Xojo Conferences
MBSOct2019CologneDE

DynaPDF Manual - Page 56

Previous Page 55   Index   Next Page 57

Digital Signatures
Page 56 of 766
and requires additional processing time. However, detached signatures enable the usage of
other hash algorithms than SHA1.
How to export a Windows Certificate?
To export a Windows certificate proceed as follows (description for Windows XP or higher):
open the control panel and double click on the icon "Internet Options". Click on the tab
"Contents" and then on the button "Certificates…". Select a certificate from the list and click on
the button "Export…". The option "Export private key" must be selected (this option is not
available if a certificate contains no private key). The private key is required; certificates without
a private key cannot be used to sign PDF files. On the next dialog you must enter a password to
encrypt the private key; this password must later be passed to the function CloseAndSignFile()
or CloseAndSignFileEx() if the file should also be encrypted. Enter now the file name and path
of the certificate file, finished! The result is a certificate file with the extension *.pfx, this file can
now be used to digitally sign PDF files.
Importing signed PDF files
Signed PDF files can only be changed, without invalidating an existing signature, when changes
are stored with an incremental update. An incremental update is a special way to modify a PDF
file; changes are appended to the end of the file, leaving its original contents intact. This
technique is required since altering any existing bytes in the file invalidates existing signatures.
However, incremental updates are not supported by DynaPDF that is the reason why only
empty signature fields can be imported. Because DynaPDF creates always a completely new
PDF file, it makes no sense to import existing signatures, they would always become invalid.
How to sign a PDF file?
Signing a PDF file with the internal signature handler of DynaPDF is quite easy; all you need is
a PKCS#12 certificate file. Instead of calling the function CloseFile() or CloseFileEx() after the
document was created, call either CloseAndSignFile() or CloseAndSignFileEx() if the file should
also be encrypted, finished! A digital signature is always stored in a signature field. If no
signature field was created beforehand, DynaPDF creates an invisible signature field on the first
page and stores the signature in this field.
If the PDF file should be signed with an external signature handler call CloseAndSignFileExt(),
sign the provided hash or byte ranges, and finally finish the signature with FinishSignature() to
insert the signed PKCS#7 object into the PDF file.
How to create a signature field?
As mentioned above, the function CloseAndSignFile() or CloseAndSignFileEx() creates an
invisible signature field on the first page if no signature field was already created or imported
beforehand. If the signature field should be visible, just create one with the function
 

Previous topic: External Signatures

Next topic: How to validate a signature?