/n software Adapters for BizTalk
/n software Adapters for BizTalk
Questions / Feedback?

PDF Pipeline Component

Properties   Configuration Settings  

The PDF pipeline component adds signature and encryption security to PDF processing.

Remarks

The PDF pipeline component may be used to add security features to your PDF generation and processing applications. Supported functions include password-based and certificate-based encryption, certificate-based signing, timestamping, and compression.

Using the PDF Encoder Pipeline Component

Encryption Notes

If EncryptData is set to True the PDF will be encrypted. The following properties are applicable when encrypting:

When EncryptData is set to True the adapter uses the certificate set in the EncryptionCert properties or the password set in the Password property to encrypt the document. EncryptionType determines whether to use public key encryption (default) or password encryption. For more details on the use of certificates, please see the Notes on Using Certificates section below.

The EncryptionAlgorithm property specifies the algorithm to use when encrypting. The default is 0 (RC4).

Signing Notes

If SignData is set to True the PDF will be signed. The following properties are applicable when signing:

When SignData is set to True the adapter uses the certificate set in the SigningCertificate properties to sign the document. SignatureType determines whether to create a standard document signature (default) or a certification (MDP) signature.

If TimestampServer is set to a valid Timestamp server URL the adapter will attempt to timestamp the signature.

Signature Widget Notes

Information about the signature is displayed in a signature widget within the PDF document. The widget itself may be customized in a variety of ways including the type and values of information displayed, as well as its location within the document. The following properties control the most common signature widget values.

Additional configuration options are available to further customize the signature widget. These may be set via the Other property. See the Configuration section of the documentation for details.

Using the PDF Decoder Pipeline Component

The PDF Decoder provides PDF decryption and signature verification functionality.

Decryption Notes

By default, the pipeline will automatically attempt to decrypt encrypted PDF documents. The following properties are applicable when decrypting:

RequireEncryption governs whether an error should be thrown if the PDF is not encrypted. RequirePublicKeyEncryption will throw an error if the document is encrypted with a password or is not encrypted at all. RequireNonEmptyPass will throw an error if the document is encrypted with a public key or not at all. The usage of the remaining properties depends on whether the PDF was encrypted with a certificate/public key, or with a password/string.

Decryption with Certificates

The adapter will use the certificate specified in DecryptionCert to decrypt encrypted PDF documents. For more details on the use of certificates, please see the Notes on Using Certificates section below.

Decryption by Password

Password must be set to the password used to encrypt the PDF.

Signature Verification Notes

The pipeline can also verify signed or certified PDF documents. The following properties are applicable when verifying:

SignerCert must be set to the certificate(s) with the public key that is paired with the private key used to sign the document. To load a PKCS11 certificate, SignerCertPKCS11Params should be set instead.

RequireSignature governs whether an error should be thrown if the PDF is not signed. RequireAllSignatures, if set to True, will throw an error if any of the certificates specified in SignerCert were not used to sign the PDF. Set RequireTimestamp to True if the signature must be accompanied by a timestamp.

If ExtractLastSignedVersion is set to True, the pipeline will throw away any elements of the PDF document that were not signed during the most recent signature.

Notes on Using Certificates

Cert Properties

The following properties can be used to load a single certificate via a certificate browser:

The certificate browser can load certificates from system stores or from a file on disk.

Alternate Certificates and Using Multiple Certificates

Certificates can also be loaded via the following set of configuration options:

These settings mirror the syntax from previous versions of the PDF components, BizCrypto, so users familiar with this syntax may prefer this approach over the certificate browser. If the certificate is stored directly as string/byte data rather than in a file or a system store, these settings must be used to load the certificate.

Additionally, these settings should be used if more than one certificate needs to be loaded to perform a single operation.

For example, if multiple certificates should be used to sign a PDF, only one of these can be specified as the SigningCert. The remaining certificates should be loaded using the AltCert* options listed above.

