PDFSign Class

Properties Methods Events Config Settings Errors

The PDFSign class signs PDF documents.

Class Name

SecurePDF_PDFSign

Procedural Interface

 securepdf_pdfsign_open();
 securepdf_pdfsign_close($res);
 securepdf_pdfsign_register_callback($res, $id, $function);
 securepdf_pdfsign_get_last_error($res);
 securepdf_pdfsign_get_last_error_code($res);
 securepdf_pdfsign_set($res, $id, $index, $value);
 securepdf_pdfsign_get($res, $id, $index);
 securepdf_pdfsign_do_addattachment($res, $filename, $description);
 securepdf_pdfsign_do_addtimestamp($res);
 securepdf_pdfsign_do_close($res);
 securepdf_pdfsign_do_config($res, $configurationstring);
 securepdf_pdfsign_do_encrypted($res);
 securepdf_pdfsign_do_getpageproperty($res, $page, $pageproperty);
 securepdf_pdfsign_do_getwidgetproperty($res, $signatureindex, $widgetproperty);
 securepdf_pdfsign_do_interrupt($res);
 securepdf_pdfsign_do_open($res);
 securepdf_pdfsign_do_removeattachment($res, $index);
 securepdf_pdfsign_do_reset($res);
 securepdf_pdfsign_do_saveattachment($res, $index, $filename);
 securepdf_pdfsign_do_setwidgetproperty($res, $widgetproperty, $value);
 securepdf_pdfsign_do_sign($res);
 securepdf_pdfsign_do_signed($res);
 securepdf_pdfsign_do_update($res);

Remarks

The PDFSign class can sign PDF documents in accordance with a selection of PDF and PAdES signature standards, including basic Adobe signatures (ISO 32000) and PAdES signatures (ETSI EN 319 142-1).

Preparing the Signature

To configure PDFSign to produce the desired signature, first provide the input document as a file (InputFile), byte array (InputData), or stream (SetInputStream) and assign your signing certificate to the SigningCert property. Then indicate where to save the output document by setting OutputFile or calling SetOutputStream.

Optionally specify the Signature* properties and the TimestampServer property, and adjust any chain validation parameters as necessary (please see the Chain Validation Setup section for more details). Finally, call the Sign method.

PDFSign also provides means to customize the appearance of the signature widget to be shown on the document page. You can create your very own signatures (e.g., in the form of your company's logo) by adjusting the widget properties available in the SetWidgetProperty method. Alternatively, you can choose not to associate any widget with your signature by setting the Invisible widget property to true.

The Signing Process

Depending on the configuration, the signing process may be as straightforward as calculating the document hash and signing it with the private key, or it may involve the advanced chain validation routine. During the latter, the class may contact external revocation (i.e., CRL and OCSP endpoints) and trust sources to establish the validity of the signing certificate.

If an external TSA server was provided via the TimestampServer property, the class will also contact it to timestamp the new signature.

During signing, PDFSign may fire events to notify your code about certain conditions. For example, if the input document is encrypted but no decryption parameters were found in the Password or DecryptionCert properties, the class will fire either the Password or RecipientInfo event to tell your code that it needs decryption information to be able to continue with the signing. Additionally, the SSLServerAuthentication event will fire if one of the HTTP endpoints involved during the operation (which may be a TSA, CRL, OCSP, or Trusted List service) operates over TLS and needs its certificate to be validated.

Basic Adobe Signatures

A basic (also known as legacy) Adobe signature is an original Adobe Acrobat document signature. This is an outdated form of PDF signature - while PAdES is loosely built on it, this signature type does not support extended features and is not compliant with PAdES. Unless the recipient of your signed documents expects you to specifically use this kind of signature, it is unlikely that you will ever need it.

PAdES Signatures and Profiles

In PAdES, a given signature's profile describes the level of "completeness" of the validation material (i.e., certificates, CRLs, and OCSP responses) included in the signature. For example, signatures compliant with the PAdES B-B or PAdES B-T profiles do not require any validation material at all, whereas signatures compliant with the PAdES B-LTA profile must contain complete validation material.

PAdES B-B

The PAdES B-B profile is the baseline profile that uses the PAdES-BES signature level by default, meaning the signature only contains the signing time and signer information.

Use the following code to create a B-B signature: pdfsign.InputFile = "input.pdf"; pdfsign.OutputFile = "signed.pdf"; pdfsign.SigningCert = new Certificate(CertStoreTypes.cstPFXFile, "cert.pfx", "password", "*"); pdfsign.SignatureProfile = PDFSignSignatureProfiles.pfBaselineB; pdfsign.ValidationPolicy = PDFSignValidationPolicies.vpNone; pdfsign.Sign(); PAdES-EPES

To instead create a PAdES-EPES signature that includes the signature-policy-identifier attribute, set the PolicyHash, PolicyHashAlgorithm, and PolicyId configuration settings before calling the Sign method.

This profile, in both the BES and EPES settings, creates a basic signature that remains valid as long as the signing certificate has not expired or been revoked. Signatures at this level need not contain any validation material.

PAdES B-T

The PAdES B-T profile extends the basic BES or EPES signature by adding a signature timestamp. This timestamp certifies that the signature was created at a specific moment in time. Similar to the B-B profile, signatures at this level need not contain any validation material.

Use the following code to create a B-T signature: pdfsign.InputFile = "input.pdf"; pdfsign.OutputFile = "signed.pdf"; pdfsign.SigningCert = new Certificate(CertStoreTypes.cstPFXFile, "cert.pfx", "password", "*"); pdfsign.SignatureProfile = PDFSignSignatureProfiles.pfBaselineT; pdfsign.TimestampServer = "http://time.certum.pl"; pdfsign.ValidationPolicy = PDFSignValidationPolicies.vpNone; pdfsign.Sign(); PAdES B-LTA

The PAdES B-LTA profile is used to achieve signatures that are equipped with long-term archival (LTA) or long-term validation (LTV) capabilities. It incorporates into the signature all the material required to validate the signature, including signing certificates, timestamping certificates, and revocation information. It also adds a document timestamp, which certifies the integrity of both the document and the complete validation material at a specific moment in time. This guarantees that no relevant certificates were expired or revoked at the signature creation time, and enables the signature to be verified offline.

Creating a B-LTA signature with PDFSign is a two-step process. First Sign the document and add a signature timestamp, setting SignatureProfile appropriately. Then Update the signature to take care of the rest (collect and embed the validation material, and add a document timestamp): pdfsign.InputFile = "input.pdf"; pdfsign.OutputFile = "signed.pdf"; pdfsign.SigningCert = new Certificate(CertStoreTypes.cstPFXFile, "cert.pfx", "password", "*"); pdfsign.SignatureProfile = PDFSignSignatureProfiles.pfBaselineT; pdfsign.TimestampServer = "http://time.certum.pl"; pdfsign.ValidationPolicy = PDFSignValidationPolicies.vpNone; pdfsign.Sign(); // Update the signature to LTV - this will retrieve the necessary revocation // elements, embed them into the document, and add a document timestamp pdfsign.Reset(); pdfsign.InputFile = "signed.pdf"; pdfsign.OutputFile = "updated.pdf"; pdfsign.TimestampServer = "http://time.certum.pl"; pdfsign.Update(); Note that validation material "completeness" can be subjective and depends on several factors, including:

The working environment. For example, your organization may explicitly trust its own self-signed TSA certificate. Signatures timestamped with this certificate will be considered B-LTA by your organization, but for any external bodies, those signatures would be rendered as B-LT or even B-B, as they do not know or trust the custom TSA certificate.
The time that has passed since the last document timestamp. If an archived (B-LTA) document is not re-timestamped before its last timestamp expires, it will drop back to a lower signature level.

Chain Validation Setup

Chain validation is a sophisticated, multi-faceted procedure that involves a lot of variables. Depending on the configuration of your operating environment, the specifics of the PKI framework being used, and the validation policy you need to follow, you may want to adjust your chain validation parameters to best fit your requirements. A summary of these parameters is given below.

Note that these parameters apply to the Sign and Update methods in PDFSign as well as the Verify method in PDFVerify, as all three methods execute the chain validation procedure (if it is enabled).

Validation Policy

The ValidationPolicy property dictates how thoroughly the chain will be validated. It includes options to control which checks the class will perform, allowing you to tailor the validation process to meet your specific security needs. For example, if it is not essential to check each certificate's revocation status, set this property to vpFullNoRevocation.

Revocation

The revocation aspect of chain validation is controlled by the RevocationCheck property, which allows you to choose between and prioritize revocation origins. Note that OCSP sources are often preferred to CRL endpoints because of their real-time capability and the smaller size of the responses they produce.

Trust

The trust aspect of chain validation is controlled by the TrustSources property, which allows you to specify the locations in which the class will search for trust anchors. Local system stores, your own trusted root certificates (via the TrustedCerts property), and Trusted Lists (via the TrustedLists property) are all supported.

Offline Mode

The OfflineMode property provides the ability to sign or verify the document without contacting online sources. If this property is enabled, the class will only use KnownCerts, TrustedCerts, data structures within the document itself, and revocation and Trusted List data that it previously saved to its internal cache when looking for missing validation material.

Property List

The following is the full list of the properties of the class with short descriptions. Click on the links for further details.


AttachmentCount	The number of records in the Attachment arrays.
AttachmentContentType	The content type of the attachment.
AttachmentCreationDate	The creation date of the attachment.
AttachmentData	The raw data of the attachment.
AttachmentDescription	A textual description of the attachment.
AttachmentFileName	The path and filename of the attachment.
AttachmentModificationDate	The date and time of the file's last modification.
AttachmentName	The name of the attachment.
AttachmentSize	The attachment's size in bytes.
BlockedCertCount	The number of records in the BlockedCert arrays.
BlockedCertEffectiveDate	The date on which this certificate becomes valid.
BlockedCertExpirationDate	The date on which the certificate expires.
BlockedCertExtendedKeyUsage	A comma-delimited list of extended key usage identifiers.
BlockedCertFingerprint	The hex-encoded, 16-byte MD5 fingerprint of the certificate.
BlockedCertFingerprintSHA1	The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.
BlockedCertFingerprintSHA256	The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.
BlockedCertIssuer	The issuer of the certificate.
BlockedCertPrivateKey	The private key of the certificate (if available).
BlockedCertPrivateKeyAvailable	Whether a PrivateKey is available for the selected certificate.
BlockedCertPrivateKeyContainer	The name of the PrivateKey container for the certificate (if available).
BlockedCertPublicKey	The public key of the certificate.
BlockedCertPublicKeyAlgorithm	The textual description of the certificate's public key algorithm.
BlockedCertPublicKeyLength	The length of the certificate's public key (in bits).
BlockedCertSerialNumber	The serial number of the certificate encoded as a string.
BlockedCertSignatureAlgorithm	The text description of the certificate's signature algorithm.
BlockedCertStore	The name of the certificate store for the client certificate.
BlockedCertStorePassword	If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.
BlockedCertStoreType	The type of certificate store for this certificate.
BlockedCertSubjectAltNames	Comma-separated lists of alternative subject names for the certificate.
BlockedCertThumbprintMD5	The MD5 hash of the certificate.
BlockedCertThumbprintSHA1	The SHA-1 hash of the certificate.
BlockedCertThumbprintSHA256	The SHA-256 hash of the certificate.
BlockedCertUsage	The text description of UsageFlags .
BlockedCertUsageFlags	The flags that show intended use for the certificate.
BlockedCertVersion	The certificate's version number.
BlockedCertSubject	The subject of the certificate used for client authentication.
BlockedCertEncoded	The certificate (PEM/Base64 encoded).
DecryptionCertEffectiveDate	The date on which this certificate becomes valid.
DecryptionCertExpirationDate	The date on which the certificate expires.
DecryptionCertExtendedKeyUsage	A comma-delimited list of extended key usage identifiers.
DecryptionCertFingerprint	The hex-encoded, 16-byte MD5 fingerprint of the certificate.
DecryptionCertFingerprintSHA1	The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.
DecryptionCertFingerprintSHA256	The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.
DecryptionCertIssuer	The issuer of the certificate.
DecryptionCertPrivateKey	The private key of the certificate (if available).
DecryptionCertPrivateKeyAvailable	Whether a PrivateKey is available for the selected certificate.
DecryptionCertPrivateKeyContainer	The name of the PrivateKey container for the certificate (if available).
DecryptionCertPublicKey	The public key of the certificate.
DecryptionCertPublicKeyAlgorithm	The textual description of the certificate's public key algorithm.
DecryptionCertPublicKeyLength	The length of the certificate's public key (in bits).
DecryptionCertSerialNumber	The serial number of the certificate encoded as a string.
DecryptionCertSignatureAlgorithm	The text description of the certificate's signature algorithm.
DecryptionCertStore	The name of the certificate store for the client certificate.
DecryptionCertStorePassword	If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.
DecryptionCertStoreType	The type of certificate store for this certificate.
DecryptionCertSubjectAltNames	Comma-separated lists of alternative subject names for the certificate.
DecryptionCertThumbprintMD5	The MD5 hash of the certificate.
DecryptionCertThumbprintSHA1	The SHA-1 hash of the certificate.
DecryptionCertThumbprintSHA256	The SHA-256 hash of the certificate.
DecryptionCertUsage	The text description of UsageFlags .
DecryptionCertUsageFlags	The flags that show intended use for the certificate.
DecryptionCertVersion	The certificate's version number.
DecryptionCertSubject	The subject of the certificate used for client authentication.
DecryptionCertEncoded	The certificate (PEM/Base64 encoded).
DocumentCertCount	The number of records in the DocumentCert arrays.
DocumentCertEffectiveDate	The date on which this certificate becomes valid.
DocumentCertExpirationDate	The date on which the certificate expires.
DocumentCertExtendedKeyUsage	A comma-delimited list of extended key usage identifiers.
DocumentCertFingerprint	The hex-encoded, 16-byte MD5 fingerprint of the certificate.
DocumentCertFingerprintSHA1	The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.
DocumentCertFingerprintSHA256	The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.
DocumentCertIssuer	The issuer of the certificate.
DocumentCertPrivateKey	The private key of the certificate (if available).
DocumentCertPrivateKeyAvailable	Whether a PrivateKey is available for the selected certificate.
DocumentCertPrivateKeyContainer	The name of the PrivateKey container for the certificate (if available).
DocumentCertPublicKey	The public key of the certificate.
DocumentCertPublicKeyAlgorithm	The textual description of the certificate's public key algorithm.
DocumentCertPublicKeyLength	The length of the certificate's public key (in bits).
DocumentCertSerialNumber	The serial number of the certificate encoded as a string.
DocumentCertSignatureAlgorithm	The text description of the certificate's signature algorithm.
DocumentCertStore	The name of the certificate store for the client certificate.
DocumentCertStorePassword	If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.
DocumentCertStoreType	The type of certificate store for this certificate.
DocumentCertSubjectAltNames	Comma-separated lists of alternative subject names for the certificate.
DocumentCertThumbprintMD5	The MD5 hash of the certificate.
DocumentCertThumbprintSHA1	The SHA-1 hash of the certificate.
DocumentCertThumbprintSHA256	The SHA-256 hash of the certificate.
DocumentCertUsage	The text description of UsageFlags .
DocumentCertUsageFlags	The flags that show intended use for the certificate.
DocumentCertVersion	The certificate's version number.
DocumentCertSubject	The subject of the certificate used for client authentication.
DocumentCertEncoded	The certificate (PEM/Base64 encoded).
FirewallAutoDetect	Whether to automatically detect and use firewall system settings, if available.
FirewallType	The type of firewall to connect through.
FirewallHost	The name or IP address of the firewall (optional).
FirewallPassword	A password if authentication is to be used when connecting through the firewall.
FirewallPort	The Transmission Control Protocol (TCP) port for the firewall Host .
FirewallUser	A username if authentication is to be used when connecting through a firewall.
InputData	A byte array containing the PDF document to process.
InputFile	The PDF file to process.
KnownCertCount	The number of records in the KnownCert arrays.
KnownCertEffectiveDate	The date on which this certificate becomes valid.
KnownCertExpirationDate	The date on which the certificate expires.
KnownCertExtendedKeyUsage	A comma-delimited list of extended key usage identifiers.
KnownCertFingerprint	The hex-encoded, 16-byte MD5 fingerprint of the certificate.
KnownCertFingerprintSHA1	The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.
KnownCertFingerprintSHA256	The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.
KnownCertIssuer	The issuer of the certificate.
KnownCertPrivateKey	The private key of the certificate (if available).
KnownCertPrivateKeyAvailable	Whether a PrivateKey is available for the selected certificate.
KnownCertPrivateKeyContainer	The name of the PrivateKey container for the certificate (if available).
KnownCertPublicKey	The public key of the certificate.
KnownCertPublicKeyAlgorithm	The textual description of the certificate's public key algorithm.
KnownCertPublicKeyLength	The length of the certificate's public key (in bits).
KnownCertSerialNumber	The serial number of the certificate encoded as a string.
KnownCertSignatureAlgorithm	The text description of the certificate's signature algorithm.
KnownCertStore	The name of the certificate store for the client certificate.
KnownCertStorePassword	If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.
KnownCertStoreType	The type of certificate store for this certificate.
KnownCertSubjectAltNames	Comma-separated lists of alternative subject names for the certificate.
KnownCertThumbprintMD5	The MD5 hash of the certificate.
KnownCertThumbprintSHA1	The SHA-1 hash of the certificate.
KnownCertThumbprintSHA256	The SHA-256 hash of the certificate.
KnownCertUsage	The text description of UsageFlags .
KnownCertUsageFlags	The flags that show intended use for the certificate.
KnownCertVersion	The certificate's version number.
KnownCertSubject	The subject of the certificate used for client authentication.
KnownCertEncoded	The certificate (PEM/Base64 encoded).
OfflineMode	Whether the class is operating in offline mode.
OutputData	A byte array containing the PDF document after processing.
OutputFile	The path to a local file where the output will be written.
Overwrite	Whether or not the class should overwrite files.
Password	The password to decrypt the document with.
ProxyAuthScheme	The type of authorization to perform when connecting to the proxy.
ProxyAutoDetect	Whether to automatically detect and use proxy system settings, if available.
ProxyPassword	A password if authentication is to be used for the proxy.
ProxyPort	The Transmission Control Protocol (TCP) port for the proxy Server (default 80).
ProxyServer	If a proxy Server is given, then the HTTP request is sent to the proxy instead of the server otherwise specified.
ProxySSL	When to use a Secure Sockets Layer (SSL) for the connection to the proxy.
ProxyUser	A username if authentication is to be used for the proxy.
RevocationCheck	The kind(s) of revocation check to perform for all chain certificates.
SignatureAuthorName	The human-readable name of the signer.
SignatureClaimedSigningTime	The signature's creation time.
SignatureField	The index of the empty signature field to sign.
SignatureHashAlgorithm	The hash algorithm to be used for signing.
SignatureProfile	The PAdES profile to apply when creating the signature.
SignatureReason	The reason for signing.
PDFSignatureCount	The number of records in the PDFSignature arrays.
PDFSignatureAuthorName	The human-readable name of the signer.
PDFSignatureChainValidationDetails	The details of the certificate chain validation outcome.
PDFSignatureChainValidationResult	The outcome of the certificate chain validation routine.
PDFSignatureClaimedSigningTime	The signature's creation time in UTC.
PDFSignatureCoverageEndsAt	The offset in the PDF file where the signature coverage ends.
PDFSignatureHashAlgorithm	The hash algorithm that was used for signing.
PDFSignatureProfile	The pre-defined PAdES profile that was applied when creating the signature, as defined by ETSI.
PDFSignatureReason	The reason for signing.
PDFSignatureType	The type of the signature that was created.
PDFSignatureSignerCertIndex	The index of the signer certificate in the DocumentCerts properties.
PDFSignatureTimestampCertIndex	The index of the timestamping certificate in the DocumentCerts properties (if applicable).
PDFSignatureTimestamped	Whether the signature contains an embedded timestamp.
PDFSignatureValidatedSigningTime	The certified signing time in UTC.
PDFSignatureValidationResult	The outcome of the cryptographic signature validation.
PDFSignatureWidgetHeight	The height of the signature widget in points.
PDFSignatureWidgetOffsetX	The signature widget offset from the left-hand page border in points.
PDFSignatureWidgetOffsetY	The signature widget offset from the bottom page border in points.
PDFSignatureWidgetPages	The pages that the signature and its widget are placed on.
PDFSignatureWidgetWidth	The width of the signature widget in points.
SignatureType	The type of signature to create.
SignatureWidgetHeight	The height of the signature widget.
SignatureWidgetOffsetX	The signature widget offset from the left-hand page border.
SignatureWidgetOffsetY	The signature widget offset from the bottom page border.
SignatureWidgetPages	The pages to place the signature and its widget on.
SignatureWidgetWidth	The width of the signature widget.
SigningCertEffectiveDate	The date on which this certificate becomes valid.
SigningCertExpirationDate	The date on which the certificate expires.
SigningCertExtendedKeyUsage	A comma-delimited list of extended key usage identifiers.
SigningCertFingerprint	The hex-encoded, 16-byte MD5 fingerprint of the certificate.
SigningCertFingerprintSHA1	The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.
SigningCertFingerprintSHA256	The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.
SigningCertIssuer	The issuer of the certificate.
SigningCertPrivateKey	The private key of the certificate (if available).
SigningCertPrivateKeyAvailable	Whether a PrivateKey is available for the selected certificate.
SigningCertPrivateKeyContainer	The name of the PrivateKey container for the certificate (if available).
SigningCertPublicKey	The public key of the certificate.
SigningCertPublicKeyAlgorithm	The textual description of the certificate's public key algorithm.
SigningCertPublicKeyLength	The length of the certificate's public key (in bits).
SigningCertSerialNumber	The serial number of the certificate encoded as a string.
SigningCertSignatureAlgorithm	The text description of the certificate's signature algorithm.
SigningCertStore	The name of the certificate store for the client certificate.
SigningCertStorePassword	If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.
SigningCertStoreType	The type of certificate store for this certificate.
SigningCertSubjectAltNames	Comma-separated lists of alternative subject names for the certificate.
SigningCertThumbprintMD5	The MD5 hash of the certificate.
SigningCertThumbprintSHA1	The SHA-1 hash of the certificate.
SigningCertThumbprintSHA256	The SHA-256 hash of the certificate.
SigningCertUsage	The text description of UsageFlags .
SigningCertUsageFlags	The flags that show intended use for the certificate.
SigningCertVersion	The certificate's version number.
SigningCertSubject	The subject of the certificate used for client authentication.
SigningCertEncoded	The certificate (PEM/Base64 encoded).
TimestampServer	The address of the timestamping server.
TrustedCertCount	The number of records in the TrustedCert arrays.
TrustedCertEffectiveDate	The date on which this certificate becomes valid.
TrustedCertExpirationDate	The date on which the certificate expires.
TrustedCertExtendedKeyUsage	A comma-delimited list of extended key usage identifiers.
TrustedCertFingerprint	The hex-encoded, 16-byte MD5 fingerprint of the certificate.
TrustedCertFingerprintSHA1	The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.
TrustedCertFingerprintSHA256	The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.
TrustedCertIssuer	The issuer of the certificate.
TrustedCertPrivateKey	The private key of the certificate (if available).
TrustedCertPrivateKeyAvailable	Whether a PrivateKey is available for the selected certificate.
TrustedCertPrivateKeyContainer	The name of the PrivateKey container for the certificate (if available).
TrustedCertPublicKey	The public key of the certificate.
TrustedCertPublicKeyAlgorithm	The textual description of the certificate's public key algorithm.
TrustedCertPublicKeyLength	The length of the certificate's public key (in bits).
TrustedCertSerialNumber	The serial number of the certificate encoded as a string.
TrustedCertSignatureAlgorithm	The text description of the certificate's signature algorithm.
TrustedCertStore	The name of the certificate store for the client certificate.
TrustedCertStorePassword	If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.
TrustedCertStoreType	The type of certificate store for this certificate.
TrustedCertSubjectAltNames	Comma-separated lists of alternative subject names for the certificate.
TrustedCertThumbprintMD5	The MD5 hash of the certificate.
TrustedCertThumbprintSHA1	The SHA-1 hash of the certificate.
TrustedCertThumbprintSHA256	The SHA-256 hash of the certificate.
TrustedCertUsage	The text description of UsageFlags .
TrustedCertUsageFlags	The flags that show intended use for the certificate.
TrustedCertVersion	The certificate's version number.
TrustedCertSubject	The subject of the certificate used for client authentication.
TrustedCertEncoded	The certificate (PEM/Base64 encoded).
TrustedLists	A list of known Trusted Lists for chain validation.
TrustSources	The trust sources to use during chain validation.
ValidationFlags	Additional chain validation settings.
ValidationPolicy	The level at which to perform chain validation.
ValidationTime	The time point at which the signature should be validated.

