Multiple PEM files can be specified. They need to be separated by the “;” symbol. All files have to be togheter with only one private key, Additionally, they need to contain the public key and the (optinal) key string of the signer. If a PEM file contains more private keys, the first one that fits to “CerficatePassword” will be used. |
Set |
|
CertificatePassword |
String |
Setting the password for the certificate file. |
Set |
|
RemovePdfSignatures |
String |
This property is used to control if existing signatures in the input files will be deleted. Possible values: „0“ Signatures will not be removed. „1“ All signatures will be removed There is a different standard behavior: When signing (SignPdf=1), RemovePdfSignatures=1 is default. Otherwise (and thus also during verification, CheckPdfSignatures=1) RemovePdfSignatures=0 is default. |
Set |
|
RemovePdfSignaturesKeepAppearance |
String |
This property will only be used whether RemovePdfSignatures=1 or SignPdf=1 is set. Possible values: „0“ When removing the signature, also the visible part of the signatures will be removed. (default) „1“ When removing the signature, the visible part of the signatures will be maintained (e.g. image or text). But the signature will be removed. |
Set |
|
CheckPdfSignatures |
String |
This property controls whether signatures present in the input files are verified or not. Possible values: „0“ No signature will be verified (default) „1“ All signatures will be verified. |
Set |
|
TrustedCertificatesDirectory |
String |
Directory containing the trusted certificates (with the public keys) for the CIB pdf toolbox. This directory is mandatory for checking the trustworthiness of the signature certificates in the PDF document with CheckPdfSignature=1.Default: ””. If this property is empty, it is not possible to verify if the signature certificates are trustworthy. But the verification of the signature is still not aborted! The following certificate files with public keys are supported: - CER files („.cer“) in DER and Base64 encoding - CRT files („.crt“) in DER and Base64 encoding - PEM files („.pem“) - P7B files („.p7b“) in DER encoding - P7C files („.p7c“) in DER encoding - SPC files („.spc“) in DER encoding Files with other extensions will be ignored. The certificate files should only contain public keys. |
Set |
|
OutputFormat |
String |
The verification behavior (i.e. only with CheckPdfSignature=1) of the CIB pdf toolbox is controlled by the assignment of the "OutputFormat" property. A new value "FormatAnalyse" was introduced for this purpose. OutputFormat=”FormatAnalyse”
- OutputFormat not equal to “FormatAnalyse”
|
Set |
|
SignedDocument.DocumentIsUnmodified |
String |
The change status for each input PDF will be given. A value will be given for each input file in form of a list, separated
by the ; symbol. Possible values: “” Not used by CIB pdf toolbox (default) “1” The document has not been changed after signing. “0” The document has been changed after signing. “not implemented” This functionality has not been implemented. “no signature” The PDF does not contain any signature. |
Get |
|
SignedDocument.DocumentModificationsAreAllowed |
String |
For each input PDF, any changes made are classified. OutputFormat=“FormatAnalyse“ and CheckPdfSignatures=”1”) For every input data there will be given a value in form of a list, values separated by ; symbol E.g.: „1;0;no signature“. Attention: Possible values: “” Not used by CIB pdf toolbox (default) “1” The document has not been changed after signing. “0” The document has been changed after signing. “not implemented” This functionality has not been implemented. “no signature” The PDF does not contain any signature. |
Get |
|
SignedDocument.DocumentSignatureDateIsValid |
String |
Only signature date will be verified for each input PDF. (Only relevant for OutputFormat=“FormatAnalyse“ and CheckPdfSignatures=”1”) For every input data there will be given a value in form of a list, values separated by ; symbol E.g.: „1;0;no signature“. Possible values: “” Not used by CIB pdf toolbox (default) “1” The document has not been changed after signing. “0” The document has been changed after signing. “not implemented” This functionality has not been implemented. “no signature” The PDF does not contain any signature. |
Get |
|
SignedDocument.CertificateChainIsValid |
String |
For each input PDF it will be verified whether the certificate chain
is valid throughout. For every input data there will be given a value in form of a list, values separated by ; symbol E.g.: „1;0;no signature“. Possible values: “” Not used by CIB pdf toolbox (default) “1” The document has not been changed after signing. “0” The document has been changed after signing. “not implemented” This functionality has not been implemented. “no signature” The PDF does not contain any signature. |
Get |
|
SignedDocument.CertificateIsTrusted |
String |
For each input PDF the trustworthiness of the signatures will be verified. (Only relevant for OutputFormat=“FormatAnalyse“ and CheckPdfSignatures=”1”) For every input data there will be given a value in form of a list, values separated by ; symbol E.g.: „1;0;no signature“. Possible values: “” Not used by CIB pdf toolbox (default) “1” The document has not been changed after signing. “0” The document has been changed after signing. “not implemented” This functionality has not been implemented. “no signature” The PDF does not contain any signature. |
Get |