Data items
The data items that
PDFSeedValueOptionSpec
variables
contain.
addRevInfo
A
boolean
value
that specifies whether revocation checking is performed. A value
of
true
means that the viewer application must
perform the following revocation tasks when signing a signature
field:
If
the
subFilterEx
value is either
adbe_pkcs7_detached
or
adbe_pkcs7_sha1
,
this value must be set as
true
. If the
subFilterEx
value
is
x509_rsa_sha1
, this value must be omitted or
specified as
false
, or the signature process fails.
The
default value of
false
means that the revocation
checking is not performed.
certificateSeedValueOptions
A
CertificateSeedValueOptionSpec
value
that represents a certificate seed value dictionary. A certificate
seed value dictionary provides constraining information that is
used at the time the signature is applied.
CertificateSeeValueOptionSpec
values
contain the following data items:
-
flags
-
An
int
value
that represents the flags associated with this certificate seed value.
A value of 1 means that a signer is required to use only the specified
values for the entry. A value of
0
means that other
values are permissible. The default value is
0
.
-
issuers
-
A
list
of
byte
values
that contains byte-encoded X.509v3 certificates of acceptable issuers.
If the signer's certificate is in the chain of the listed issuers, the
certificate is considered acceptable for signing.
-
keyUsage
-
A
string
value
that specifies an acceptable key-usage extension that must be present
in the signing certificate. Multiple strings are used to specify a
range of acceptable extensions.
Each character in the string
represents a key-usage type, where the order of the characters indicates
the key-usage extension it represents. The first through ninth characters
in the string represent the following key-usage extensions:
1
:
digitalSignature
2
: non-Repudiation
3
:
keyEncipherment
4
: dataEncipherment
5
:
keyAgreement
6
: keyCertSign
7
: crlSign
8
:
encipherOnly
9
: decipherOnly
Any additional characters
are ignored. Any missing characters or characters that are not one
of the above values is set to X.
Each string is composed of
the following characters:
0
: Corresponding key-usage
must not be set.
1
: Corresponding key-usage must be
set.
X
: The state of the corresponding key-usage does
not matter.
Note:
For example, the
string
values
'1'
and
'1XXXXXXXX'
represent
settings where the key-usage type digitalSignature must be set,
and the state of the other key-usage types does not matter.
-
oids
-
A
list
of
string
values,
where each string contains object identifiers (OIDs) of the certificate
policies that must be present in the signing certificate.
-
subjectDN
-
A
list
of
string
values,
where each string contains key value pairs that specify the subject
Distinguished Name (DN), must be present within the certificate
to be acceptable for signing. The certificate must at least contain all
the attributes specified in the dictionary, but can also contain
other attributes.
-
subjects
-
An
list
of
byte
values
that contains byte-encoded X.509v3 certificates that are acceptable
for signing.
-
url
-
A
string
value
that specifies the URL that can be used to enroll for a new credential
if a matching credential is not found.
-
urlType
-
A
string
value
that contains the name indicating the usage of the URL entry. There
are standard and implementation-specific uses for the URL.
The
value
Browser
represents a valid standard usage.
It specifies that the URL references the content to be displayed
in a web browser to allow enrolling for a new credential.
The
value
ASSP
represents a valid implementation-specific
usage, defined for use by Adobe Systems. It specifies that the URL
references a signature web service used for server-based signing.
Note:
Third parties can extend the use of this item
with their own values. These values must conform to the guidelines
described in Appendix E of the
PDF Reference
.
digestMethod
A
HashAlgorithm
value
that specifies the names of the acceptable digest algorithms to
use while signing.
digestMethod can be one of these string
values:
-
SHA1:
-
The Secure Hash Algorithm has a 160-bit hash value.
-
SHA256:
-
The Secure Hash Algorithm has a 256-bit hash value.
-
SHA384:
-
The Secure Hash Algorithm has a 384-bit hash value.
-
SHA512:
-
The Secure Hash Algorithm has a 512-bit hash value.
-
RIPEMD160:
-
The RACE Integrity Primitives Evaluation Message Digest has
a 160-bit message digest algorithm.
Note:
This
data item is applicable only if the digital credential signing contains
RSA public/private keys. If the digital credential contains DSA
public/private key, the digest algorithm is always SHA1.
filter
Deprecated,
use filterEX
filterEX
A
PDFFilterType
value
that represents a signature handler that is used to sign the signature
field. The only valid value is
Adobe_PPKLite
.
flags
An
int
value
that represents the flag associated with the seed value. These values
are valid:
-
1 (Filter):
-
The signature handler used to sign the signature field.
-
2 (SubFilter):
-
An array of names indicating acceptable encodings to use
when signing.
-
3 (V):
-
The minimum required version number of the signature handler
used to sign the signature field.
-
4 (Reasons):
-
An array of strings specifying possible reasons for signing
a document.
-
5 (PDFLegalWarnings):
-
An array of strings specifying possible legal attestations.
-
6 (AddRevInfo):
-
Revision information.
-
7 (DigestMethod):
-
A name identifying the algorithm used when computing the
digest.