Method List

The following is the full list of the methods of the class with short descriptions. Click on the links for further details.


AddAttachment	Adds an attachment to a PDF document.
AddTimestamp	Adds a document timestamp to a PDF document.
Close	Closes an opened PDF document.
Config	Sets or retrieves a configuration setting.
Encrypted	Checks whether a PDF document is encrypted.
GetPageProperty	Retrieves the value of a page property.
GetWidgetProperty	Retrieves the value of a signature widget property.
Interrupt	Interrupts the current action.
Open	Opens a PDF document for processing.
RemoveAttachment	Removes an attachment from a PDF document.
Reset	Resets the class.
SaveAttachment	Saves a PDF attachment to a file.
SetWidgetProperty	Sets the value of a signature widget property.
Sign	Signs a PDF document.
Signed	Checks whether a PDF document is signed.
Update	Updates the most recent signature.

Event List

The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.


ChainCert	Fired when the class encounters a chain certificate.
DocumentInfo	Fired when the document has been loaded into memory.
Error	Fired when information is available about errors during data delivery.
Log	Fired once for each log message.
Password	Fired when the class detects that the PDF document is encrypted with a password.
RecipientInfo	Fired for each recipient certificate of the encrypted PDF document.
SignatureInfo	Fired when the class finds a signature in the document.
SignatureProcessed	Fired after a signature has been processed.
SSLServerAuthentication	Fired after the server presents its certificate to the client.
SSLStatus	Fired when secure connection progress messages are available.

Config Settings

The following is a list of config settings for the class with short descriptions. Click on the links for further details.


CacheRevocationInfo	Whether to cache revocation information.
CloseInputStreamAfterProcessing	Whether to close the input stream after processing.
CloseOutputStreamAfterProcessing	Whether to close the output stream after processing.
CompressDSS	Whether to compress content in the DSS dictionary.
ContactInfo[Index]	The signer's contact information.
CustomProfile	A pre-defined custom profile to apply when creating the signature.
ExtraSpace	The number of extra 0 bytes to allocate in the document behind the signature.
FilterName[Index]	The signature filter name.
FontPaths	The font search paths.
FullSignatureName[Index]	The full name of the signature field.
HTTPRetryCount	The number of HTTP request retries.
HTTPRetryInterval	A time interval to apply between HTTP request retries.
IncludeRevocationInfo	Whether to include revocation information in the document.
IncludeSigningChain	Whether to include the full signing chain in the signature.
LogLevel	The level of detail that is logged.
OwnerPassword	The owner password to decrypt the document with.
Permissions	The document permissions associated with the encryption.
PolicyHash	The signature policy hash value.
PolicyHashAlgorithm	The algorithm that was used to calculate the signature policy hash.
PolicyId	The policy Id to be included in the signature.
PreferEmbeddedRevocationInfo	Whether to prioritize revocation information that is embedded into the document.
SaveChanges	Whether to save changes made to the PDF document.
SignatureData[Index]	The hex-encoded representation of the underlying PKCS#7 signature blob.
SystemFontNames	The system font names.
TempPath	The location where temporary files are stored.
TimestampHashAlgorithm	A specific hash algorithm for use with the timestamping service.
TSATLSClientCertStore	The TLS client certificate store to search.
TSATLSClientCertStorePassword	The password needed to open the TLS client certificate store.
TSATLSClientCertStoreType	The type of the TLS client certificate store.
TSATLSClientCertSubject	The subject of the TLS client certificate.
UpdateIndex	The index of the signature to update.
UsePSS	Whether to use RSA-PSS during signing and verification.
BuildInfo	Information about the product's build.
CodePage	The system code page used for Unicode to Multibyte translations.
LicenseInfo	Information about the current license.
MaskSensitiveData	Whether sensitive data is masked in log messages.
ProcessIdleEvents	Whether the class uses its internal event loop to process events when the main thread is idle.
SelectWaitMillis	The length of time in milliseconds the class will wait when DoEvents is called if there are no events to process.
UseInternalSecurityAPI	Whether or not to use the system security libraries or an internal implementation.

AttachmentCount Property (SecurePDF_PDFSign Class)

The number of records in the Attachment arrays.

Object Oriented Interface

public function getAttachmentCount();
public function setAttachmentCount($value);

Procedural Interface

securepdf_pdfsign_get($res, 1 );
securepdf_pdfsign_set($res, 1, $value );

Default Value

Remarks

This property controls the size of the following arrays:

AttachmentContentType
AttachmentCreationDate
AttachmentData
AttachmentDescription
AttachmentFileName
AttachmentModificationDate
AttachmentName
AttachmentSize

The array indices start at 0 and end at AttachmentCount - 1.

This property is not available at design time.

Data Type

Integer

AttachmentContentType Property (SecurePDF_PDFSign Class)

The content type of the attachment.

Object Oriented Interface

public function getAttachmentContentType($attachmentindex);
public function setAttachmentContentType($attachmentindex, $value);

Procedural Interface

securepdf_pdfsign_get($res, 2 , $attachmentindex);
securepdf_pdfsign_set($res, 2, $value , $attachmentindex);

Default Value

Remarks

The content type of the attachment.

The $attachmentindex parameter specifies the index of the item in the array. The size of the array is controlled by the AttachmentCount property.

This property is not available at design time.

Data Type

String

AttachmentCreationDate Property (SecurePDF_PDFSign Class)

The creation date of the attachment.

Object Oriented Interface

public function getAttachmentCreationDate($attachmentindex);
public function setAttachmentCreationDate($attachmentindex, $value);

Procedural Interface

securepdf_pdfsign_get($res, 3 , $attachmentindex);
securepdf_pdfsign_set($res, 3, $value , $attachmentindex);

Default Value

Remarks

The creation date of the attachment.

The $attachmentindex parameter specifies the index of the item in the array. The size of the array is controlled by the AttachmentCount property.

This property is not available at design time.

Data Type

String

AttachmentData Property (SecurePDF_PDFSign Class)

The raw data of the attachment.

Object Oriented Interface

public function getAttachmentData($attachmentindex);
public function setAttachmentData($attachmentindex, $value);

Procedural Interface

securepdf_pdfsign_get($res, 4 , $attachmentindex);
securepdf_pdfsign_set($res, 4, $value , $attachmentindex);

Default Value

Remarks

The raw data of the attachment.

If AttachmentOutputStream is not set to a valid stream, the class will write to this property when an empty string is passed to the SaveAttachment method.

The $attachmentindex parameter specifies the index of the item in the array. The size of the array is controlled by the AttachmentCount property.

This property is not available at design time.

Data Type

Binary String

AttachmentDescription Property (SecurePDF_PDFSign Class)

A textual description of the attachment.

Object Oriented Interface

public function getAttachmentDescription($attachmentindex);
public function setAttachmentDescription($attachmentindex, $value);

Procedural Interface

securepdf_pdfsign_get($res, 5 , $attachmentindex);
securepdf_pdfsign_set($res, 5, $value , $attachmentindex);

Default Value

Remarks

A textual description of the attachment.

The $attachmentindex parameter specifies the index of the item in the array. The size of the array is controlled by the AttachmentCount property.

This property is not available at design time.

Data Type

String

AttachmentFileName Property (SecurePDF_PDFSign Class)

The path and filename of the attachment.

Object Oriented Interface

public function getAttachmentFileName($attachmentindex);
public function setAttachmentFileName($attachmentindex, $value);

Procedural Interface

securepdf_pdfsign_get($res, 6 , $attachmentindex);
securepdf_pdfsign_set($res, 6, $value , $attachmentindex);

Default Value

Remarks

The path and filename of the attachment.

The $attachmentindex parameter specifies the index of the item in the array. The size of the array is controlled by the AttachmentCount property.

This property is not available at design time.

Data Type

String

AttachmentModificationDate Property (SecurePDF_PDFSign Class)

The date and time of the file's last modification.

Object Oriented Interface

public function getAttachmentModificationDate($attachmentindex);
public function setAttachmentModificationDate($attachmentindex, $value);

Procedural Interface

securepdf_pdfsign_get($res, 8 , $attachmentindex);
securepdf_pdfsign_set($res, 8, $value , $attachmentindex);

Default Value

Remarks

The date and time of the file's last modification.

The $attachmentindex parameter specifies the index of the item in the array. The size of the array is controlled by the AttachmentCount property.

This property is not available at design time.

Data Type

String

AttachmentName Property (SecurePDF_PDFSign Class)

The name of the attachment.

Object Oriented Interface

public function getAttachmentName($attachmentindex);
public function setAttachmentName($attachmentindex, $value);

Procedural Interface

securepdf_pdfsign_get($res, 9 , $attachmentindex);
securepdf_pdfsign_set($res, 9, $value , $attachmentindex);

Default Value

Remarks

The name of the attachment.

The $attachmentindex parameter specifies the index of the item in the array. The size of the array is controlled by the AttachmentCount property.

This property is not available at design time.

Data Type

String

AttachmentSize Property (SecurePDF_PDFSign Class)

The attachment's size in bytes.

Object Oriented Interface

public function getAttachmentSize($attachmentindex);

Procedural Interface

securepdf_pdfsign_get($res, 11 , $attachmentindex);

Default Value

Remarks

The attachment's size in bytes.

The $attachmentindex parameter specifies the index of the item in the array. The size of the array is controlled by the AttachmentCount property.

This property is read-only and not available at design time.

Data Type

Long64

BlockedCertCount Property (SecurePDF_PDFSign Class)

The number of records in the BlockedCert arrays.

