DynaPDF Manual - Page 214

Previous Page 213   Index   Next Page 215

Function Reference
Page 214 of 839
struct TPDFSigParms
{
UI32
StructSize;
// Must be set to sizeof(TSignParms)
UI32
PKCS7ObjLen;
// Max length of the signed PKCS#7 object
THashType
HashType;
// See description
const BYTE*
Range1;
// Out -> Hash or byte range
UI32
Range1Len;
// Out -> Length of the buffer
const BYTE*
Range2;
// Out -> Set only if HashType = htDetached
UI32
Range2Len;
// Out -> Length of the buffer
const char*
ContactInfoA; // Optional, e.g. an email address
const UI16*
ContactInfoW; // Optional, e.g. an email address
const char*
LocationA;
// Optional location of the signer
const UI16*
LocationW;
// Optional location of the signer
const char*
ReasonA;
// Optional reason why the file was signed
const UI16*
ReasonW;
// Optional reason why the file was signed
const char*
SignerA;
// Optional, see comment
const UI16*
SignerW;
// Optional, see comment
LBOOL
Encrypt;
// If true, the file will be encrypted
// These members will be ignored if Encrypt is set to false
const char* OpenPwd;
// Optional open password
const char* OwnerPwd;
// Optional owner password
TKeyLen
KeyLen;
// Key length to encrypt the file
TRestrictions Restrict;
// What should be restricted?
};
The function closes the PDF file and returns either the file hash or the byte ranges to be signed by an
external signature handler. The member StructSize must be initialized to sizeof(TPDFSigParms)
(C/C++ only).
Most string values can be set either with an Ansi or Unicode string. If both strings are present the
Ansi version takes precedence. The string Signer is normally taken from the PKCS#7 certificate and
not displayed in PDF viewer applications. The string is only used if the issuer of the certificate
cannot be extracted.
If Encrypt is set to true the PDF file will also be encrypted.
Signing a PDF file with an external signature handler is a five step process:
1. Open a certificate from the certificate store or file
2. Compute the size of the signed PKCS#7 object with a dummy string
3. Call CloseAndSignFileExt() to obtain the file hash or the byte ranges to be signed
4. Sign the provided hash or byte ranges with a cryptographic library
5. Call FinishSignature() to write the signature to the PDF file and to finish the signing process.
As described above the size of the PKCS#7 object must be computed before the function can be
called. How this must be done depends on the used signature handler. When using the Windows
CryptAPI, pass a 20 bytes long dummy string to CryptSignMessage() and set the parameter
pbSignedBlob to NULL. The size of the PKCS#7 object is then copied to the parameter pcbSignedBlob.
When creating a detached signature the length of the dummy string can be just one byte long
because the length of the PKCS#7 object does not depend on the string length.
The member HashType specifies whether the function should return the SHA1 hash or the byte
ranges of the PDF file. In the latter case the signature handler must create a detached signature.
However, when using programming languages like Visual Basic, VB. Net, or C# it is recommended
to sign a SHA1 hash because it is not required to copy the PDF buffer in this case.
 

Previous topic: Possible function errors, CloseAndSignFileExt

Next topic: Supported PKCS#7 Format, Hardware Certificates