The default value of
0
means that
the associated entry is an optional constraint.
legalAttestations
A
string
value
that represents a legal attestation associated with the seed value.
mdpValue
An
MDPPermissions
value
that specifies the changes that can be done on a PDF document without
invalidating the signature after the legal attestations are provided.
These
string values are valid:
-
NonAuthorSignature:
-
The signature is an ordinary signature.
-
NoChanges:
-
No changes to the document are allowed. Any change invalidates the
signature.
-
FormChanges:
-
Permitted changes include filling in form, instantiating
page templates, and signing the form.
-
AnnotationFormChanges:
-
In addition to FormChanges, other permitted changes include
annotation creation, deletion, and modification.
reasons
A
string
value
that specifies the reason for signing the PDF document.
subFilter
Deprecated,
use subFilterEx.
subFilterEx
A
PDFSubFilterType
value
that represents an encoding to use when signing the PDF form. These
string values are valid:
-
adbe_pkcs7_detached:
-
No data is encapsulated in the PKCS#7-signed data field.
-
adbe_pkcs7_sha1:
-
The adbe.pkcs7.sha1 digest of the byte range is encapsulated
in the PKCS#7-signed data field.
-
adbe_x509_rsa_sha1:
-
The adbe.x509.rsa.sha1 digest uses the RSA encryption algorithm
and SHA-1 digest method.
timeStampSeed
A
PDFTimeStampSeed
value
that represents the timestamp associated with this seed value dictionary.
It contains two values:
-
url:
-
A
string
value
that represents the URL of the timestamp server used. If the URL
is
null
and a timestamp is required, the URL is
obtained from the certificate that is used to sign the PDF document.
-
requiresTimeStamp:
-
A
boolean
value
that specifies whether the timestamp is required while signing a
PDF document.
version
A
double
value
that specifies the minimum PDF version required to sign the signature
field. The valid values are PDF 1.5 and PDF 1.7.
Datatype specific settings
Properties for the document signature.
For the properties that are formatted as an editable list, use
the following buttons to manage the list:
-
Add
A List Entry:
-
Adds an entry to the list. Depending on the option, type the
information, select an item from a drop-down list, or select a file
from a network location or computer. When you select a file from
a location on your computer, during run time, the file must exist
in the same location on the LiveCycle server.
-
Delete
Selected List Entry:
-
Removes an entry from the list.
-
Move Selected List Entry Up
One Row:
-
Moves the selected entry up in the list.
-
Move Selected List Entry Down
One Row:
-
Moves the selected entry down in the list.
Some properties
have the Required option beside them. Selecting this option means
that the property is a required constraint and without it, the signing
fails.
Signature Handler Options
Options for specifying the filters and subfilters used
for validating a signature field. The signature field is embedded
in a PDF document and the seed value dictionary is associated with
a signature field.
Signature Handler
A list of handlers to use for the digital signatures.
Adobe.PPKLite is a string valid value that can be selected to represent
the creation and validation of Adobe-specific signatures. You can
use other signature handlers by typing values, such as
Entrust.PPEF
,
CIC.SignIt
,
and
VeriSign.PPKVS
. For information about supported
signature handlers, see
PDF Reference
. No default value is selected.
-
Adobe.PPKLite:
-
The recommended handler for signing PDF documents.
-
Required:
-
Select to specify that the signature handler is used for
the seed value. It is not selected by default.
Signature SubFilter
The supported subfilter names, which describes
the encoding of the signature value and key information. Signature
handlers must support the listed subfilters; otherwise, the signing
fails. These string values are valid for public-key cryptographic
(See
PDF Reference
.), which you must type:
-
adbe.x509.rsa_sha1:
-
The key contains a DER-encoded PKCS#1 binary data object.
The binary objects represent the signature obtained as the RSA encryption
of the byte range SHA-1 digest with the private key of the signer.
Use this value when signing PDF documents using PKCS#1 signatures.
-
adbe.pkcs7.detached:
-
The key is a DER-encoded PKCS#7 binary data object containing
the signature. No data is encapsulated in the PKCS#7-signed data field.
-
adbe.pkcs7.sha1:
-
The key is a DER-encoded PKCS#7 binary object representing
the signature value. The SHA-1 digest of the byte range digest is
encapsulated in the PKCS#7 signed data.
-
Required:
-
Select to specify that signature subfilters are used for
the seed value. It is not selected by default.
Digest Methods
The list of acceptable hashing algorithms to use.
No default hashing algorithm is provided. Add an item to the list
and select an encryption algorithm. Select one of these values:
-
SHA1:
-
The Secure Hash Algorithm that has a 160-bit hash value.
-
SHA256:
-
The Secure Hash Algorithm that has a 256-bit hash value.
-
SHA384:
-
The Secure Hash Algorithm that has a 384 bit-hash value.
-
SHA512:
-
The Secure Hash Algorithm that has a 512 bit-hash value.
-
RIPEMD160:
-
The RACE Integrity Primitives Evaluation Message Digest that
has a 160-bit message digest algorithm and is not FIPS-compliant.