Object Oriented Interface

public function getBlockedCertCount();
public function setBlockedCertCount($value);

Procedural Interface

securepdf_pdfsign_get($res, 12 );
securepdf_pdfsign_set($res, 12, $value );

Default Value

Remarks

This property controls the size of the following arrays:

BlockedCertEffectiveDate
BlockedCertEncoded
BlockedCertExpirationDate
BlockedCertExtendedKeyUsage
BlockedCertFingerprint
BlockedCertFingerprintSHA1
BlockedCertFingerprintSHA256
BlockedCertIssuer
BlockedCertPrivateKey
BlockedCertPrivateKeyAvailable
BlockedCertPrivateKeyContainer
BlockedCertPublicKey
BlockedCertPublicKeyAlgorithm
BlockedCertPublicKeyLength
BlockedCertSerialNumber
BlockedCertSignatureAlgorithm
BlockedCertStore
BlockedCertStorePassword
BlockedCertStoreType
BlockedCertSubject
BlockedCertSubjectAltNames
BlockedCertThumbprintMD5
BlockedCertThumbprintSHA1
BlockedCertThumbprintSHA256
BlockedCertUsage
BlockedCertUsageFlags
BlockedCertVersion

The array indices start at 0 and end at BlockedCertCount - 1.

This property is not available at design time.

Data Type

Integer

BlockedCertEffectiveDate Property (SecurePDF_PDFSign Class)

The date on which this certificate becomes valid.

Object Oriented Interface

public function getBlockedCertEffectiveDate($blockedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 13 , $blockedcertindex);

Default Value

Remarks

The date on which this certificate becomes valid. Before this date, it is not valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2000 15:00:00.

The $blockedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the BlockedCertCount property.

This property is read-only and not available at design time.

Data Type

String

BlockedCertExpirationDate Property (SecurePDF_PDFSign Class)

The date on which the certificate expires.

Object Oriented Interface

public function getBlockedCertExpirationDate($blockedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 14 , $blockedcertindex);

Default Value

Remarks

The date on which the certificate expires. After this date, the certificate will no longer be valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2001 15:00:00.

The $blockedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the BlockedCertCount property.

This property is read-only and not available at design time.

Data Type

String

BlockedCertExtendedKeyUsage Property (SecurePDF_PDFSign Class)

A comma-delimited list of extended key usage identifiers.

Object Oriented Interface

public function getBlockedCertExtendedKeyUsage($blockedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 15 , $blockedcertindex);

Default Value

Remarks

A comma-delimited list of extended key usage identifiers. These are the same as ASN.1 object identifiers (OIDs).

The $blockedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the BlockedCertCount property.

This property is read-only and not available at design time.

Data Type

String

BlockedCertFingerprint Property (SecurePDF_PDFSign Class)

The hex-encoded, 16-byte MD5 fingerprint of the certificate.

Object Oriented Interface

public function getBlockedCertFingerprint($blockedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 16 , $blockedcertindex);

Default Value

Remarks

The hex-encoded, 16-byte MD5 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02

The $blockedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the BlockedCertCount property.

This property is read-only and not available at design time.

Data Type

String

BlockedCertFingerprintSHA1 Property (SecurePDF_PDFSign Class)

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.

Object Oriented Interface

public function getBlockedCertFingerprintSHA1($blockedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 17 , $blockedcertindex);

Default Value

Remarks

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 30:7b:fa:38:65:83:ff:da:b4:4e:07:3f:17:b8:a4:ed:80:be:ff:84

The $blockedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the BlockedCertCount property.

This property is read-only and not available at design time.

Data Type

String

BlockedCertFingerprintSHA256 Property (SecurePDF_PDFSign Class)

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.

Object Oriented Interface

public function getBlockedCertFingerprintSHA256($blockedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 18 , $blockedcertindex);

Default Value

Remarks

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 6a:80:5c:33:a9:43:ea:b0:96:12:8a:64:96:30:ef:4a:8a:96:86:ce:f4:c7:be:10:24:8e:2b:60:9e:f3:59:53

The $blockedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the BlockedCertCount property.

This property is read-only and not available at design time.

Data Type

String

BlockedCertIssuer Property (SecurePDF_PDFSign Class)

The issuer of the certificate.

Object Oriented Interface

public function getBlockedCertIssuer($blockedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 19 , $blockedcertindex);

Default Value

Remarks

The issuer of the certificate. This property contains a string representation of the name of the issuing authority for the certificate.

The $blockedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the BlockedCertCount property.

This property is read-only and not available at design time.

Data Type

String

BlockedCertPrivateKey Property (SecurePDF_PDFSign Class)

The private key of the certificate (if available).

Object Oriented Interface

public function getBlockedCertPrivateKey($blockedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 20 , $blockedcertindex);

Default Value

Remarks

The private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.

Note: The BlockedCertPrivateKey may be available but not exportable. In this case, BlockedCertPrivateKey returns an empty string.

The $blockedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the BlockedCertCount property.

This property is read-only and not available at design time.

Data Type

String

BlockedCertPrivateKeyAvailable Property (SecurePDF_PDFSign Class)

Whether a PrivateKey is available for the selected certificate.

Object Oriented Interface

public function getBlockedCertPrivateKeyAvailable($blockedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 21 , $blockedcertindex);

Default Value

false

Remarks

Whether a BlockedCertPrivateKey is available for the selected certificate. If BlockedCertPrivateKeyAvailable is True, the certificate may be used for authentication purposes (e.g., server authentication).

The $blockedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the BlockedCertCount property.

This property is read-only and not available at design time.

Data Type

Boolean

BlockedCertPrivateKeyContainer Property (SecurePDF_PDFSign Class)

The name of the PrivateKey container for the certificate (if available).

Object Oriented Interface

public function getBlockedCertPrivateKeyContainer($blockedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 22 , $blockedcertindex);

Default Value

Remarks

The name of the BlockedCertPrivateKey container for the certificate (if available). This functionality is available only on Windows platforms.

The $blockedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the BlockedCertCount property.

This property is read-only and not available at design time.

Data Type

String

BlockedCertPublicKey Property (SecurePDF_PDFSign Class)

The public key of the certificate.

Object Oriented Interface

public function getBlockedCertPublicKey($blockedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 23 , $blockedcertindex);

Default Value

Remarks

The public key of the certificate. The key is provided as PEM/Base64-encoded data.

The $blockedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the BlockedCertCount property.

This property is read-only and not available at design time.

Data Type

String

BlockedCertPublicKeyAlgorithm Property (SecurePDF_PDFSign Class)

The textual description of the certificate's public key algorithm.

Object Oriented Interface

public function getBlockedCertPublicKeyAlgorithm($blockedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 24 , $blockedcertindex);

Default Value

Remarks

The textual description of the certificate's public key algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_DH") or an object identifier (OID) string representing the algorithm.

The $blockedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the BlockedCertCount property.

This property is read-only and not available at design time.

Data Type

String

BlockedCertPublicKeyLength Property (SecurePDF_PDFSign Class)

The length of the certificate's public key (in bits).

Object Oriented Interface

public function getBlockedCertPublicKeyLength($blockedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 25 , $blockedcertindex);

Default Value

Remarks

The length of the certificate's public key (in bits). Common values are 512, 1024, and 2048.

The $blockedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the BlockedCertCount property.

This property is read-only and not available at design time.

Data Type

Integer

BlockedCertSerialNumber Property (SecurePDF_PDFSign Class)

The serial number of the certificate encoded as a string.

Object Oriented Interface

public function getBlockedCertSerialNumber($blockedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 26 , $blockedcertindex);

Default Value

Remarks

The serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, with each pair representing a byte of the serial number.

The $blockedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the BlockedCertCount property.

This property is read-only and not available at design time.

Data Type

String

BlockedCertSignatureAlgorithm Property (SecurePDF_PDFSign Class)

The text description of the certificate's signature algorithm.

Object Oriented Interface

public function getBlockedCertSignatureAlgorithm($blockedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 27 , $blockedcertindex);

Default Value

Remarks

The text description of the certificate's signature algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_MD5RSA") or an object identifier (OID) string representing the algorithm.

The $blockedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the BlockedCertCount property.

This property is read-only and not available at design time.

Data Type

String

BlockedCertStore Property (SecurePDF_PDFSign Class)

The name of the certificate store for the client certificate.

Object Oriented Interface

public function getBlockedCertStore($blockedcertindex);
public function setBlockedCertStore($blockedcertindex, $value);

Procedural Interface

securepdf_pdfsign_get($res, 28 , $blockedcertindex);
securepdf_pdfsign_set($res, 28, $value , $blockedcertindex);

Default Value

'MY'

Remarks

The name of the certificate store for the client certificate.

The BlockedCertStoreType property denotes the type of the certificate store specified by BlockedCertStore. If the store is password-protected, specify the password in BlockedCertStorePassword.

BlockedCertStore is used in conjunction with the BlockedCertSubject property to specify client certificates. If BlockedCertStore has a value, and BlockedCertSubject or BlockedCertEncoded is set, a search for a certificate is initiated. Please see the BlockedCertSubject property for details.

Designations of certificate stores are platform dependent.

The following designations are the most common User and Machine certificate stores in Windows:


MY	A certificate store holding personal certificates with their associated private keys.
CA	Certifying authority certificates.
ROOT	Root certificates.

When the certificate store type is cstPFXFile, this property must be set to the name of the file. When the type is cstPFXBlob, the property must be set to the binary contents of a PFX file (i.e., PKCS#12 certificate store).

The $blockedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the BlockedCertCount property.

This property is not available at design time.

Data Type

Binary String

BlockedCertStorePassword Property (SecurePDF_PDFSign Class)

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Object Oriented Interface

public function getBlockedCertStorePassword($blockedcertindex);
public function setBlockedCertStorePassword($blockedcertindex, $value);

Procedural Interface

securepdf_pdfsign_get($res, 29 , $blockedcertindex);
securepdf_pdfsign_set($res, 29, $value , $blockedcertindex);

Default Value

Remarks

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

The $blockedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the BlockedCertCount property.

This property is not available at design time.

Data Type

String

BlockedCertStoreType Property (SecurePDF_PDFSign Class)

The type of certificate store for this certificate.

Object Oriented Interface

public function getBlockedCertStoreType($blockedcertindex);
public function setBlockedCertStoreType($blockedcertindex, $value);

Procedural Interface

securepdf_pdfsign_get($res, 30 , $blockedcertindex);
securepdf_pdfsign_set($res, 30, $value , $blockedcertindex);

Default Value

Remarks

The type of certificate store for this certificate.

The class supports both public and private keys in a variety of formats. When the cstAuto value is used, the class will automatically determine the type. This property can take one of the following values:


0 (cstUser - default)	For Windows, this specifies that the certificate store is a certificate store owned by the current user. Note: This store type is not available in Java.
1 (cstMachine)	For Windows, this specifies that the certificate store is a machine store. Note: This store type is not available in Java.
2 (cstPFXFile)	The certificate store is the name of a PFX (PKCS#12) file containing certificates.
3 (cstPFXBlob)	The certificate store is a string (binary or Base64-encoded) representing a certificate store in PFX (PKCS#12) format.
4 (cstJKSFile)	The certificate store is the name of a Java Key Store (JKS) file containing certificates. Note: This store type is only available in Java.
5 (cstJKSBlob)	The certificate store is a string (binary or Base64-encoded) representing a certificate store in Java Key Store (JKS) format. Note: This store type is only available in Java.
6 (cstPEMKeyFile)	The certificate store is the name of a PEM-encoded file that contains a private key and an optional certificate.
7 (cstPEMKeyBlob)	The certificate store is a string (binary or Base64-encoded) that contains a private key and an optional certificate.
8 (cstPublicKeyFile)	The certificate store is the name of a file that contains a PEM- or DER-encoded public key certificate.
9 (cstPublicKeyBlob)	The certificate store is a string (binary or Base64-encoded) that contains a PEM- or DER-encoded public key certificate.
10 (cstSSHPublicKeyBlob)	The certificate store is a string (binary or Base64-encoded) that contains an SSH-style public key.
11 (cstP7BFile)	The certificate store is the name of a PKCS#7 file containing certificates.
12 (cstP7BBlob)	The certificate store is a string (binary) representing a certificate store in PKCS#7 format.
13 (cstSSHPublicKeyFile)	The certificate store is the name of a file that contains an SSH-style public key.
14 (cstPPKFile)	The certificate store is the name of a file that contains a PPK (PuTTY Private Key).
15 (cstPPKBlob)	The certificate store is a string (binary) that contains a PPK (PuTTY Private Key).
16 (cstXMLFile)	The certificate store is the name of a file that contains a certificate in XML format.
17 (cstXMLBlob)	The certificate store is a string that contains a certificate in XML format.
18 (cstJWKFile)	The certificate store is the name of a file that contains a JWK (JSON Web Key).
19 (cstJWKBlob)	The certificate store is a string that contains a JWK (JSON Web Key).
21 (cstBCFKSFile)	The certificate store is the name of a file that contains a BCFKS (Bouncy Castle FIPS Key Store). Note: This store type is only available in Java and .NET.
22 (cstBCFKSBlob)	The certificate store is a string (binary or Base64-encoded) representing a certificate store in BCFKS (Bouncy Castle FIPS Key Store) format. Note: This store type is only available in Java and .NET.
23 (cstPKCS11)	The certificate is present on a physical security key accessible via a PKCS#11 interface. To use a security key, the necessary data must first be collected using the CertMgr class. The ListStoreCertificates method may be called after setting CertStoreType to `cstPKCS11`, CertStorePassword to the PIN, and CertStore to the full path of the PKCS#11 DLL. The certificate information returned in the CertList event's `CertEncoded` parameter may be saved for later use. When using a certificate, pass the previously saved security key information as the BlockedCertStore and set BlockedCertStorePassword to the PIN. Code Example. SSH Authentication with Security Key: `certmgr.CertStoreType = CertStoreTypes.cstPKCS11; certmgr.OnCertList += (s, e) => { secKeyBlob = e.CertEncoded; }; certmgr.CertStore = @"C:\Program Files\OpenSC Project\OpenSC\pkcs11\opensc-pkcs11.dll"; certmgr.CertStorePassword = "123456"; //PIN certmgr.ListStoreCertificates(); sftp.SSHCert = new Certificate(CertStoreTypes.cstPKCS11, secKeyBlob, "123456", "*"); sftp.SSHUser = "test"; sftp.SSHLogon("myhost", 22);`
99 (cstAuto)	The store type is automatically detected from the input data. This setting may be used with both public and private keys and can detect any of the supported formats automatically.

The $blockedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the BlockedCertCount property.

This property is not available at design time.

Data Type

Integer

BlockedCertSubjectAltNames Property (SecurePDF_PDFSign Class)

Comma-separated lists of alternative subject names for the certificate.

Object Oriented Interface

public function getBlockedCertSubjectAltNames($blockedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 31 , $blockedcertindex);

Default Value

Remarks

Comma-separated lists of alternative subject names for the certificate.

The $blockedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the BlockedCertCount property.

This property is read-only and not available at design time.

Data Type

String

BlockedCertThumbprintMD5 Property (SecurePDF_PDFSign Class)

The MD5 hash of the certificate.

Object Oriented Interface

public function getBlockedCertThumbprintMD5($blockedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 32 , $blockedcertindex);

Default Value

Remarks

The MD5 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

The $blockedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the BlockedCertCount property.

This property is read-only and not available at design time.

Data Type

String

BlockedCertThumbprintSHA1 Property (SecurePDF_PDFSign Class)

The SHA-1 hash of the certificate.

Object Oriented Interface

public function getBlockedCertThumbprintSHA1($blockedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 33 , $blockedcertindex);

Default Value

Remarks

The SHA-1 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

The $blockedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the BlockedCertCount property.

This property is read-only and not available at design time.

Data Type

String

BlockedCertThumbprintSHA256 Property (SecurePDF_PDFSign Class)

The SHA-256 hash of the certificate.

Object Oriented Interface

public function getBlockedCertThumbprintSHA256($blockedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 34 , $blockedcertindex);

Default Value

Remarks

The SHA-256 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

The $blockedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the BlockedCertCount property.

This property is read-only and not available at design time.

Data Type

String

BlockedCertUsage Property (SecurePDF_PDFSign Class)

The text description of UsageFlags .

Object Oriented Interface

public function getBlockedCertUsage($blockedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 35 , $blockedcertindex);

Default Value

Remarks

The text description of BlockedCertUsageFlags.

This value will be one or more of the following strings and will be separated by commas:

Digital Signature
Non-Repudiation
Key Encipherment
Data Encipherment
Key Agreement
Certificate Signing
CRL Signing
Encipher Only

If the provider is OpenSSL, the value is a comma-separated list of X.509 certificate extension names.

The $blockedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the BlockedCertCount property.

This property is read-only and not available at design time.

Data Type

String

BlockedCertUsageFlags Property (SecurePDF_PDFSign Class)

The flags that show intended use for the certificate.

Object Oriented Interface

public function getBlockedCertUsageFlags($blockedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 36 , $blockedcertindex);

Default Value

Remarks

The flags that show intended use for the certificate. The value of BlockedCertUsageFlags is a combination of the following flags:


0x80	Digital Signature
0x40	Non-Repudiation
0x20	Key Encipherment
0x10	Data Encipherment
0x08	Key Agreement
0x04	Certificate Signing
0x02	CRL Signing
0x01	Encipher Only

Please see the BlockedCertUsage property for a text representation of BlockedCertUsageFlags.

This functionality currently is not available when the provider is OpenSSL.

The $blockedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the BlockedCertCount property.

This property is read-only and not available at design time.

Data Type

Integer

BlockedCertVersion Property (SecurePDF_PDFSign Class)

The certificate's version number.

Object Oriented Interface

public function getBlockedCertVersion($blockedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 37 , $blockedcertindex);

Default Value

Remarks

The certificate's version number. The possible values are the strings "V1", "V2", and "V3".

The $blockedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the BlockedCertCount property.