PKCS11 Certificates

Certificates in PKCS11 format (hardware tokens) should be loaded via the following properties:

PCKS11 Certificates are specified via the following list of parameters, in name=value syntax:

dllpathPath to PKCS11 driver DLL (required)Example:
DllPath="C:\Program Files\Token\cp11.dll"
slotSlot number. If not specified, the first slot with the inserted token is considered.Example:
Slot="5"
pinToken PIN.Example:
Pin="12345"
issuerSpecifies a subset of fields of the certificate issuer in DN (distinguished name) format.Example:
issuer="/CN=John Johnson/O=Big Company, Inc/E=Johnson@b.com"
subjectSpecifies a subset of fields of the certificate subject in DN (distinguished name) format.Example:
subject="/CN=John Johnson/O=Big Company, Inc/E=Johnson@b.com"
serialCertificate serial number in base16 format.Example:
serial="00FFA0"
fingerprintSHA1 fingerprint of the certificate in base16 format.Example:
fingerprint="00112233445566778899AABBCCDDEEFF00112233"
keyidThe value of the subject key identifier extension of the certificate in base16 format.Example:
keyid="112233445566"

Encoder Property List


The following is the full list of the properties of the encoder pipeline component with short descriptions. Click on the links for further details.

AlgorithmCaptionThe displayed caption describing the algorithm in the signature widget.
AuthorNameThe name of the author.
BackgroundSpecifies the full path to an image file used for the signature widget background.
BackgroundStyleThis property specifies the style of signature widget background.
ContactInfoContact information for the signer.
EncryptDataWhether to encrypt the PDF.
EncryptionAlgorithmThe encryption algorithm.
EncryptionCertThe Certificate that will be used to encrypt the PDF.
EncryptionCertPKCS11ParamsThe PKCS11 Certificate(s) that will be used to encrypt the PDF.
EncryptionTypeThe type of encryption to perform.
InvisibleSpecifies whether the signature widget is visible.
LocationThe physical location or machine name where the document was signed.
OtherDefines a set of configuration settings to be used by the pipeline component.
PageThe page number on which the signature widget is displayed.
PasswordSpecifies the password used to encrypt the document.
ReasonSpecifies a string stating the reason for the signature.
ShowOnAllPagesWhether to show the signature widget on all pages of the document.
SignatureHashAlgorithmSpecifies the signature hash algorithm.
SignatureTypeWhether to sign or certify the PDF.
SignDataWhether to sign the PDF.
SignerCaptionSpecifies the caption displayed before the signer information.
SignExistingFieldsWhether to sign existing fields.
SigningCertThe certificate that will be used to sign or certify the PDF.
SigningCertPKCS11ParamsThe PKCS11 certificate that will be used to sign or certify the PDF.
TempPathA temporary directory where data can be stored before the adapter processes it.
TimestampServerThe URL of the timestamp server.
TransportLogTells the adapter where and how to report information about its operations.
TrustedCertSpecifies a Certificate that can be used to validate the trust of other certificates.
TrustedCertPKCS11ParamsSpecifies a PKCS11 Certificate that can be used to validate the trust of other certificates.

Decoder Property List


The following is the full list of the properties of the decoder pipeline component with short descriptions. Click on the links for further details.

