DynaPDF Manual - Page 63

Previous Page 62   Index   Next Page 64

Digital Signatures

Page 63 of 839

Digital Signatures

A digital signature (PDF 1.3) can be used to authenticate the identity of a user and the

document’s contents. It stores information about the signer and the state of the document when

it was signed. Once a PDF file was digitally signed it is impossible to change the file without

invalidating the signature. Because of this, it is always possible to check whether a document

has been changed or not.

Depending on the Acrobat version certain signature handlers are supported by Adobe's

Acrobat. DynaPDF supports the PPKLite security handler which is supported since Acrobat 4.0.

Supported Certificate Formats

DynaPDF supports internal and external signature handlers. When using the internal signature

handler of DynaPDF then you need a PKCS#12 certificate file. Certificates are available in

different file formats and different encryption key lengths. DynaPDF supports certificates in the

file format PKCS#12 with up to 4096 bits encrypted private/public key pairs on Windows.

On non-Windows operating systems the cross-platform signature library AiCrypto is used to

sign PDF files. This signature handler supports 1024 bit RSA encrypted private keys only (the

AiCrypto library supports almost all available key lengths but it creates indefined length

encoded ASN1 objkects for strong encryption key lengths wheras Adobe's Acrobat supports

defined length encoded ASN1 objects only).

The internal signature handler is mainly used with self-sign certificates but it is possible to sign

a PDF file with any certificate that is installed on the system's certificate store, including

hardware certificates.

External Signatures

In order to support software and hardware certificates with almost arbitrary encrpytion key

lengths it is possible to sign a PDF file with an external signature handler. This makes it possible

to select a certificate from the sytem's certificate store and to use system functions, for example,

to sign a PDF file.

The function CloseAndSignFileExt() can be used to create detached and non-detached

signatures. In case of a non-detached signature CloseAndSignFileExt() returns the SHA1 hash of

the PDF file and the external signature handler signs this hash and creates a PKCS#7 signature

object that must finally be written to the PDF file with FinishSignature().

A detached signature works almost identically with the exception that the signature handler

creates also the hash from the PDF buffer to be signed. This variant is not recommended for

programming languages which support no pointers like C# or VB .Net, for example, because an

additional copy of the PDF buffer must usually be created and this doubles the memory usage

Previous topic: Actions

Next topic: How to export a Windows Certificate?, Importing signed PDF files, How to sign a PDF file?, How to create a signature field?