Xojo Conferences

DynaPDF Manual - Page 53

Previous Page 52   Index   Next Page 54

Digital Signatures
Page 53 of 750
Digital Signatures
A digital signature (PDF 1.3) can be used to authenticate the identity of a user and the
document’s contents. It stores information about the signer and the state of the document when
it was signed. Once a PDF file was digitally signed it is impossible to change the file without
invalidating the signature. Because of this, it is always possible to check whether a document
has been changed or not.
Depending on the Acrobat version certain signature handlers are supported by Adobe's
Acrobat. DynaPDF supports the PPKLite security handler which is supported since Acrobat 4.0.
Supported Certificate Formats
DynaPDF supports internal and external signatures. When using the internal signature handler
of DynaPDF then you need a PKCS#12 certificate file. Certificates are available in different file
formats and different encryption key lengths; DynaPDF supports certificates in the file format
PKCS#12 with 1024 bit RSA encrypted private/public key pairs. This format is widely used and
the default format under Windows. A PKCS#12 certificate contains the public and private key
which is required to sign a PDF file. Acrobat 6 and higher versions support encryption key
lengths from 1024 bits up to 4096 bits. However, the internal signature handler of DynaPDF
supports 1024 bit RSA encrypted private keys only. Note that the private key is only required to
sign a document; it is of course NOT stored in the PDF file.
When using an extrnal signature handler like the Windows CryptAPI, PKCS#12 certificate files
are no longer required but can of course still be used. It is possible to sign the PDF file with any
certificate that is installed in systems certificate store, including hardware certificates. See
External Signatures below.
External Signatures
DynaPDF provides also functions to digitally sign a PDF file with an external signature handler
or cryptographic library, e.g. with the Windows CryptAPI. This is enables the usage of arbitrary
certificates of the systems certificate store. This makes it also possible to sign the PDF file with a
hardware certificate such as a smart card, USB stick, or something similar. See
CloseAndSignFileExt() for further information.
How to export a Windows Certificate?
To export a Windows certificate proceed as follows (description for Windows 2000): open the
control panel and double click on the icon "Internet Options". Click on the tab "Contents" and
then on the button "Certificates…". Select a certificate from the list and click on the button
"Export…". The option "Export private key" must be selected (this option is not available if a
certificate contains no private key). The private key is required; certificates without a private
key cannot be used to sign PDF files. On the next dialog you must enter a password to encrypt

Previous topic: Fields with identical names

Next topic: How to modify the appearance of a signature field?