DynaPDF Manual - Page 63
Previous Page 62 Index Next Page 64
Digital Signatures
Page 63 of 839
Digital Signatures
A digital signature (PDF 1.3) can be used to authenticate the identity of a user and the
document’s contents. It stores information about the signer and the state of the document when
it was signed. Once a PDF file was digitally signed it is impossible to change the file without
invalidating the signature. Because of this, it is always possible to check whether a document
has been changed or not.
Depending on the Acrobat version certain signature handlers are supported by Adobe's
Acrobat. DynaPDF supports the PPKLite security handler which is supported since Acrobat 4.0.
Supported Certificate Formats
DynaPDF supports internal and external signature handlers. When using the internal signature
handler of DynaPDF then you need a PKCS#12 certificate file. Certificates are available in
different file formats and different encryption key lengths. DynaPDF supports certificates in the
file format PKCS#12 with up to 4096 bits encrypted private/public key pairs on Windows.
On non-Windows operating systems the cross-platform signature library AiCrypto is used to
sign PDF files. This signature handler supports 1024 bit RSA encrypted private keys only (the
AiCrypto library supports almost all available key lengths but it creates indefined length
encoded ASN1 objkects for strong encryption key lengths wheras Adobe's Acrobat supports
defined length encoded ASN1 objects only).
The internal signature handler is mainly used with self-sign certificates but it is possible to sign
a PDF file with any certificate that is installed on the system's certificate store, including
hardware certificates.
External Signatures
In order to support software and hardware certificates with almost arbitrary encrpytion key
lengths it is possible to sign a PDF file with an external signature handler. This makes it possible
to select a certificate from the sytem's certificate store and to use system functions, for example,
to sign a PDF file.
The function CloseAndSignFileExt() can be used to create detached and non-detached
signatures. In case of a non-detached signature CloseAndSignFileExt() returns the SHA1 hash of
the PDF file and the external signature handler signs this hash and creates a PKCS#7 signature
object that must finally be written to the PDF file with FinishSignature().
A detached signature works almost identically with the exception that the signature handler
creates also the hash from the PDF buffer to be signed. This variant is not recommended for
programming languages which support no pointers like C# or VB .Net, for example, because an
additional copy of the PDF buffer must usually be created and this doubles the memory usage
Previous topic: Actions