This property is read-only and not available at design time.

Data Type

String

BlockedCertSubject Property (SecurePDF_PDFSign Class)

The subject of the certificate used for client authentication.

Object Oriented Interface

public function getBlockedCertSubject($blockedcertindex);
public function setBlockedCertSubject($blockedcertindex, $value);

Procedural Interface

securepdf_pdfsign_get($res, 38 , $blockedcertindex);
securepdf_pdfsign_set($res, 38, $value , $blockedcertindex);

Default Value

Remarks

The subject of the certificate used for client authentication.

This property must be set after all other certificate properties are set. When this property is set, a search is performed in the current certificate store to locate a certificate with a matching subject.

If a matching certificate is found, the property is set to the full subject of the matching certificate.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.

The certificate subject is a comma-separated list of distinguished name fields and values. For instance, "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are as follows:


Field	Meaning
CN	Common Name. This is commonly a hostname like www.server.com.
O	Organization
OU	Organizational Unit
L	Locality
S	State
C	Country
E	Email Address

If a field value contains a comma, it must be quoted.

The $blockedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the BlockedCertCount property.

This property is not available at design time.

Data Type

String

BlockedCertEncoded Property (SecurePDF_PDFSign Class)

The certificate (PEM/Base64 encoded).

Object Oriented Interface

public function getBlockedCertEncoded($blockedcertindex);
public function setBlockedCertEncoded($blockedcertindex, $value);

Procedural Interface

securepdf_pdfsign_get($res, 39 , $blockedcertindex);
securepdf_pdfsign_set($res, 39, $value , $blockedcertindex);

Default Value

Remarks

The certificate (PEM/Base64 encoded). This property is used to assign a specific certificate. The BlockedCertStore and BlockedCertSubject properties also may be used to specify a certificate.

When BlockedCertEncoded is set, a search is initiated in the current BlockedCertStore for the private key of the certificate. If the key is found, BlockedCertSubject is updated to reflect the full subject of the selected certificate; otherwise, BlockedCertSubject is set to an empty string.

The $blockedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the BlockedCertCount property.

This property is not available at design time.

Data Type

Binary String

DecryptionCertEffectiveDate Property (SecurePDF_PDFSign Class)

The date on which this certificate becomes valid.

Object Oriented Interface

public function getDecryptionCertEffectiveDate();

Procedural Interface

securepdf_pdfsign_get($res, 40 );

Default Value

Remarks

The date on which this certificate becomes valid. Before this date, it is not valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2000 15:00:00.

This property is read-only and not available at design time.

Data Type

String

DecryptionCertExpirationDate Property (SecurePDF_PDFSign Class)

The date on which the certificate expires.

Object Oriented Interface

public function getDecryptionCertExpirationDate();

Procedural Interface

securepdf_pdfsign_get($res, 41 );

Default Value

Remarks

23-Jan-2001 15:00:00.

This property is read-only and not available at design time.

Data Type

String

DecryptionCertExtendedKeyUsage Property (SecurePDF_PDFSign Class)

A comma-delimited list of extended key usage identifiers.

Object Oriented Interface

public function getDecryptionCertExtendedKeyUsage();

Procedural Interface

securepdf_pdfsign_get($res, 42 );

Default Value

Remarks

A comma-delimited list of extended key usage identifiers. These are the same as ASN.1 object identifiers (OIDs).

This property is read-only and not available at design time.

Data Type

String

DecryptionCertFingerprint Property (SecurePDF_PDFSign Class)

The hex-encoded, 16-byte MD5 fingerprint of the certificate.

Object Oriented Interface

public function getDecryptionCertFingerprint();

Procedural Interface

securepdf_pdfsign_get($res, 43 );

Default Value

Remarks

The following example illustrates the format: bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02

This property is read-only and not available at design time.

Data Type

String

DecryptionCertFingerprintSHA1 Property (SecurePDF_PDFSign Class)

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.

Object Oriented Interface

public function getDecryptionCertFingerprintSHA1();

Procedural Interface

securepdf_pdfsign_get($res, 44 );

Default Value

Remarks

The following example illustrates the format: 30:7b:fa:38:65:83:ff:da:b4:4e:07:3f:17:b8:a4:ed:80:be:ff:84

This property is read-only and not available at design time.

Data Type

String

DecryptionCertFingerprintSHA256 Property (SecurePDF_PDFSign Class)

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.

Object Oriented Interface

public function getDecryptionCertFingerprintSHA256();

Procedural Interface

securepdf_pdfsign_get($res, 45 );

Default Value

Remarks

The following example illustrates the format: 6a:80:5c:33:a9:43:ea:b0:96:12:8a:64:96:30:ef:4a:8a:96:86:ce:f4:c7:be:10:24:8e:2b:60:9e:f3:59:53

This property is read-only and not available at design time.

Data Type

String

DecryptionCertIssuer Property (SecurePDF_PDFSign Class)

The issuer of the certificate.

Object Oriented Interface

public function getDecryptionCertIssuer();

Procedural Interface

securepdf_pdfsign_get($res, 46 );

Default Value

Remarks

The issuer of the certificate. This property contains a string representation of the name of the issuing authority for the certificate.

This property is read-only and not available at design time.

Data Type

String

DecryptionCertPrivateKey Property (SecurePDF_PDFSign Class)

The private key of the certificate (if available).

Object Oriented Interface

public function getDecryptionCertPrivateKey();

Procedural Interface

securepdf_pdfsign_get($res, 47 );

Default Value

Remarks

The private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.

Note: The DecryptionCertPrivateKey may be available but not exportable. In this case, DecryptionCertPrivateKey returns an empty string.

This property is read-only and not available at design time.

Data Type

String

DecryptionCertPrivateKeyAvailable Property (SecurePDF_PDFSign Class)

Whether a PrivateKey is available for the selected certificate.

Object Oriented Interface

public function getDecryptionCertPrivateKeyAvailable();

Procedural Interface

securepdf_pdfsign_get($res, 48 );

Default Value

false

Remarks

Whether a DecryptionCertPrivateKey is available for the selected certificate. If DecryptionCertPrivateKeyAvailable is True, the certificate may be used for authentication purposes (e.g., server authentication).

This property is read-only and not available at design time.

Data Type

Boolean

DecryptionCertPrivateKeyContainer Property (SecurePDF_PDFSign Class)

The name of the PrivateKey container for the certificate (if available).

Object Oriented Interface

public function getDecryptionCertPrivateKeyContainer();

Procedural Interface

securepdf_pdfsign_get($res, 49 );

Default Value

Remarks

The name of the DecryptionCertPrivateKey container for the certificate (if available). This functionality is available only on Windows platforms.

This property is read-only and not available at design time.

Data Type

String

DecryptionCertPublicKey Property (SecurePDF_PDFSign Class)

The public key of the certificate.

Object Oriented Interface

public function getDecryptionCertPublicKey();

Procedural Interface

securepdf_pdfsign_get($res, 50 );

Default Value

Remarks

The public key of the certificate. The key is provided as PEM/Base64-encoded data.

This property is read-only and not available at design time.

Data Type

String

DecryptionCertPublicKeyAlgorithm Property (SecurePDF_PDFSign Class)

The textual description of the certificate's public key algorithm.

Object Oriented Interface

public function getDecryptionCertPublicKeyAlgorithm();

Procedural Interface

securepdf_pdfsign_get($res, 51 );

Default Value

Remarks

This property is read-only and not available at design time.

Data Type

String

DecryptionCertPublicKeyLength Property (SecurePDF_PDFSign Class)

The length of the certificate's public key (in bits).

Object Oriented Interface

public function getDecryptionCertPublicKeyLength();

Procedural Interface

securepdf_pdfsign_get($res, 52 );

Default Value

Remarks

The length of the certificate's public key (in bits). Common values are 512, 1024, and 2048.

This property is read-only and not available at design time.

Data Type

Integer

DecryptionCertSerialNumber Property (SecurePDF_PDFSign Class)

The serial number of the certificate encoded as a string.

Object Oriented Interface

public function getDecryptionCertSerialNumber();

Procedural Interface

securepdf_pdfsign_get($res, 53 );

Default Value

Remarks

The serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, with each pair representing a byte of the serial number.

This property is read-only and not available at design time.

Data Type

String

DecryptionCertSignatureAlgorithm Property (SecurePDF_PDFSign Class)

The text description of the certificate's signature algorithm.

Object Oriented Interface

public function getDecryptionCertSignatureAlgorithm();

Procedural Interface

securepdf_pdfsign_get($res, 54 );

Default Value

Remarks

This property is read-only and not available at design time.

Data Type

String

DecryptionCertStore Property (SecurePDF_PDFSign Class)

The name of the certificate store for the client certificate.

Object Oriented Interface

public function getDecryptionCertStore();
public function setDecryptionCertStore($value);

Procedural Interface

securepdf_pdfsign_get($res, 55 );
securepdf_pdfsign_set($res, 55, $value );

Default Value

'MY'

Remarks

The name of the certificate store for the client certificate.

The DecryptionCertStoreType property denotes the type of the certificate store specified by DecryptionCertStore. If the store is password-protected, specify the password in DecryptionCertStorePassword.

DecryptionCertStore is used in conjunction with the DecryptionCertSubject property to specify client certificates. If DecryptionCertStore has a value, and DecryptionCertSubject or DecryptionCertEncoded is set, a search for a certificate is initiated. Please see the DecryptionCertSubject property for details.

Designations of certificate stores are platform dependent.

The following designations are the most common User and Machine certificate stores in Windows:


MY	A certificate store holding personal certificates with their associated private keys.
CA	Certifying authority certificates.
ROOT	Root certificates.

This property is not available at design time.

Data Type

Binary String

DecryptionCertStorePassword Property (SecurePDF_PDFSign Class)

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Object Oriented Interface

public function getDecryptionCertStorePassword();
public function setDecryptionCertStorePassword($value);

Procedural Interface

securepdf_pdfsign_get($res, 56 );
securepdf_pdfsign_set($res, 56, $value );

Default Value

Remarks

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

This property is not available at design time.

Data Type

String

DecryptionCertStoreType Property (SecurePDF_PDFSign Class)

The type of certificate store for this certificate.

Object Oriented Interface

public function getDecryptionCertStoreType();
public function setDecryptionCertStoreType($value);

Procedural Interface

securepdf_pdfsign_get($res, 57 );
securepdf_pdfsign_set($res, 57, $value );

Default Value

Remarks

The type of certificate store for this certificate.


0 (cstUser - default)	For Windows, this specifies that the certificate store is a certificate store owned by the current user. Note: This store type is not available in Java.
1 (cstMachine)	For Windows, this specifies that the certificate store is a machine store. Note: This store type is not available in Java.
2 (cstPFXFile)	The certificate store is the name of a PFX (PKCS#12) file containing certificates.
3 (cstPFXBlob)	The certificate store is a string (binary or Base64-encoded) representing a certificate store in PFX (PKCS#12) format.
4 (cstJKSFile)	The certificate store is the name of a Java Key Store (JKS) file containing certificates. Note: This store type is only available in Java.
5 (cstJKSBlob)	The certificate store is a string (binary or Base64-encoded) representing a certificate store in Java Key Store (JKS) format. Note: This store type is only available in Java.
6 (cstPEMKeyFile)	The certificate store is the name of a PEM-encoded file that contains a private key and an optional certificate.
7 (cstPEMKeyBlob)	The certificate store is a string (binary or Base64-encoded) that contains a private key and an optional certificate.
8 (cstPublicKeyFile)	The certificate store is the name of a file that contains a PEM- or DER-encoded public key certificate.
9 (cstPublicKeyBlob)	The certificate store is a string (binary or Base64-encoded) that contains a PEM- or DER-encoded public key certificate.
10 (cstSSHPublicKeyBlob)	The certificate store is a string (binary or Base64-encoded) that contains an SSH-style public key.
11 (cstP7BFile)	The certificate store is the name of a PKCS#7 file containing certificates.
12 (cstP7BBlob)	The certificate store is a string (binary) representing a certificate store in PKCS#7 format.
13 (cstSSHPublicKeyFile)	The certificate store is the name of a file that contains an SSH-style public key.
14 (cstPPKFile)	The certificate store is the name of a file that contains a PPK (PuTTY Private Key).
15 (cstPPKBlob)	The certificate store is a string (binary) that contains a PPK (PuTTY Private Key).
16 (cstXMLFile)	The certificate store is the name of a file that contains a certificate in XML format.
17 (cstXMLBlob)	The certificate store is a string that contains a certificate in XML format.
18 (cstJWKFile)	The certificate store is the name of a file that contains a JWK (JSON Web Key).
19 (cstJWKBlob)	The certificate store is a string that contains a JWK (JSON Web Key).
21 (cstBCFKSFile)	The certificate store is the name of a file that contains a BCFKS (Bouncy Castle FIPS Key Store). Note: This store type is only available in Java and .NET.
22 (cstBCFKSBlob)	The certificate store is a string (binary or Base64-encoded) representing a certificate store in BCFKS (Bouncy Castle FIPS Key Store) format. Note: This store type is only available in Java and .NET.
23 (cstPKCS11)	The certificate is present on a physical security key accessible via a PKCS#11 interface. To use a security key, the necessary data must first be collected using the CertMgr class. The ListStoreCertificates method may be called after setting CertStoreType to `cstPKCS11`, CertStorePassword to the PIN, and CertStore to the full path of the PKCS#11 DLL. The certificate information returned in the CertList event's `CertEncoded` parameter may be saved for later use. When using a certificate, pass the previously saved security key information as the DecryptionCertStore and set DecryptionCertStorePassword to the PIN. Code Example. SSH Authentication with Security Key: `certmgr.CertStoreType = CertStoreTypes.cstPKCS11; certmgr.OnCertList += (s, e) => { secKeyBlob = e.CertEncoded; }; certmgr.CertStore = @"C:\Program Files\OpenSC Project\OpenSC\pkcs11\opensc-pkcs11.dll"; certmgr.CertStorePassword = "123456"; //PIN certmgr.ListStoreCertificates(); sftp.SSHCert = new Certificate(CertStoreTypes.cstPKCS11, secKeyBlob, "123456", "*"); sftp.SSHUser = "test"; sftp.SSHLogon("myhost", 22);`
99 (cstAuto)	The store type is automatically detected from the input data. This setting may be used with both public and private keys and can detect any of the supported formats automatically.

This property is not available at design time.

Data Type

Integer

DecryptionCertSubjectAltNames Property (SecurePDF_PDFSign Class)

Comma-separated lists of alternative subject names for the certificate.

Object Oriented Interface

public function getDecryptionCertSubjectAltNames();

Procedural Interface

securepdf_pdfsign_get($res, 58 );

Default Value

Remarks

Comma-separated lists of alternative subject names for the certificate.

This property is read-only and not available at design time.

Data Type

String

DecryptionCertThumbprintMD5 Property (SecurePDF_PDFSign Class)

The MD5 hash of the certificate.

Object Oriented Interface

public function getDecryptionCertThumbprintMD5();

Procedural Interface

securepdf_pdfsign_get($res, 59 );

Default Value

Remarks

The MD5 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only and not available at design time.

Data Type

String

DecryptionCertThumbprintSHA1 Property (SecurePDF_PDFSign Class)

The SHA-1 hash of the certificate.

Object Oriented Interface

public function getDecryptionCertThumbprintSHA1();

Procedural Interface

securepdf_pdfsign_get($res, 60 );

Default Value

Remarks

The SHA-1 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only and not available at design time.

Data Type

String

DecryptionCertThumbprintSHA256 Property (SecurePDF_PDFSign Class)

The SHA-256 hash of the certificate.

Object Oriented Interface

public function getDecryptionCertThumbprintSHA256();

Procedural Interface

securepdf_pdfsign_get($res, 61 );

Default Value

Remarks

The SHA-256 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only and not available at design time.

Data Type

String

DecryptionCertUsage Property (SecurePDF_PDFSign Class)

The text description of UsageFlags .

Object Oriented Interface

public function getDecryptionCertUsage();

Procedural Interface

securepdf_pdfsign_get($res, 62 );

Default Value

Remarks

The text description of DecryptionCertUsageFlags.

This value will be one or more of the following strings and will be separated by commas:

Digital Signature
Non-Repudiation
Key Encipherment
Data Encipherment
Key Agreement
Certificate Signing
CRL Signing
Encipher Only

If the provider is OpenSSL, the value is a comma-separated list of X.509 certificate extension names.

This property is read-only and not available at design time.

Data Type

String

DecryptionCertUsageFlags Property (SecurePDF_PDFSign Class)

The flags that show intended use for the certificate.

Object Oriented Interface

public function getDecryptionCertUsageFlags();

Procedural Interface

securepdf_pdfsign_get($res, 63 );

Default Value

Remarks

The flags that show intended use for the certificate. The value of DecryptionCertUsageFlags is a combination of the following flags:


0x80	Digital Signature
0x40	Non-Repudiation
0x20	Key Encipherment
0x10	Data Encipherment
0x08	Key Agreement
0x04	Certificate Signing
0x02	CRL Signing
0x01	Encipher Only

Please see the DecryptionCertUsage property for a text representation of DecryptionCertUsageFlags.

This functionality currently is not available when the provider is OpenSSL.

This property is read-only and not available at design time.

Data Type

Integer

DecryptionCertVersion Property (SecurePDF_PDFSign Class)

The certificate's version number.

