DynaPDF Manual - Page 227

Previous Page 226   Index   Next Page 228

Function Reference
Page 227 of 860
The function closes the PDF file and returns either the file hash or the byte ranges to be signed by an
external signature handler. The member StructSize must be initialized to sizeof(TPDFSigParms)
(C/C++ only).
Most string values can be set either with an Ansi or Unicode string. If both strings are present the
Ansi version takes precedence. The string Signer is normally taken from the PKCS#7 certificate and
not displayed in PDF viewer applications. The string is only used if the issuer of the certificate
cannot be extracted.
If Encrypt is set to true the PDF file will also be encrypted.
Signing a PDF file with an external signature handler is a five step process:
1. Open a certificate from the certificate store or file.
2. Compute the size of the signed PKCS#7 object with a dummy string.
3. Call CloseAndSignFileExt() to obtain the file hash or the byte ranges to be signed.
4. Sign the provided hash or byte ranges with a cryptographic library.
5. Call FinishSignature() to write the signature to the PDF file and to finish the signing process.
As described above the size of the PKCS#7 object must be computed before the function can be
called. How this must be done depends on the used signature handler. When using the Windows
CryptAPI, pass a 20 bytes long dummy string to CryptSignMessage() and set the parameter
pbSignedBlob to NULL. The size of the PKCS#7 object is then copied to the parameter pcbSignedBlob.
When creating a detached signature the length of the dummy string can be just one byte long
because the length of the PKCS#7 object does not depend on the string length.
The member HashType specifies whether the function should return the SHA1 hash or the byte
ranges of the PDF file. In the latter case the signature handler must create a detached signature.
However, when using programming languages like Visual Basic, VB. Net, or C# it is recommended
to sign a SHA1 hash because it is not required to copy the PDF buffer in this case.
The hash algorithm that is used to sign the hash or byte ranges can be MD2, MD5, SHA1, SHA256,
SHA384, SHA512, or RIPEMD160. MD2 and MD5 are not documented in the PDF Reference but
work very well too.
Detached signatures require no data to be encapsulated in the PKCS#7 SignedData field. When
signing a SHA1 hash the signature handler must store the hash in the SignedData field of the
PKCS#7 object.
Signing with a PCCERT_CONTEXT handle
On Windows it is possible to load a certificate from a certificate store and to set this handle to the
member Certificate. If this handle is set, the function signs the PDF file and closes it afterwards.
FinishSignature() must not be called in this case.
Certificate must be of type PCCERT_CONTEXT. Such a handle is returned by various functions like
CertFindCertificateInStore(), for example.
 

Previous topic: CloseAndSignFileExt

Next topic: Supported PKCS#7 Format, Hardware Certificates