DecryptionCertThe Certificate that will be used to decrypt the PDF.
DecryptionCertPKCS11ParamsThe PKCS11 Certificate that will be used to decrypt the PDF.
ExtractLastSignedVersionSpecifies whether to extract only the signed elements of the document, from the most recent signature.
KnownCertSpecifies an intermediary certificate in a trusted certificate chain.
KnownCertPKCS11ParamsSpecifies an intermediary PKCS11 certificate in a crusted certificate chain.
OtherDefines a set of configuration settings to be used by the pipeline component.
PasswordSpecifies the password used to encrypt the document.
RequireAllSignaturesSpecifies whether to throw an error if not all SignerCerts were used to sign the PDF.
RequireCertificationSpecifies whether an error should be thrown if the PDF document is not certified.
RequireEncryptionSpecifies whether an error should be thrown if the PDF document is not encrypted.
RequireNonEmptyPassSpecifies whether an error should be thrown if the PDF was encrypted with an empty password.
RequirePublicKeyEncryptionSpecifies whether an error should be thrown if the PDF document was not encrypted using a Public Key.
RequireSignatureSpecifies whether to throw an error if the received PDF was not signed.
RequireTimestampSpecifies whether a signature must have an associated timestamp to be successfully verified.
SignerCertThe Certificate that was used to sign or certify the PDF.
SignerCertPKCS11ParamsThe PKCS11 Certificate that was used to sign or certify the PDF.
TempPathA temporary directory where data can be stored before the adapter processes it.
TransportLogTells the adapter where and how to report information about its operations.
TrustAllCertificatesSpecifies whether Certificate validation should automatically succeed.
TrustedCertSpecifies a Certificate that can be used to validate the trust of other certificates.
TrustedCertPKCS11ParamsSpecifies a PKCS11 Certificate that can be used to validate the trust of other certificates.

Configuration Settings


The following is a list of configuration settings for the pipeline component with short descriptions. Click on the links for further details.

AltCertType[index]Specifies how an alternate Certificate should be used.
AltCertSource[index]Specifies the format from which an alternate Certificate should be loaded.
AltCertStore[index]Specifies the store from which to load an alternate Certificate.
AltCertPassword[index]Specifies the password for an alternate Certificate.
AlgorithmInfoThe displayed algorithm info in the signature widget.
AllowCommentsWhether the recipient may add comments.
AllowFillInFormsWhether the recipient may fill in forms.
AutoFontSizeWhether to automatically size the font in the signature widget.
AutoPosWhether to automatically position the signature widget.
AutoSizeWhether to automatically size the signature widget.
AutoStretchBackgroundWhether the background of the signature widget is automatically stretched.
AutoTextWhether to automatically determine the text to be included in the signature widget.
BackgroundHeightThe height of the background image.
BackgroundWidthThe width of the background image.
CustomHandlerNameSpecifies a custom security handler used for signing and encryption.
DetachedWhether the signature is detached.
EncryptMetadataSpecifies whether the document metadata is encrypted.
FIPSModeDetermines whether to operate in FIPS mode.
HeaderThe header displayed on the signature widget.
HeightSets the height of the signature widget.
IgnoreExistingAppearanceDetermines if appearance settings of existing empty signature fields are ignored.
IgnoreTimestampFailureWhether it ignore timestamp failures during signing.
LiberalModeSpecifies the validation mode of MDP signatures.
LockedWhether the signature widget is locked in place.
NoRotateWhether the signature widget rotation is disabled when the document rotates.
NoViewWhether the signature widget is displayed when the document is viewed.
NoZoomWhether the signature widget is resized when the document is zoomed.
OffsetXThe offset of the signature widget from the left.
OffsetYThe offset of the signature widget from the bottom.
PrintWhether the signature widget will appear in printed copies.
PublicKeySignatureTypeThe public key signature type.
ReadOnlyWhether the signature widget is interactive or read-only.
RotateSpecifies the rotation of the signature widget in degrees.
SaveStringsInUnicodeEncodingWhether strings are saved in Unicode.
SectionTextFontSizeThe font size of the section text.
SectionTitleFontSizeThe font size of the section title.
ShowTimestampWhether the timestamp is displayed on the signature widget.
SigFieldNameThe name of the signature field to sign.
SignerInfoInformation to be displayed about the signer.
StretchXSpecifies the horizontal stretch of the signature widget background picture.
StretchYSpecifies the vertical stretch of the signature widget background picture.
TimestampFontSizeThe font size of the timestamp.
TitleFontSizeThe font size of the title.
ToggleNoViewSpecifies whether the signature is visible on hover.
UseHexEncodingWhether to hex encode strings used in the signature widget.
WidthSets the width of the signature widget.
PipelineOptionsOptions defining the validation and protection functionality of the pipeline component.

 
 
Copyright (c) 2018 /n software inc. - All rights reserved.
/n software Adapters for BizTalk - Version 16.0 [Build 6659]