Object Oriented Interface

public function getDecryptionCertVersion();

Procedural Interface

securepdf_pdfsign_get($res, 64 );

Default Value

Remarks

The certificate's version number. The possible values are the strings "V1", "V2", and "V3".

This property is read-only and not available at design time.

Data Type

String

DecryptionCertSubject Property (SecurePDF_PDFSign Class)

The subject of the certificate used for client authentication.

Object Oriented Interface

public function getDecryptionCertSubject();
public function setDecryptionCertSubject($value);

Procedural Interface

securepdf_pdfsign_get($res, 65 );
securepdf_pdfsign_set($res, 65, $value );

Default Value

Remarks

The subject of the certificate used for client authentication.

If a matching certificate is found, the property is set to the full subject of the matching certificate.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.


Field	Meaning
CN	Common Name. This is commonly a hostname like www.server.com.
O	Organization
OU	Organizational Unit
L	Locality
S	State
C	Country
E	Email Address

If a field value contains a comma, it must be quoted.

This property is not available at design time.

Data Type

String

DecryptionCertEncoded Property (SecurePDF_PDFSign Class)

The certificate (PEM/Base64 encoded).

Object Oriented Interface

public function getDecryptionCertEncoded();
public function setDecryptionCertEncoded($value);

Procedural Interface

securepdf_pdfsign_get($res, 66 );
securepdf_pdfsign_set($res, 66, $value );

Default Value

Remarks

The certificate (PEM/Base64 encoded). This property is used to assign a specific certificate. The DecryptionCertStore and DecryptionCertSubject properties also may be used to specify a certificate.

When DecryptionCertEncoded is set, a search is initiated in the current DecryptionCertStore for the private key of the certificate. If the key is found, DecryptionCertSubject is updated to reflect the full subject of the selected certificate; otherwise, DecryptionCertSubject is set to an empty string.

This property is not available at design time.

Data Type

Binary String

DocumentCertCount Property (SecurePDF_PDFSign Class)

The number of records in the DocumentCert arrays.

Object Oriented Interface

public function getDocumentCertCount();

Procedural Interface

securepdf_pdfsign_get($res, 67 );

Default Value

Remarks

This property controls the size of the following arrays:

DocumentCertEffectiveDate
DocumentCertEncoded
DocumentCertExpirationDate
DocumentCertExtendedKeyUsage
DocumentCertFingerprint
DocumentCertFingerprintSHA1
DocumentCertFingerprintSHA256
DocumentCertIssuer
DocumentCertPrivateKey
DocumentCertPrivateKeyAvailable
DocumentCertPrivateKeyContainer
DocumentCertPublicKey
DocumentCertPublicKeyAlgorithm
DocumentCertPublicKeyLength
DocumentCertSerialNumber
DocumentCertSignatureAlgorithm
DocumentCertStore
DocumentCertStorePassword
DocumentCertStoreType
DocumentCertSubject
DocumentCertSubjectAltNames
DocumentCertThumbprintMD5
DocumentCertThumbprintSHA1
DocumentCertThumbprintSHA256
DocumentCertUsage
DocumentCertUsageFlags
DocumentCertVersion

The array indices start at 0 and end at DocumentCertCount - 1.

This property is read-only and not available at design time.

Data Type

Integer

DocumentCertEffectiveDate Property (SecurePDF_PDFSign Class)

The date on which this certificate becomes valid.

Object Oriented Interface

public function getDocumentCertEffectiveDate($documentcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 68 , $documentcertindex);

Default Value

Remarks

The date on which this certificate becomes valid. Before this date, it is not valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2000 15:00:00.

The $documentcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the DocumentCertCount property.

This property is read-only and not available at design time.

Data Type

String

DocumentCertExpirationDate Property (SecurePDF_PDFSign Class)

The date on which the certificate expires.

Object Oriented Interface

public function getDocumentCertExpirationDate($documentcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 69 , $documentcertindex);

Default Value

Remarks

23-Jan-2001 15:00:00.

The $documentcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the DocumentCertCount property.

This property is read-only and not available at design time.

Data Type

String

DocumentCertExtendedKeyUsage Property (SecurePDF_PDFSign Class)

A comma-delimited list of extended key usage identifiers.

Object Oriented Interface

public function getDocumentCertExtendedKeyUsage($documentcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 70 , $documentcertindex);

Default Value

Remarks

A comma-delimited list of extended key usage identifiers. These are the same as ASN.1 object identifiers (OIDs).

The $documentcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the DocumentCertCount property.

This property is read-only and not available at design time.

Data Type

String

DocumentCertFingerprint Property (SecurePDF_PDFSign Class)

The hex-encoded, 16-byte MD5 fingerprint of the certificate.

Object Oriented Interface

public function getDocumentCertFingerprint($documentcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 71 , $documentcertindex);

Default Value

Remarks

The following example illustrates the format: bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02

The $documentcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the DocumentCertCount property.

This property is read-only and not available at design time.

Data Type

String

DocumentCertFingerprintSHA1 Property (SecurePDF_PDFSign Class)

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.

Object Oriented Interface

public function getDocumentCertFingerprintSHA1($documentcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 72 , $documentcertindex);

Default Value

Remarks

The following example illustrates the format: 30:7b:fa:38:65:83:ff:da:b4:4e:07:3f:17:b8:a4:ed:80:be:ff:84

The $documentcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the DocumentCertCount property.

This property is read-only and not available at design time.

Data Type

String

DocumentCertFingerprintSHA256 Property (SecurePDF_PDFSign Class)

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.

Object Oriented Interface

public function getDocumentCertFingerprintSHA256($documentcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 73 , $documentcertindex);

Default Value

Remarks

The following example illustrates the format: 6a:80:5c:33:a9:43:ea:b0:96:12:8a:64:96:30:ef:4a:8a:96:86:ce:f4:c7:be:10:24:8e:2b:60:9e:f3:59:53

The $documentcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the DocumentCertCount property.

This property is read-only and not available at design time.

Data Type

String

DocumentCertIssuer Property (SecurePDF_PDFSign Class)

The issuer of the certificate.

Object Oriented Interface

public function getDocumentCertIssuer($documentcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 74 , $documentcertindex);

Default Value

Remarks

The issuer of the certificate. This property contains a string representation of the name of the issuing authority for the certificate.

The $documentcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the DocumentCertCount property.

This property is read-only and not available at design time.

Data Type

String

DocumentCertPrivateKey Property (SecurePDF_PDFSign Class)

The private key of the certificate (if available).

Object Oriented Interface

public function getDocumentCertPrivateKey($documentcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 75 , $documentcertindex);

Default Value

Remarks

The private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.

Note: The DocumentCertPrivateKey may be available but not exportable. In this case, DocumentCertPrivateKey returns an empty string.

The $documentcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the DocumentCertCount property.

This property is read-only and not available at design time.

Data Type

String

DocumentCertPrivateKeyAvailable Property (SecurePDF_PDFSign Class)

Whether a PrivateKey is available for the selected certificate.

Object Oriented Interface

public function getDocumentCertPrivateKeyAvailable($documentcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 76 , $documentcertindex);

Default Value

false

Remarks

Whether a DocumentCertPrivateKey is available for the selected certificate. If DocumentCertPrivateKeyAvailable is True, the certificate may be used for authentication purposes (e.g., server authentication).

The $documentcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the DocumentCertCount property.

This property is read-only and not available at design time.

Data Type

Boolean

DocumentCertPrivateKeyContainer Property (SecurePDF_PDFSign Class)

The name of the PrivateKey container for the certificate (if available).

Object Oriented Interface

public function getDocumentCertPrivateKeyContainer($documentcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 77 , $documentcertindex);

Default Value

Remarks

The name of the DocumentCertPrivateKey container for the certificate (if available). This functionality is available only on Windows platforms.

The $documentcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the DocumentCertCount property.

This property is read-only and not available at design time.

Data Type

String

DocumentCertPublicKey Property (SecurePDF_PDFSign Class)

The public key of the certificate.

Object Oriented Interface

public function getDocumentCertPublicKey($documentcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 78 , $documentcertindex);

Default Value

Remarks

The public key of the certificate. The key is provided as PEM/Base64-encoded data.

The $documentcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the DocumentCertCount property.

This property is read-only and not available at design time.

Data Type

String

DocumentCertPublicKeyAlgorithm Property (SecurePDF_PDFSign Class)

The textual description of the certificate's public key algorithm.

Object Oriented Interface

public function getDocumentCertPublicKeyAlgorithm($documentcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 79 , $documentcertindex);

Default Value

Remarks

The $documentcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the DocumentCertCount property.

This property is read-only and not available at design time.

Data Type

String

DocumentCertPublicKeyLength Property (SecurePDF_PDFSign Class)

The length of the certificate's public key (in bits).

Object Oriented Interface

public function getDocumentCertPublicKeyLength($documentcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 80 , $documentcertindex);

Default Value

Remarks

The length of the certificate's public key (in bits). Common values are 512, 1024, and 2048.

The $documentcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the DocumentCertCount property.

This property is read-only and not available at design time.

Data Type

Integer

DocumentCertSerialNumber Property (SecurePDF_PDFSign Class)

The serial number of the certificate encoded as a string.

Object Oriented Interface

public function getDocumentCertSerialNumber($documentcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 81 , $documentcertindex);

Default Value

Remarks

The serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, with each pair representing a byte of the serial number.

The $documentcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the DocumentCertCount property.

This property is read-only and not available at design time.

Data Type

String

DocumentCertSignatureAlgorithm Property (SecurePDF_PDFSign Class)

The text description of the certificate's signature algorithm.

Object Oriented Interface

public function getDocumentCertSignatureAlgorithm($documentcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 82 , $documentcertindex);

Default Value

Remarks

The $documentcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the DocumentCertCount property.

This property is read-only and not available at design time.

Data Type

String

DocumentCertStore Property (SecurePDF_PDFSign Class)

The name of the certificate store for the client certificate.

Object Oriented Interface

public function getDocumentCertStore($documentcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 83 , $documentcertindex);

Default Value

'MY'

Remarks

The name of the certificate store for the client certificate.

The DocumentCertStoreType property denotes the type of the certificate store specified by DocumentCertStore. If the store is password-protected, specify the password in DocumentCertStorePassword.

DocumentCertStore is used in conjunction with the DocumentCertSubject property to specify client certificates. If DocumentCertStore has a value, and DocumentCertSubject or DocumentCertEncoded is set, a search for a certificate is initiated. Please see the DocumentCertSubject property for details.

Designations of certificate stores are platform dependent.

The following designations are the most common User and Machine certificate stores in Windows:


MY	A certificate store holding personal certificates with their associated private keys.
CA	Certifying authority certificates.
ROOT	Root certificates.

The $documentcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the DocumentCertCount property.

This property is read-only and not available at design time.

Data Type

Binary String

DocumentCertStorePassword Property (SecurePDF_PDFSign Class)

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Object Oriented Interface

public function getDocumentCertStorePassword($documentcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 84 , $documentcertindex);

Default Value

Remarks

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

The $documentcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the DocumentCertCount property.

This property is read-only and not available at design time.

Data Type

String

DocumentCertStoreType Property (SecurePDF_PDFSign Class)

The type of certificate store for this certificate.

Object Oriented Interface

public function getDocumentCertStoreType($documentcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 85 , $documentcertindex);

Default Value

Remarks

The type of certificate store for this certificate.


0 (cstUser - default)	For Windows, this specifies that the certificate store is a certificate store owned by the current user. Note: This store type is not available in Java.
1 (cstMachine)	For Windows, this specifies that the certificate store is a machine store. Note: This store type is not available in Java.
2 (cstPFXFile)	The certificate store is the name of a PFX (PKCS#12) file containing certificates.
3 (cstPFXBlob)	The certificate store is a string (binary or Base64-encoded) representing a certificate store in PFX (PKCS#12) format.
4 (cstJKSFile)	The certificate store is the name of a Java Key Store (JKS) file containing certificates. Note: This store type is only available in Java.
5 (cstJKSBlob)	The certificate store is a string (binary or Base64-encoded) representing a certificate store in Java Key Store (JKS) format. Note: This store type is only available in Java.
6 (cstPEMKeyFile)	The certificate store is the name of a PEM-encoded file that contains a private key and an optional certificate.
7 (cstPEMKeyBlob)	The certificate store is a string (binary or Base64-encoded) that contains a private key and an optional certificate.
8 (cstPublicKeyFile)	The certificate store is the name of a file that contains a PEM- or DER-encoded public key certificate.
9 (cstPublicKeyBlob)	The certificate store is a string (binary or Base64-encoded) that contains a PEM- or DER-encoded public key certificate.
10 (cstSSHPublicKeyBlob)	The certificate store is a string (binary or Base64-encoded) that contains an SSH-style public key.
11 (cstP7BFile)	The certificate store is the name of a PKCS#7 file containing certificates.
12 (cstP7BBlob)	The certificate store is a string (binary) representing a certificate store in PKCS#7 format.
13 (cstSSHPublicKeyFile)	The certificate store is the name of a file that contains an SSH-style public key.
14 (cstPPKFile)	The certificate store is the name of a file that contains a PPK (PuTTY Private Key).
15 (cstPPKBlob)	The certificate store is a string (binary) that contains a PPK (PuTTY Private Key).
16 (cstXMLFile)	The certificate store is the name of a file that contains a certificate in XML format.
17 (cstXMLBlob)	The certificate store is a string that contains a certificate in XML format.
18 (cstJWKFile)	The certificate store is the name of a file that contains a JWK (JSON Web Key).
19 (cstJWKBlob)	The certificate store is a string that contains a JWK (JSON Web Key).
21 (cstBCFKSFile)	The certificate store is the name of a file that contains a BCFKS (Bouncy Castle FIPS Key Store). Note: This store type is only available in Java and .NET.
22 (cstBCFKSBlob)	The certificate store is a string (binary or Base64-encoded) representing a certificate store in BCFKS (Bouncy Castle FIPS Key Store) format. Note: This store type is only available in Java and .NET.
23 (cstPKCS11)	The certificate is present on a physical security key accessible via a PKCS#11 interface. To use a security key, the necessary data must first be collected using the CertMgr class. The ListStoreCertificates method may be called after setting CertStoreType to `cstPKCS11`, CertStorePassword to the PIN, and CertStore to the full path of the PKCS#11 DLL. The certificate information returned in the CertList event's `CertEncoded` parameter may be saved for later use. When using a certificate, pass the previously saved security key information as the DocumentCertStore and set DocumentCertStorePassword to the PIN. Code Example. SSH Authentication with Security Key: `certmgr.CertStoreType = CertStoreTypes.cstPKCS11; certmgr.OnCertList += (s, e) => { secKeyBlob = e.CertEncoded; }; certmgr.CertStore = @"C:\Program Files\OpenSC Project\OpenSC\pkcs11\opensc-pkcs11.dll"; certmgr.CertStorePassword = "123456"; //PIN certmgr.ListStoreCertificates(); sftp.SSHCert = new Certificate(CertStoreTypes.cstPKCS11, secKeyBlob, "123456", "*"); sftp.SSHUser = "test"; sftp.SSHLogon("myhost", 22);`
99 (cstAuto)	The store type is automatically detected from the input data. This setting may be used with both public and private keys and can detect any of the supported formats automatically.

The $documentcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the DocumentCertCount property.

This property is read-only and not available at design time.

Data Type

Integer

DocumentCertSubjectAltNames Property (SecurePDF_PDFSign Class)

Comma-separated lists of alternative subject names for the certificate.

Object Oriented Interface

public function getDocumentCertSubjectAltNames($documentcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 86 , $documentcertindex);

Default Value

Remarks

Comma-separated lists of alternative subject names for the certificate.

The $documentcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the DocumentCertCount property.

This property is read-only and not available at design time.

Data Type

String

DocumentCertThumbprintMD5 Property (SecurePDF_PDFSign Class)

The MD5 hash of the certificate.

Object Oriented Interface

public function getDocumentCertThumbprintMD5($documentcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 87 , $documentcertindex);

Default Value

Remarks

The MD5 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

The $documentcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the DocumentCertCount property.

This property is read-only and not available at design time.

Data Type

String

DocumentCertThumbprintSHA1 Property (SecurePDF_PDFSign Class)

The SHA-1 hash of the certificate.

Object Oriented Interface

public function getDocumentCertThumbprintSHA1($documentcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 88 , $documentcertindex);

Default Value

Remarks

The SHA-1 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

The $documentcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the DocumentCertCount property.

This property is read-only and not available at design time.

Data Type

String

DocumentCertThumbprintSHA256 Property (SecurePDF_PDFSign Class)

The SHA-256 hash of the certificate.

Object Oriented Interface

public function getDocumentCertThumbprintSHA256($documentcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 89 , $documentcertindex);

Default Value

Remarks

The SHA-256 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

The $documentcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the DocumentCertCount property.

This property is read-only and not available at design time.

Data Type

String

DocumentCertUsage Property (SecurePDF_PDFSign Class)

The text description of UsageFlags .

Object Oriented Interface

public function getDocumentCertUsage($documentcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 90 , $documentcertindex);

Default Value

Remarks

The text description of DocumentCertUsageFlags.

This value will be one or more of the following strings and will be separated by commas:

Digital Signature
Non-Repudiation
Key Encipherment
Data Encipherment
Key Agreement
Certificate Signing
CRL Signing
Encipher Only

If the provider is OpenSSL, the value is a comma-separated list of X.509 certificate extension names.

The $documentcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the DocumentCertCount property.

This property is read-only and not available at design time.

