DynaPDF Manual - Page 81

Previous Page 80   Index   Next Page 82

Digital Signatures

Page 81 of 874

How to sign a PDF file more than one time?

Multiple signatures require an incremental update of a PDF file. To achieve this, the flag

if2IncrementalUpd must be set before opening the file (see SetImportFlags2() for further

information), and the file must be imported with ImportPDFFile(). After that, a visible or

invisible signature can be added. Note that other changes might invalidate existing signatures.

To determine how multiple signatures can be added have a look at the example

multiple_signatures.

How to create a signature field?

As mentioned above, the function CloseAndSignFile() or CloseAndSignFileEx(), for example,

create an invisible signature field on the first page if no signature field was already created or

imported beforehand. If the signature field should be visible, just create one with the function

CreateSigField() on the page where the field should appear. If multiple signature fields exist,

DynaPDF uses the last signature field to sign the PDF file. Another field can be selected with

SetActiveSigField() before signing the file.

How to modify the appearance of a signature field?

The appearance of a signature field can be fully user defined. The function CreateSigFieldAP()

can be used to create a user defined signature appearance template. You can draw anything you

want into this template such as images, vector graphics, text, and it is also possible to import a

PDF page into or to draw an EMF file into the template.

What is stored in a signature field?

When signing a PDF file a signature handler, whether internal or external, creates a PKCS#7

signature object that contains the file’s signature, optionally a time stamp, and a PKCS#1

certificate that was extracted from the PKCS#12 certificate. The difference between PKCS#1 and

PKCS#12 is that a PKCS#1 certificate contains no private key.

A viewer application validates the signature by using the public key that is stored in the

PKCS#1 certificate object. Because the private key is not stored in the PDF file it is impossible to

sign other PDF files with the certificate that can be extracted from the PDF file.

Adobe's Acrobat supports defined length encoded ASN1 objects only for encryption key lengths

stronger than 1024 bits.

How to validate a signature?

Acrobat validates signatures from unknown certificates not automatically. The certificate must

first be added to the list of trusted identities. Once a certificate was added to the list of trusted

identities, signatures of other documents which use the same certificate will be automatically

validated.

Previous topic: How to export a Windows Certificate?, Importing signed PDF files, How to sign a PDF file?

Next topic: Incremental Updates, What is allowed and what is prohibited?