-
Required:
-
Select to specify that the signature encryption algorithms
are used for the seed value. It is not selected by default.
Minimum Signature Compatibility Level
The minimum PDF version
to use to sign the signature field. No default value is selected.
Select one of these values:
-
PDF 1.5:
-
Use PDF Version 1.5.
-
PDF 1.7:
-
Use PDF Version 1.7.
-
Required:
-
Select to specify the minimum signature compatibility level
is used for the seed value. It is not selected by default.
Signature Information
A group of options for specifying the reasons, timestamp,
and details of the digital signature.
Include Revocation Information In Signature
Select to specify
that revocation information must be embedded as part of the signature
for long-term validation support. When you deselect this option,
the revocation information is not embedded as part of the signature.
By default, this option is deselected.
-
Required:
-
Select to specify that revocation checking is required for
the seed value. It is not selected by default.
Signing Reasons
The list of reasons that are associated with the
seed value dictionary used for signing the PDF document. Add an
item to the list and type a reason.
-
Required:
-
Select to specify that the associated reasons are included
for the seed value. It is not selected by default.
TimeStamp Server URL
The URL that specifies the location of the
timestamp server to use when signing a PDF document.
-
Required:
-
Select to specify that the timestamp server is required for
the seed value. It is not selected by default.
Signing/Enrollment Server URL
The location of the server that provides a
web service. The web service digitally signs a PDF document or enrolls
for new credentials.
-
Required:
-
Select to specify that the signing or enrollment server is
used for the seed value. It is not selected by default.
Server Type
The type of server to use for the value specified
for the Signing/Enrollment Server URL option. The default value
is Browser. Select one of these values:
-
Browser:
-
The URL references content that is displayed in a web browser
to allow enrolling for a new credential if a matching credential
is not found.
-
ASSP:
-
The URL references a signature web service. The web service
is used to digitally sign the PDF document on a server. The server
is specified in the Signing/Enrollment Server URL option in this
operation.
-
Required:
-
Select to use the web service to sign the PDF document. It
is not selected by default.
Signature Type
The changes that are permitted after the signature is added
and legal attestations are provided.
Type of Signature
The list representing the type of signatures
that can be applied to the signature field. The default value is
Any. Select one of these values.
-
Any:
-
Any type of signature can be applied when filling in forms,
instantiating page templates, or creating, deleting, and modifying
annotations.
-
Recipient Signature:
-
Constrains the signer to apply a Four Corner security model
on the signature field.
-
Certification Signature:
-
Constrains the signer to apply a certification signature on
the signature field with specified permissions. The specified permissions
are configured in the Field MDP Options Spec property for this operation.
No default value is selected. Select one of these values:
-
No changes allowed
: The end user is not permitted
to change the form. Any change invalidates the signature.
-
Form fill-in and digital signatures
: The end user
is permitted to fill in the form, instantiate page templates, and
sign the form.
-
Annotations, form fill-in, and digital signatures
:
The end user is permitted to fill in the form, instantiate page
templates, sign the form, and create annotations, deletions, and
modifications.
Legal Attestations
The list of legal attestations associated
with the seed value. Legal attestation constraints affect only a
certification signature. Add a legal attestation to the list by
typing it. No default legal attestations are provided.
-
Required:
-
Select to specify that legal attestations are used for the
seed value. It is not selected by default.
Signing Certificates
The list of certificates, keys, issuers, and policies used
for a digital signature. Add certificates, keys, issuers, and policies
to the list using the Open dialog box.
Signing Certificates
A list of certificates used for certifying
and verifying a signature.
-
Required:
-
Select to specify that signing certificates are used for
the seed value. It is not selected by default.
Subject Distinguished Name
The list of dictionaries, where each
dictionary contains key value pairs that specify the subject distinguished
name (DN). The DN must be present within the certificate for it
to be acceptable for signing. Add DNs to the list by using the Add Subject
DN dialog box. (See
Add Subject DN
.)
-
Required:
-
Select to specify that subject distinguished names are used
for the seed value. It is not selected by default.
KeyUsage
The
list of key usage extensions that must be present for signing a
certificate. Add an entry to the list and select the key usage.
The default for both the DigitalSignature field and Non-Repudiation
field is Don’t Care:
-
Don’t Care:
-
The key usage extension is optional.
-
Require Key Usage:
-
The key usage extension must be present.
-
Exclude Key Usage:
-
The key usage extension must not be present.
-
Required:
-
Select to specify that key usage extensions are used for
the seed value. It is not selected by default.
Additional
key usage entries are available in the
PDF Reference
.
Issuers and Policies
The list of certificate issuers, policies, and associated
object identifiers.
Certificate Issuers
The list of certificate issuers. Add certificate
issuers to the list using the Open dialog box.
-
Required:
-
Select to specify that certificate issuers are used for the
seed value. It is not selected by default.
Certificate Policies and Associated Object Identifiers
The list certificate
policies associated with the certificate seed value. Add certificate
policies to the list by typing it.
-
Required:
-
Select to specify that certificate policies and associated
identifies are used for the seed value. It is not selected by default.
|
|
|