Data Type

String

DocumentCertUsageFlags Property (SecurePDF_PDFSign Class)

The flags that show intended use for the certificate.

Object Oriented Interface

public function getDocumentCertUsageFlags($documentcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 91 , $documentcertindex);

Default Value

Remarks

The flags that show intended use for the certificate. The value of DocumentCertUsageFlags is a combination of the following flags:


0x80	Digital Signature
0x40	Non-Repudiation
0x20	Key Encipherment
0x10	Data Encipherment
0x08	Key Agreement
0x04	Certificate Signing
0x02	CRL Signing
0x01	Encipher Only

Please see the DocumentCertUsage property for a text representation of DocumentCertUsageFlags.

This functionality currently is not available when the provider is OpenSSL.

The $documentcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the DocumentCertCount property.

This property is read-only and not available at design time.

Data Type

Integer

DocumentCertVersion Property (SecurePDF_PDFSign Class)

The certificate's version number.

Object Oriented Interface

public function getDocumentCertVersion($documentcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 92 , $documentcertindex);

Default Value

Remarks

The certificate's version number. The possible values are the strings "V1", "V2", and "V3".

The $documentcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the DocumentCertCount property.

This property is read-only and not available at design time.

Data Type

String

DocumentCertSubject Property (SecurePDF_PDFSign Class)

The subject of the certificate used for client authentication.

Object Oriented Interface

public function getDocumentCertSubject($documentcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 93 , $documentcertindex);

Default Value

Remarks

The subject of the certificate used for client authentication.

If a matching certificate is found, the property is set to the full subject of the matching certificate.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.


Field	Meaning
CN	Common Name. This is commonly a hostname like www.server.com.
O	Organization
OU	Organizational Unit
L	Locality
S	State
C	Country
E	Email Address

If a field value contains a comma, it must be quoted.

The $documentcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the DocumentCertCount property.

This property is read-only and not available at design time.

Data Type

String

DocumentCertEncoded Property (SecurePDF_PDFSign Class)

The certificate (PEM/Base64 encoded).

Object Oriented Interface

public function getDocumentCertEncoded($documentcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 94 , $documentcertindex);

Default Value

Remarks

The certificate (PEM/Base64 encoded). This property is used to assign a specific certificate. The DocumentCertStore and DocumentCertSubject properties also may be used to specify a certificate.

When DocumentCertEncoded is set, a search is initiated in the current DocumentCertStore for the private key of the certificate. If the key is found, DocumentCertSubject is updated to reflect the full subject of the selected certificate; otherwise, DocumentCertSubject is set to an empty string.

The $documentcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the DocumentCertCount property.

This property is read-only and not available at design time.

Data Type

Binary String

FirewallAutoDetect Property (SecurePDF_PDFSign Class)

Whether to automatically detect and use firewall system settings, if available.

Object Oriented Interface

public function getFirewallAutoDetect();
public function setFirewallAutoDetect($value);

Procedural Interface

securepdf_pdfsign_get($res, 95 );
securepdf_pdfsign_set($res, 95, $value );

Default Value

false

Remarks

Whether to automatically detect and use firewall system settings, if available.

Data Type

Boolean

FirewallType Property (SecurePDF_PDFSign Class)

The type of firewall to connect through.

Object Oriented Interface

public function getFirewallType();
public function setFirewallType($value);

Procedural Interface

securepdf_pdfsign_get($res, 96 );
securepdf_pdfsign_set($res, 96, $value );

Default Value

Remarks

The type of firewall to connect through. The applicable values are as follows:


fwNone (0)	No firewall (default setting).
fwTunnel (1)	Connect through a tunneling proxy. FirewallPort is set to 80.
fwSOCKS4 (2)	Connect through a SOCKS4 Proxy. FirewallPort is set to 1080.
fwSOCKS5 (3)	Connect through a SOCKS5 Proxy. FirewallPort is set to 1080.
fwSOCKS4A (10)	Connect through a SOCKS4A Proxy. FirewallPort is set to 1080.

Data Type

Integer

FirewallHost Property (SecurePDF_PDFSign Class)

The name or IP address of the firewall (optional).

Object Oriented Interface

public function getFirewallHost();
public function setFirewallHost($value);

Procedural Interface

securepdf_pdfsign_get($res, 97 );
securepdf_pdfsign_set($res, 97, $value );

Default Value

Remarks

The name or IP address of the firewall (optional). If a FirewallHost is given, the requested connections will be authenticated through the specified firewall when connecting.

If this property is set to a Domain Name, a DNS request is initiated. Upon successful termination of the request, this property is set to the corresponding address. If the search is not successful, the class fails with an error.

Data Type

String

FirewallPassword Property (SecurePDF_PDFSign Class)

A password if authentication is to be used when connecting through the firewall.

Object Oriented Interface

public function getFirewallPassword();
public function setFirewallPassword($value);

Procedural Interface

securepdf_pdfsign_get($res, 98 );
securepdf_pdfsign_set($res, 98, $value );

Default Value

Remarks

A password if authentication is to be used when connecting through the firewall. If FirewallHost is specified, the FirewallUser and FirewallPassword properties are used to connect and authenticate to the given firewall. If the authentication fails, the class fails with an error.

Data Type

String

FirewallPort Property (SecurePDF_PDFSign Class)

The Transmission Control Protocol (TCP) port for the firewall Host .

Object Oriented Interface

public function getFirewallPort();
public function setFirewallPort($value);

Procedural Interface

securepdf_pdfsign_get($res, 99 );
securepdf_pdfsign_set($res, 99, $value );

Default Value

Remarks

The Transmission Control Protocol (TCP) port for the firewall FirewallHost. See the description of the FirewallHost property for details.

Note: This property is set automatically when FirewallType is set to a valid value. See the description of the FirewallType property for details.

Data Type

Integer

FirewallUser Property (SecurePDF_PDFSign Class)

A username if authentication is to be used when connecting through a firewall.

Object Oriented Interface

public function getFirewallUser();
public function setFirewallUser($value);

Procedural Interface

securepdf_pdfsign_get($res, 100 );
securepdf_pdfsign_set($res, 100, $value );

Default Value

Remarks

A username if authentication is to be used when connecting through a firewall. If FirewallHost is specified, this property and the FirewallPassword property are used to connect and authenticate to the given Firewall. If the authentication fails, the class fails with an error.

Data Type

String

InputData Property (SecurePDF_PDFSign Class)

A byte array containing the PDF document to process.

Object Oriented Interface

public function getInputData();
public function setInputData($value);

Procedural Interface

securepdf_pdfsign_get($res, 101 );
securepdf_pdfsign_set($res, 101, $value );

Remarks

This property is used to assign a byte array containing the PDF document to be processed.

This property is not available at design time.

Data Type

Byte Array

InputFile Property (SecurePDF_PDFSign Class)

The PDF file to process.

Object Oriented Interface

public function getInputFile();
public function setInputFile($value);

Procedural Interface

securepdf_pdfsign_get($res, 102 );
securepdf_pdfsign_set($res, 102, $value );

Default Value

Remarks

This property is used to provide a path to the PDF document to be processed.

Data Type

String

KnownCertCount Property (SecurePDF_PDFSign Class)

The number of records in the KnownCert arrays.

Object Oriented Interface

public function getKnownCertCount();
public function setKnownCertCount($value);

Procedural Interface

securepdf_pdfsign_get($res, 103 );
securepdf_pdfsign_set($res, 103, $value );

Default Value

Remarks

This property controls the size of the following arrays:

KnownCertEffectiveDate
KnownCertEncoded
KnownCertExpirationDate
KnownCertExtendedKeyUsage
KnownCertFingerprint
KnownCertFingerprintSHA1
KnownCertFingerprintSHA256
KnownCertIssuer
KnownCertPrivateKey
KnownCertPrivateKeyAvailable
KnownCertPrivateKeyContainer
KnownCertPublicKey
KnownCertPublicKeyAlgorithm
KnownCertPublicKeyLength
KnownCertSerialNumber
KnownCertSignatureAlgorithm
KnownCertStore
KnownCertStorePassword
KnownCertStoreType
KnownCertSubject
KnownCertSubjectAltNames
KnownCertThumbprintMD5
KnownCertThumbprintSHA1
KnownCertThumbprintSHA256
KnownCertUsage
KnownCertUsageFlags
KnownCertVersion

The array indices start at 0 and end at KnownCertCount - 1.

This property is not available at design time.

Data Type

Integer

KnownCertEffectiveDate Property (SecurePDF_PDFSign Class)

The date on which this certificate becomes valid.

Object Oriented Interface

public function getKnownCertEffectiveDate($knowncertindex);

Procedural Interface

securepdf_pdfsign_get($res, 104 , $knowncertindex);

Default Value

Remarks

The date on which this certificate becomes valid. Before this date, it is not valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2000 15:00:00.

The $knowncertindex parameter specifies the index of the item in the array. The size of the array is controlled by the KnownCertCount property.

This property is read-only and not available at design time.

Data Type

String

KnownCertExpirationDate Property (SecurePDF_PDFSign Class)

The date on which the certificate expires.

Object Oriented Interface

public function getKnownCertExpirationDate($knowncertindex);

Procedural Interface

securepdf_pdfsign_get($res, 105 , $knowncertindex);

Default Value

Remarks

23-Jan-2001 15:00:00.

The $knowncertindex parameter specifies the index of the item in the array. The size of the array is controlled by the KnownCertCount property.

This property is read-only and not available at design time.

Data Type

String

KnownCertExtendedKeyUsage Property (SecurePDF_PDFSign Class)

A comma-delimited list of extended key usage identifiers.

Object Oriented Interface

public function getKnownCertExtendedKeyUsage($knowncertindex);

Procedural Interface

securepdf_pdfsign_get($res, 106 , $knowncertindex);

Default Value

Remarks

A comma-delimited list of extended key usage identifiers. These are the same as ASN.1 object identifiers (OIDs).

The $knowncertindex parameter specifies the index of the item in the array. The size of the array is controlled by the KnownCertCount property.

This property is read-only and not available at design time.

Data Type

String

KnownCertFingerprint Property (SecurePDF_PDFSign Class)

The hex-encoded, 16-byte MD5 fingerprint of the certificate.

Object Oriented Interface

public function getKnownCertFingerprint($knowncertindex);

Procedural Interface

securepdf_pdfsign_get($res, 107 , $knowncertindex);

Default Value

Remarks

The following example illustrates the format: bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02

The $knowncertindex parameter specifies the index of the item in the array. The size of the array is controlled by the KnownCertCount property.

This property is read-only and not available at design time.

Data Type

String

KnownCertFingerprintSHA1 Property (SecurePDF_PDFSign Class)

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.

Object Oriented Interface

public function getKnownCertFingerprintSHA1($knowncertindex);

Procedural Interface

securepdf_pdfsign_get($res, 108 , $knowncertindex);

Default Value

Remarks

The following example illustrates the format: 30:7b:fa:38:65:83:ff:da:b4:4e:07:3f:17:b8:a4:ed:80:be:ff:84

The $knowncertindex parameter specifies the index of the item in the array. The size of the array is controlled by the KnownCertCount property.

This property is read-only and not available at design time.

Data Type

String

KnownCertFingerprintSHA256 Property (SecurePDF_PDFSign Class)

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.

Object Oriented Interface

public function getKnownCertFingerprintSHA256($knowncertindex);

Procedural Interface

securepdf_pdfsign_get($res, 109 , $knowncertindex);

Default Value

Remarks

The following example illustrates the format: 6a:80:5c:33:a9:43:ea:b0:96:12:8a:64:96:30:ef:4a:8a:96:86:ce:f4:c7:be:10:24:8e:2b:60:9e:f3:59:53

The $knowncertindex parameter specifies the index of the item in the array. The size of the array is controlled by the KnownCertCount property.

This property is read-only and not available at design time.

Data Type

String

KnownCertIssuer Property (SecurePDF_PDFSign Class)

The issuer of the certificate.

Object Oriented Interface

public function getKnownCertIssuer($knowncertindex);

Procedural Interface

securepdf_pdfsign_get($res, 110 , $knowncertindex);

Default Value

Remarks

The issuer of the certificate. This property contains a string representation of the name of the issuing authority for the certificate.

The $knowncertindex parameter specifies the index of the item in the array. The size of the array is controlled by the KnownCertCount property.

This property is read-only and not available at design time.

Data Type

String

KnownCertPrivateKey Property (SecurePDF_PDFSign Class)

The private key of the certificate (if available).

Object Oriented Interface

public function getKnownCertPrivateKey($knowncertindex);

Procedural Interface

securepdf_pdfsign_get($res, 111 , $knowncertindex);

Default Value

Remarks

The private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.

Note: The KnownCertPrivateKey may be available but not exportable. In this case, KnownCertPrivateKey returns an empty string.

The $knowncertindex parameter specifies the index of the item in the array. The size of the array is controlled by the KnownCertCount property.

This property is read-only and not available at design time.

Data Type

String

KnownCertPrivateKeyAvailable Property (SecurePDF_PDFSign Class)

Whether a PrivateKey is available for the selected certificate.

Object Oriented Interface

public function getKnownCertPrivateKeyAvailable($knowncertindex);

Procedural Interface

securepdf_pdfsign_get($res, 112 , $knowncertindex);

Default Value

false

Remarks

Whether a KnownCertPrivateKey is available for the selected certificate. If KnownCertPrivateKeyAvailable is True, the certificate may be used for authentication purposes (e.g., server authentication).

The $knowncertindex parameter specifies the index of the item in the array. The size of the array is controlled by the KnownCertCount property.

This property is read-only and not available at design time.

Data Type

Boolean

KnownCertPrivateKeyContainer Property (SecurePDF_PDFSign Class)

The name of the PrivateKey container for the certificate (if available).

Object Oriented Interface

public function getKnownCertPrivateKeyContainer($knowncertindex);

Procedural Interface

securepdf_pdfsign_get($res, 113 , $knowncertindex);

Default Value

Remarks

The name of the KnownCertPrivateKey container for the certificate (if available). This functionality is available only on Windows platforms.

The $knowncertindex parameter specifies the index of the item in the array. The size of the array is controlled by the KnownCertCount property.

This property is read-only and not available at design time.

Data Type

String

KnownCertPublicKey Property (SecurePDF_PDFSign Class)

The public key of the certificate.

Object Oriented Interface

public function getKnownCertPublicKey($knowncertindex);

Procedural Interface

securepdf_pdfsign_get($res, 114 , $knowncertindex);

Default Value

Remarks

The public key of the certificate. The key is provided as PEM/Base64-encoded data.

The $knowncertindex parameter specifies the index of the item in the array. The size of the array is controlled by the KnownCertCount property.

This property is read-only and not available at design time.

Data Type

String

KnownCertPublicKeyAlgorithm Property (SecurePDF_PDFSign Class)

The textual description of the certificate's public key algorithm.

Object Oriented Interface

public function getKnownCertPublicKeyAlgorithm($knowncertindex);

Procedural Interface

securepdf_pdfsign_get($res, 115 , $knowncertindex);

Default Value

Remarks

The $knowncertindex parameter specifies the index of the item in the array. The size of the array is controlled by the KnownCertCount property.

This property is read-only and not available at design time.

Data Type

String

KnownCertPublicKeyLength Property (SecurePDF_PDFSign Class)

The length of the certificate's public key (in bits).

Object Oriented Interface

public function getKnownCertPublicKeyLength($knowncertindex);

Procedural Interface

securepdf_pdfsign_get($res, 116 , $knowncertindex);

Default Value

Remarks

The length of the certificate's public key (in bits). Common values are 512, 1024, and 2048.

The $knowncertindex parameter specifies the index of the item in the array. The size of the array is controlled by the KnownCertCount property.

This property is read-only and not available at design time.

Data Type

Integer

KnownCertSerialNumber Property (SecurePDF_PDFSign Class)

The serial number of the certificate encoded as a string.

Object Oriented Interface

public function getKnownCertSerialNumber($knowncertindex);

Procedural Interface

securepdf_pdfsign_get($res, 117 , $knowncertindex);

Default Value

Remarks

The serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, with each pair representing a byte of the serial number.

The $knowncertindex parameter specifies the index of the item in the array. The size of the array is controlled by the KnownCertCount property.

This property is read-only and not available at design time.

Data Type

String

KnownCertSignatureAlgorithm Property (SecurePDF_PDFSign Class)

The text description of the certificate's signature algorithm.

Object Oriented Interface

public function getKnownCertSignatureAlgorithm($knowncertindex);

Procedural Interface

securepdf_pdfsign_get($res, 118 , $knowncertindex);

Default Value

Remarks

The $knowncertindex parameter specifies the index of the item in the array. The size of the array is controlled by the KnownCertCount property.

This property is read-only and not available at design time.

Data Type

String

KnownCertStore Property (SecurePDF_PDFSign Class)

The name of the certificate store for the client certificate.

Object Oriented Interface

public function getKnownCertStore($knowncertindex);
public function setKnownCertStore($knowncertindex, $value);

Procedural Interface

securepdf_pdfsign_get($res, 119 , $knowncertindex);
securepdf_pdfsign_set($res, 119, $value , $knowncertindex);

Default Value

'MY'

Remarks

The name of the certificate store for the client certificate.

The KnownCertStoreType property denotes the type of the certificate store specified by KnownCertStore. If the store is password-protected, specify the password in KnownCertStorePassword.

KnownCertStore is used in conjunction with the KnownCertSubject property to specify client certificates. If KnownCertStore has a value, and KnownCertSubject or KnownCertEncoded is set, a search for a certificate is initiated. Please see the KnownCertSubject property for details.

Designations of certificate stores are platform dependent.

The following designations are the most common User and Machine certificate stores in Windows:


MY	A certificate store holding personal certificates with their associated private keys.
CA	Certifying authority certificates.
ROOT	Root certificates.

The $knowncertindex parameter specifies the index of the item in the array. The size of the array is controlled by the KnownCertCount property.

This property is not available at design time.

Data Type

Binary String

KnownCertStorePassword Property (SecurePDF_PDFSign Class)

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Object Oriented Interface

public function getKnownCertStorePassword($knowncertindex);
public function setKnownCertStorePassword($knowncertindex, $value);

Procedural Interface

securepdf_pdfsign_get($res, 120 , $knowncertindex);
securepdf_pdfsign_set($res, 120, $value , $knowncertindex);

Default Value

Remarks

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

The $knowncertindex parameter specifies the index of the item in the array. The size of the array is controlled by the KnownCertCount property.

This property is not available at design time.

Data Type

String

KnownCertStoreType Property (SecurePDF_PDFSign Class)

The type of certificate store for this certificate.

Object Oriented Interface

public function getKnownCertStoreType($knowncertindex);
public function setKnownCertStoreType($knowncertindex, $value);

Procedural Interface

securepdf_pdfsign_get($res, 121 , $knowncertindex);
securepdf_pdfsign_set($res, 121, $value , $knowncertindex);

Default Value

Remarks

The type of certificate store for this certificate.


0 (cstUser - default)	For Windows, this specifies that the certificate store is a certificate store owned by the current user. Note: This store type is not available in Java.
1 (cstMachine)	For Windows, this specifies that the certificate store is a machine store. Note: This store type is not available in Java.
2 (cstPFXFile)	The certificate store is the name of a PFX (PKCS#12) file containing certificates.
3 (cstPFXBlob)	The certificate store is a string (binary or Base64-encoded) representing a certificate store in PFX (PKCS#12) format.
4 (cstJKSFile)	The certificate store is the name of a Java Key Store (JKS) file containing certificates. Note: This store type is only available in Java.
5 (cstJKSBlob)	The certificate store is a string (binary or Base64-encoded) representing a certificate store in Java Key Store (JKS) format. Note: This store type is only available in Java.
6 (cstPEMKeyFile)	The certificate store is the name of a PEM-encoded file that contains a private key and an optional certificate.
7 (cstPEMKeyBlob)	The certificate store is a string (binary or Base64-encoded) that contains a private key and an optional certificate.
8 (cstPublicKeyFile)	The certificate store is the name of a file that contains a PEM- or DER-encoded public key certificate.
9 (cstPublicKeyBlob)	The certificate store is a string (binary or Base64-encoded) that contains a PEM- or DER-encoded public key certificate.
10 (cstSSHPublicKeyBlob)	The certificate store is a string (binary or Base64-encoded) that contains an SSH-style public key.
11 (cstP7BFile)	The certificate store is the name of a PKCS#7 file containing certificates.
12 (cstP7BBlob)	The certificate store is a string (binary) representing a certificate store in PKCS#7 format.
13 (cstSSHPublicKeyFile)	The certificate store is the name of a file that contains an SSH-style public key.
14 (cstPPKFile)	The certificate store is the name of a file that contains a PPK (PuTTY Private Key).
15 (cstPPKBlob)	The certificate store is a string (binary) that contains a PPK (PuTTY Private Key).
16 (cstXMLFile)	The certificate store is the name of a file that contains a certificate in XML format.
17 (cstXMLBlob)	The certificate store is a string that contains a certificate in XML format.
18 (cstJWKFile)	The certificate store is the name of a file that contains a JWK (JSON Web Key).
19 (cstJWKBlob)	The certificate store is a string that contains a JWK (JSON Web Key).
21 (cstBCFKSFile)	The certificate store is the name of a file that contains a BCFKS (Bouncy Castle FIPS Key Store). Note: This store type is only available in Java and .NET.
22 (cstBCFKSBlob)	The certificate store is a string (binary or Base64-encoded) representing a certificate store in BCFKS (Bouncy Castle FIPS Key Store) format. Note: This store type is only available in Java and .NET.
23 (cstPKCS11)	The certificate is present on a physical security key accessible via a PKCS#11 interface. To use a security key, the necessary data must first be collected using the CertMgr class. The ListStoreCertificates method may be called after setting CertStoreType to `cstPKCS11`, CertStorePassword to the PIN, and CertStore to the full path of the PKCS#11 DLL. The certificate information returned in the CertList event's `CertEncoded` parameter may be saved for later use. When using a certificate, pass the previously saved security key information as the KnownCertStore and set KnownCertStorePassword to the PIN. Code Example. SSH Authentication with Security Key: `certmgr.CertStoreType = CertStoreTypes.cstPKCS11; certmgr.OnCertList += (s, e) => { secKeyBlob = e.CertEncoded; }; certmgr.CertStore = @"C:\Program Files\OpenSC Project\OpenSC\pkcs11\opensc-pkcs11.dll"; certmgr.CertStorePassword = "123456"; //PIN certmgr.ListStoreCertificates(); sftp.SSHCert = new Certificate(CertStoreTypes.cstPKCS11, secKeyBlob, "123456", "*"); sftp.SSHUser = "test"; sftp.SSHLogon("myhost", 22);`
99 (cstAuto)	The store type is automatically detected from the input data. This setting may be used with both public and private keys and can detect any of the supported formats automatically.

The $knowncertindex parameter specifies the index of the item in the array. The size of the array is controlled by the KnownCertCount property.

This property is not available at design time.

Data Type

Integer

KnownCertSubjectAltNames Property (SecurePDF_PDFSign Class)

Comma-separated lists of alternative subject names for the certificate.

Object Oriented Interface

public function getKnownCertSubjectAltNames($knowncertindex);

Procedural Interface

securepdf_pdfsign_get($res, 122 , $knowncertindex);

Default Value

Remarks

Comma-separated lists of alternative subject names for the certificate.

The $knowncertindex parameter specifies the index of the item in the array. The size of the array is controlled by the KnownCertCount property.

This property is read-only and not available at design time.

Data Type

String

KnownCertThumbprintMD5 Property (SecurePDF_PDFSign Class)

The MD5 hash of the certificate.

Object Oriented Interface

public function getKnownCertThumbprintMD5($knowncertindex);

Procedural Interface

securepdf_pdfsign_get($res, 123 , $knowncertindex);

Default Value

Remarks

The MD5 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

The $knowncertindex parameter specifies the index of the item in the array. The size of the array is controlled by the KnownCertCount property.

This property is read-only and not available at design time.

Data Type

String

KnownCertThumbprintSHA1 Property (SecurePDF_PDFSign Class)

The SHA-1 hash of the certificate.

Object Oriented Interface

public function getKnownCertThumbprintSHA1($knowncertindex);

Procedural Interface

securepdf_pdfsign_get($res, 124 , $knowncertindex);

Default Value

Remarks

The SHA-1 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

The $knowncertindex parameter specifies the index of the item in the array. The size of the array is controlled by the KnownCertCount property.

This property is read-only and not available at design time.

Data Type

String

KnownCertThumbprintSHA256 Property (SecurePDF_PDFSign Class)

The SHA-256 hash of the certificate.

Object Oriented Interface

public function getKnownCertThumbprintSHA256($knowncertindex);

Procedural Interface

securepdf_pdfsign_get($res, 125 , $knowncertindex);

Default Value

Remarks

The SHA-256 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

The $knowncertindex parameter specifies the index of the item in the array. The size of the array is controlled by the KnownCertCount property.

This property is read-only and not available at design time.

Data Type

String

KnownCertUsage Property (SecurePDF_PDFSign Class)

The text description of UsageFlags .

Object Oriented Interface

public function getKnownCertUsage($knowncertindex);

Procedural Interface

securepdf_pdfsign_get($res, 126 , $knowncertindex);

Default Value

Remarks

The text description of KnownCertUsageFlags.

This value will be one or more of the following strings and will be separated by commas:

Digital Signature
Non-Repudiation
Key Encipherment
Data Encipherment
Key Agreement
Certificate Signing
CRL Signing
Encipher Only

If the provider is OpenSSL, the value is a comma-separated list of X.509 certificate extension names.

The $knowncertindex parameter specifies the index of the item in the array. The size of the array is controlled by the KnownCertCount property.

This property is read-only and not available at design time.

Data Type

String

KnownCertUsageFlags Property (SecurePDF_PDFSign Class)

The flags that show intended use for the certificate.

Object Oriented Interface

public function getKnownCertUsageFlags($knowncertindex);

Procedural Interface

securepdf_pdfsign_get($res, 127 , $knowncertindex);

Default Value

Remarks

The flags that show intended use for the certificate. The value of KnownCertUsageFlags is a combination of the following flags:


0x80	Digital Signature
0x40	Non-Repudiation
0x20	Key Encipherment
0x10	Data Encipherment
0x08	Key Agreement
0x04	Certificate Signing
0x02	CRL Signing
0x01	Encipher Only

Please see the KnownCertUsage property for a text representation of KnownCertUsageFlags.

This functionality currently is not available when the provider is OpenSSL.

The $knowncertindex parameter specifies the index of the item in the array. The size of the array is controlled by the KnownCertCount property.

This property is read-only and not available at design time.

Data Type

Integer

KnownCertVersion Property (SecurePDF_PDFSign Class)

The certificate's version number.

Object Oriented Interface

public function getKnownCertVersion($knowncertindex);

Procedural Interface

securepdf_pdfsign_get($res, 128 , $knowncertindex);

Default Value

Remarks

The certificate's version number. The possible values are the strings "V1", "V2", and "V3".

The $knowncertindex parameter specifies the index of the item in the array. The size of the array is controlled by the KnownCertCount property.

This property is read-only and not available at design time.

Data Type

String

KnownCertSubject Property (SecurePDF_PDFSign Class)

The subject of the certificate used for client authentication.

Object Oriented Interface

public function getKnownCertSubject($knowncertindex);
public function setKnownCertSubject($knowncertindex, $value);

Procedural Interface

securepdf_pdfsign_get($res, 129 , $knowncertindex);
securepdf_pdfsign_set($res, 129, $value , $knowncertindex);

Default Value

Remarks

The subject of the certificate used for client authentication.

If a matching certificate is found, the property is set to the full subject of the matching certificate.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.


Field	Meaning
CN	Common Name. This is commonly a hostname like www.server.com.
O	Organization
OU	Organizational Unit
L	Locality
S	State
C	Country
E	Email Address

If a field value contains a comma, it must be quoted.

The $knowncertindex parameter specifies the index of the item in the array. The size of the array is controlled by the KnownCertCount property.

This property is not available at design time.

Data Type

String

KnownCertEncoded Property (SecurePDF_PDFSign Class)

The certificate (PEM/Base64 encoded).

Object Oriented Interface

public function getKnownCertEncoded($knowncertindex);
public function setKnownCertEncoded($knowncertindex, $value);

Procedural Interface

securepdf_pdfsign_get($res, 130 , $knowncertindex);
securepdf_pdfsign_set($res, 130, $value , $knowncertindex);

Default Value

Remarks

The certificate (PEM/Base64 encoded). This property is used to assign a specific certificate. The KnownCertStore and KnownCertSubject properties also may be used to specify a certificate.

When KnownCertEncoded is set, a search is initiated in the current KnownCertStore for the private key of the certificate. If the key is found, KnownCertSubject is updated to reflect the full subject of the selected certificate; otherwise, KnownCertSubject is set to an empty string.

The $knowncertindex parameter specifies the index of the item in the array. The size of the array is controlled by the KnownCertCount property.

This property is not available at design time.

Data Type

Binary String

OfflineMode Property (SecurePDF_PDFSign Class)

Whether the class is operating in offline mode.

Object Oriented Interface

public function getOfflineMode();
public function setOfflineMode($value);

Procedural Interface

securepdf_pdfsign_get($res, 131 );
securepdf_pdfsign_set($res, 131, $value );

Default Value

false

Remarks

This property indicates whether the class should operate in offline mode.

In offline mode, the class restricts itself from accessing online Trusted Lists and revocation information sources such as CRLs or OCSP responders. It may be useful to set this property to true if there is a need to verify the completeness of the validation information included within the signature or provided via KnownCerts.

Data Type

Boolean

OutputData Property (SecurePDF_PDFSign Class)

A byte array containing the PDF document after processing.

Object Oriented Interface

public function getOutputData();

Procedural Interface

securepdf_pdfsign_get($res, 132 );

Remarks

This property is used to read the byte array containing the produced output after the operation has completed. It will only be set if an output file and output stream have not been assigned via OutputFile and SetOutputStream respectively.

This property is read-only and not available at design time.

Data Type

Byte Array

OutputFile Property (SecurePDF_PDFSign Class)

The path to a local file where the output will be written.

Object Oriented Interface

public function getOutputFile();
public function setOutputFile($value);

Procedural Interface

securepdf_pdfsign_get($res, 133 );
securepdf_pdfsign_set($res, 133, $value );

Default Value

Remarks

This property is used to provide a path where the resulting PDF document will be saved after the operation has completed.

Data Type

String

Overwrite Property (SecurePDF_PDFSign Class)

Whether or not the class should overwrite files.

Object Oriented Interface

public function getOverwrite();
public function setOverwrite($value);

Procedural Interface

securepdf_pdfsign_get($res, 134 );
securepdf_pdfsign_set($res, 134, $value );

Default Value

false

Remarks

This property indicates whether or not the class will overwrite OutputFile, OutputData, or the stream set in SetOutputStream. If set to false, an error will be thrown whenever OutputFile, OutputData, or the stream set in SetOutputStream exists before an operation.

Data Type

Boolean

Password Property (SecurePDF_PDFSign Class)

The password to decrypt the document with.

Object Oriented Interface

public function getPassword();
public function setPassword($value);

Procedural Interface

securepdf_pdfsign_get($res, 135 );
securepdf_pdfsign_set($res, 135, $value );

Default Value

Remarks

This property is used to provide the user password for decryption. Though it may be different from OwnerPassword, most implementations use the same value for both.

Data Type

String

ProxyAuthScheme Property (SecurePDF_PDFSign Class)

The type of authorization to perform when connecting to the proxy.

Object Oriented Interface

public function getProxyAuthScheme();
public function setProxyAuthScheme($value);

Procedural Interface

securepdf_pdfsign_get($res, 136 );
securepdf_pdfsign_set($res, 136, $value );

Default Value

Remarks

The type of authorization to perform when connecting to the proxy. This is used only when the ProxyUser and ProxyPassword properties are set.

ProxyAuthScheme should be set to authNone (3) when no authentication is expected.

By default, ProxyAuthScheme is authBasic (0), and if the ProxyUser and ProxyPassword properties are set, the class will attempt basic authentication.

If ProxyAuthScheme is set to authDigest (1), digest authentication will be attempted instead.

If ProxyAuthScheme is set to authProprietary (2), then the authorization token will not be generated by the class. Look at the configuration file for the class being used to find more information about manually setting this token.

If ProxyAuthScheme is set to authNtlm (4), NTLM authentication will be used.

For security reasons, setting this property will clear the values of ProxyUser and ProxyPassword.

Data Type

Integer

ProxyAutoDetect Property (SecurePDF_PDFSign Class)

Whether to automatically detect and use proxy system settings, if available.

Object Oriented Interface

public function getProxyAutoDetect();
public function setProxyAutoDetect($value);

Procedural Interface

securepdf_pdfsign_get($res, 137 );
securepdf_pdfsign_set($res, 137, $value );

Default Value

false

Remarks

Whether to automatically detect and use proxy system settings, if available. The default value is false.

Data Type

Boolean

ProxyPassword Property (SecurePDF_PDFSign Class)

A password if authentication is to be used for the proxy.

Object Oriented Interface

public function getProxyPassword();
public function setProxyPassword($value);

Procedural Interface

securepdf_pdfsign_get($res, 138 );
securepdf_pdfsign_set($res, 138, $value );

Default Value

Remarks

A password if authentication is to be used for the proxy.

If ProxyAuthScheme is set to Basic Authentication, the ProxyUser and ProxyPassword properties are Base64 encoded and the proxy authentication token will be generated in the form Basic [encoded-user-password].

If ProxyAuthScheme is set to Digest Authentication, the ProxyUser and ProxyPassword properties are used to respond to the Digest Authentication challenge from the server.

If ProxyAuthScheme is set to NTLM Authentication, the ProxyUser and ProxyPassword properties are used to authenticate through NTLM negotiation.

Data Type

String

ProxyPort Property (SecurePDF_PDFSign Class)

The Transmission Control Protocol (TCP) port for the proxy Server (default 80).

Object Oriented Interface

public function getProxyPort();
public function setProxyPort($value);

Procedural Interface

securepdf_pdfsign_get($res, 139 );
securepdf_pdfsign_set($res, 139, $value );

Default Value

Remarks

The Transmission Control Protocol (TCP) port for the proxy ProxyServer (default 80). See the description of the ProxyServer property for details.

Data Type

Integer

ProxyServer Property (SecurePDF_PDFSign Class)

If a proxy Server is given, then the HTTP request is sent to the proxy instead of the server otherwise specified.

Object Oriented Interface

public function getProxyServer();
public function setProxyServer($value);

Procedural Interface

securepdf_pdfsign_get($res, 140 );
securepdf_pdfsign_set($res, 140, $value );

Default Value

Remarks

If a proxy ProxyServer is given, then the HTTP request is sent to the proxy instead of the server otherwise specified.

If the ProxyServer property is set to a domain name, a DNS request is initiated. Upon successful termination of the request, the ProxyServer property is set to the corresponding address. If the search is not successful, an error is returned.

Data Type

String

ProxySSL Property (SecurePDF_PDFSign Class)

When to use a Secure Sockets Layer (SSL) for the connection to the proxy.

Object Oriented Interface

public function getProxySSL();
public function setProxySSL($value);

Procedural Interface

securepdf_pdfsign_get($res, 141 );
securepdf_pdfsign_set($res, 141, $value );

Default Value

Remarks

When to use a Secure Sockets Layer (SSL) for the connection to the proxy. The applicable values are as follows:


psAutomatic (0)	Default setting. If the URL is an `https` URL, the class will use the `psTunnel` option. If the URL is an `http` URL, the class will use the `psNever` option.
psAlways (1)	The connection is always SSL-enabled.
psNever (2)	The connection is not SSL-enabled.
psTunnel (3)	The connection is made through a tunneling (HTTP) proxy.

Data Type

Integer

ProxyUser Property (SecurePDF_PDFSign Class)

A username if authentication is to be used for the proxy.

Object Oriented Interface

public function getProxyUser();
public function setProxyUser($value);

Procedural Interface

securepdf_pdfsign_get($res, 142 );
securepdf_pdfsign_set($res, 142, $value );

Default Value

Remarks

A username if authentication is to be used for the proxy.

If ProxyAuthScheme is set to Digest Authentication, the ProxyUser and ProxyPassword properties are used to respond to the Digest Authentication challenge from the server.

If ProxyAuthScheme is set to NTLM Authentication, the ProxyUser and ProxyPassword properties are used to authenticate through NTLM negotiation.

Data Type

String

RevocationCheck Property (SecurePDF_PDFSign Class)

The kind(s) of revocation check to perform for all chain certificates.

Object Oriented Interface

public function getRevocationCheck();
public function setRevocationCheck($value);

Procedural Interface

securepdf_pdfsign_get($res, 143 );
securepdf_pdfsign_set($res, 143, $value );

Default Value

Remarks

This property is used to specify the revocation sources and preferences the class will use during chain validation. Revocation checking is necessary to ensure the integrity of the chain and to obtain up-to-date certificate validity and trust information.

Certificate Revocation Lists (CRLs) and Online Certificate Status Protocol (OCSP) responses serve the same purpose of ensuring that the certificate has not been revoked by the Certificate Authority (CA) at the time of use. Depending on the circumstances and security policy requirements, either one or both of the revocation information source types may be used.

Possible values are:


0 (rcAllCRL)	All provided CRL endpoints will be checked, and all checks must succeed.
1 (rcAllOCSP)	All provided OCSP endpoints will be checked, and all checks must succeed.
2 (rcAllCRLAndOCSP)	All provided CRL and OCSP endpoints will be checked, and all checks must succeed.
3 (rcAnyCRL)	All provided CRL endpoints will be checked, and at least one check must succeed.
4 (rcAnyOCSP)	All provided OCSP endpoints will be checked, and at least one check must succeed.
5 (rcAnyCRLOrOCSP)	All provided CRL and OCSP endpoints will be checked, and at least one check must succeed. CRL endpoints are checked first.
6 (rcAnyOCSPOrCRL - default)	All provided CRL and OCSP endpoints will be checked, and at least one check must succeed. OCSP endpoints are checked first.

This property controls the way revocation checks are performed for every certificate in the chain. Typically, certificates come with two types of revocation information sources: CRLs (Certificate Revocation Lists) and OCSP responses. CRLs are static objects periodically published by the CA at some online location. OCSP responders are active online services maintained by the CA that can provide up-to-date information on certificate statuses in near real time.

There are some conceptual differences between the two. CRLs are normally larger in size. Their use involves some latency because there is normally a delay between the time at which a certificate was revoked and the time at which the subsequent CRL mentioning that revocation is published. The benefits of CRLs are that the same object can provide statuses for all certificates issued by a particular CA, and that the whole technology is much simpler than OCSP (and thus is supported by more CAs).

This property allows the validation course to be adjusted by including or excluding certain types of revocation sources from the validation process. The rcAnyOCSPOrCRL setting (give preference to the faster OCSP route and only demand one source to succeed) is a good choice for most typical validation environments. The rcAll* modes are much stricter, and may be used in scenarios where bulletproof validity information is essential.

Note: If no CRL or OCSP endpoints are provided by the CA, the revocation check will be considered successful. This is because the CA chose not to supply revocation information for its certificates, meaning they are considered irrevocable.

Note: Within each of the above settings, if any retrieved CRL or OCSP response indicates that the certificate has been revoked, the revocation check fails.

Data Type

Integer

SignatureAuthorName Property (SecurePDF_PDFSign Class)

The human-readable name of the signer.

Object Oriented Interface

public function getSignatureAuthorName();
public function setSignatureAuthorName($value);

Procedural Interface

securepdf_pdfsign_get($res, 144 );
securepdf_pdfsign_set($res, 144, $value );

Default Value

Remarks

This property is used to specify the human-readable name of the signer.

Note: This property only applies when creating a new signature.

Data Type

String

SignatureClaimedSigningTime Property (SecurePDF_PDFSign Class)

The signature's creation time.

Object Oriented Interface

public function getSignatureClaimedSigningTime();
public function setSignatureClaimedSigningTime($value);

Procedural Interface

securepdf_pdfsign_get($res, 145 );
securepdf_pdfsign_set($res, 145, $value );

Default Value

Remarks

This property is used to specify the signature creation time from the signer's computer. The time should be provided in UTC in yyyyMMddHHmmssZ format.

Note: This property only applies when creating a new signature.

Data Type

String

SignatureField Property (SecurePDF_PDFSign Class)

The index of the empty signature field to sign.

Object Oriented Interface

public function getSignatureField();
public function setSignatureField($value);

Procedural Interface

securepdf_pdfsign_get($res, 146 );
securepdf_pdfsign_set($res, 146, $value );

Default Value

-1

Remarks

This property is used to specify the empty signature field that should be signed. If the default value of -1 is assigned to this property, a new signature field will be created.

Example: pdfsign.InputFile = "input.pdf"; pdfsign.OutputFile = "emptyfield.pdf"; pdfsign.SignatureType = PDFSignSignatureTypes.stEmptyField; pdfsign.Sign(); // Later pdfsign.Reset(); pdfsign.InputFile = "emptyfield.pdf"; pdfsign.OutputFile = "signed.pdf"; pdfsign.SigningCert = new Certificate(CertStoreTypes.cstPFXFile, "cert.pfx", "password", "*"); pdfsign.SignatureField = 0; // Configure signature properties as desired pdfsign.Sign();

Data Type

Integer

SignatureHashAlgorithm Property (SecurePDF_PDFSign Class)

The hash algorithm to be used for signing.

Object Oriented Interface

public function getSignatureHashAlgorithm();
public function setSignatureHashAlgorithm($value);

Procedural Interface

securepdf_pdfsign_get($res, 147 );
securepdf_pdfsign_set($res, 147, $value );

Default Value

'SHA256'

Remarks

This property is used to specify the hash algorithm to be used for signing.

Possible values are:

SHA1
SHA224
SHA256
SHA384
SHA512
MD5

Note: This property only applies when creating a new signature.

Data Type

String

SignatureProfile Property (SecurePDF_PDFSign Class)

The PAdES profile to apply when creating the signature.

Object Oriented Interface

public function getSignatureProfile();
public function setSignatureProfile($value);

Procedural Interface

securepdf_pdfsign_get($res, 148 );
securepdf_pdfsign_set($res, 148, $value );

Default Value

Remarks

This property is used to specify a pre-defined PAdES profile to apply when creating the signature, as defined by ETSI.

Advanced signatures come in many variants, and they are often defined by parties that need to process them or by local standards. Profiles are sets of pre-defined configurations that correspond to particular signature variants. Specifying a profile pre-configures the class to make it produce the signature that matches the configuration corresponding to that profile.

Possible values are:


0 (pfNone - default)	No profile
1 (pfBaselineB)	PAdES B-B profile
2 (pfBaselineT)	PAdES B-T profile
3 (pfBaselineLT)	PAdES B-LT profile
4 (pfBaselineLTA)	PAdES B-LTA profile

To apply a custom profile that is not defined by ETSI, set the CustomProfile configuration setting.

Note: This property only applies when creating a new signature.

Data Type

Integer

SignatureReason Property (SecurePDF_PDFSign Class)

The reason for signing.

Object Oriented Interface

public function getSignatureReason();
public function setSignatureReason($value);

Procedural Interface

securepdf_pdfsign_get($res, 149 );
securepdf_pdfsign_set($res, 149, $value );

Default Value

Remarks

This property is used to specify the reason for signing.

Note: This property only applies when creating a new signature.

Data Type

String

PDFSignatureCount Property (SecurePDF_PDFSign Class)

The number of records in the PDFSignature arrays.

Object Oriented Interface

public function getPDFSignatureCount();

Procedural Interface

securepdf_pdfsign_get($res, 150 );

Default Value

Remarks

This property controls the size of the following arrays:

PDFSignatureAuthorName
PDFSignatureChainValidationDetails
PDFSignatureChainValidationResult
PDFSignatureClaimedSigningTime
PDFSignatureCoverageEndsAt
PDFSignatureHashAlgorithm
PDFSignatureProfile
PDFSignatureReason
PDFSignatureSignerCertIndex
PDFSignatureTimestampCertIndex
PDFSignatureTimestamped
PDFSignatureType
PDFSignatureValidatedSigningTime
PDFSignatureValidationResult
PDFSignatureWidgetHeight
PDFSignatureWidgetOffsetX
PDFSignatureWidgetOffsetY
PDFSignatureWidgetPages
PDFSignatureWidgetWidth

The array indices start at 0 and end at PDFSignatureCount - 1.

This property is read-only and not available at design time.

Data Type

Integer

PDFSignatureAuthorName Property (SecurePDF_PDFSign Class)

The human-readable name of the signer.

Object Oriented Interface

public function getPDFSignatureAuthorName($pdfsignatureindex);

Procedural Interface

securepdf_pdfsign_get($res, 151 , $pdfsignatureindex);

Default Value

Remarks

The human-readable name of the signer.

The $pdfsignatureindex parameter specifies the index of the item in the array. The size of the array is controlled by the PDFSignatureCount property.

This property is read-only and not available at design time.

Data Type

String

PDFSignatureChainValidationDetails Property (SecurePDF_PDFSign Class)

The details of the certificate chain validation outcome.

Object Oriented Interface

public function getPDFSignatureChainValidationDetails($pdfsignatureindex);

Procedural Interface

securepdf_pdfsign_get($res, 152 , $pdfsignatureindex);

Default Value

Remarks

The details of the certificate chain validation outcome. They may often suggest the reasons that contributed to the overall validation result in PDFSignatureChainValidationResult.

The value of this property is a bitmask of the following flags:


0x001 (cvdRevoked)	One or more certificates are revoked.
0x002 (cvdExpiredOrNotYetValid)	One or more certificates are expired or not yet valid.
0x004 (cvdUnknownCA)	A CA certificate for one or more certificates has not been found, is not trusted, or has a wrong public key (chain incomplete).
0x008 (cvdPolicyViolated)	One of the CA certificates is not authorized to act as a CA, a mandatory key usage is not enabled in one of the chain certificates, or a weak algorithm is used in one of the certificates or revocation elements.
0x010 (cvdRevocationCheckFailed)	One or more CRLs or OCSP responses could not be verified.
0x020 (cvdBlocked)	One or more certificates are blocked.
0x040 (cvdFailure)	General validation failure.

Subscribe to the Log event to access the detailed validation log. This property is also available as a parameter of the SignatureProcessed event.

The $pdfsignatureindex parameter specifies the index of the item in the array. The size of the array is controlled by the PDFSignatureCount property.

This property is read-only and not available at design time.

Data Type

Integer

PDFSignatureChainValidationResult Property (SecurePDF_PDFSign Class)

The outcome of the certificate chain validation routine.

Object Oriented Interface

public function getPDFSignatureChainValidationResult($pdfsignatureindex);

Procedural Interface

securepdf_pdfsign_get($res, 153 , $pdfsignatureindex);

Default Value

Remarks

The outcome of the certificate chain validation routine.

Possible values are:


0 (cvrUnknown - default)	Chain validity is unknown.
1 (cvrValid)	The chain is valid.
2 (cvrValidButUntrusted)	The chain is valid, but the root certificate is not trusted.
3 (cvrInvalid)	The chain is not valid (some of the certificates are revoked, expired, or contain an invalid signature).
4 (cvrCantBeEstablished)	The validity of the chain cannot be established because of missing or unavailable validation information (certificates, CRLs, or OCSP responses).

Subscribe to the Log event to access the detailed validation log. This property is also available as a parameter of the SignatureProcessed event.

The $pdfsignatureindex parameter specifies the index of the item in the array. The size of the array is controlled by the PDFSignatureCount property.

This property is read-only and not available at design time.

Data Type

Integer

PDFSignatureClaimedSigningTime Property (SecurePDF_PDFSign Class)

The signature's creation time in UTC.

Object Oriented Interface

public function getPDFSignatureClaimedSigningTime($pdfsignatureindex);

Procedural Interface

securepdf_pdfsign_get($res, 154 , $pdfsignatureindex);

Default Value

Remarks

The signature's creation time in UTC.

Use this property to get the signature creation time from the signer's computer. Note that the claimed time, unlike PDFSignatureValidatedSigningTime, does not originate from a trusted TSA and may be forfeited or wrong.

The $pdfsignatureindex parameter specifies the index of the item in the array. The size of the array is controlled by the PDFSignatureCount property.

This property is read-only and not available at design time.

Data Type

String

PDFSignatureCoverageEndsAt Property (SecurePDF_PDFSign Class)

The offset in the PDF file where the signature coverage ends.

Object Oriented Interface

public function getPDFSignatureCoverageEndsAt($pdfsignatureindex);

Procedural Interface

securepdf_pdfsign_get($res, 155 , $pdfsignatureindex);

Default Value

Remarks

The offset in the PDF file where the signature coverage ends.

PDF generators often use incremental updates to make changes in documents. This may result in the signature only covering a part of the document (one of the past revisions), but not the subsequent changes.

Use this property to identify the offset where the signature coverage ends. One option is to compare it to the length of the whole document to ensure that the signature covers the entire document. Alternatively, use the GetSignedVersion method to extract the exact revision that was signed.

The $pdfsignatureindex parameter specifies the index of the item in the array. The size of the array is controlled by the PDFSignatureCount property.

This property is read-only and not available at design time.

Data Type

Integer

PDFSignatureHashAlgorithm Property (SecurePDF_PDFSign Class)

The hash algorithm that was used for signing.

Object Oriented Interface

public function getPDFSignatureHashAlgorithm($pdfsignatureindex);

Procedural Interface

securepdf_pdfsign_get($res, 156 , $pdfsignatureindex);

Default Value

'SHA256'

Remarks

The hash algorithm that was used for signing.

Possible values are:

SHA1
SHA224
SHA256
SHA384
SHA512
MD5

The $pdfsignatureindex parameter specifies the index of the item in the array. The size of the array is controlled by the PDFSignatureCount property.

This property is read-only and not available at design time.

Data Type

String

PDFSignatureProfile Property (SecurePDF_PDFSign Class)

The pre-defined PAdES profile that was applied when creating the signature, as defined by ETSI.

Object Oriented Interface

public function getPDFSignatureProfile($pdfsignatureindex);

Procedural Interface

securepdf_pdfsign_get($res, 157 , $pdfsignatureindex);

Default Value

Remarks

The pre-defined PAdES profile that was applied when creating the signature, as defined by ETSI.

Possible values are:


0 (pfNone - default)	No profile
1 (pfBaselineB)	PAdES B-B profile
2 (pfBaselineT)	PAdES B-T profile
3 (pfBaselineLT)	PAdES B-LT profile
4 (pfBaselineLTA)	PAdES B-LTA profile

Note that when verifying a signature, the LTV modifier may be affected by the validation settings. These include OfflineMode (set it to true to obtain the clean LTV capability) and CacheRevocationInfo (set it to false to prevent earlier validations from affecting the current validation).

The $pdfsignatureindex parameter specifies the index of the item in the array. The size of the array is controlled by the PDFSignatureCount property.

This property is read-only and not available at design time.

Data Type

Integer

PDFSignatureReason Property (SecurePDF_PDFSign Class)

The reason for signing.

Object Oriented Interface

public function getPDFSignatureReason($pdfsignatureindex);

Procedural Interface

securepdf_pdfsign_get($res, 158 , $pdfsignatureindex);

Default Value

Remarks

The reason for signing.

The $pdfsignatureindex parameter specifies the index of the item in the array. The size of the array is controlled by the PDFSignatureCount property.

This property is read-only and not available at design time.

Data Type

String

PDFSignatureType Property (SecurePDF_PDFSign Class)

The type of the signature that was created.

Object Oriented Interface

public function getPDFSignatureType($pdfsignatureindex);

Procedural Interface

securepdf_pdfsign_get($res, 159 , $pdfsignatureindex);

Default Value

Remarks

The type of the signature that was created.

Possible values are:


0 (stLegacy - default)	Legacy Adobe signature (adbe.pkcs7.detached)
1 (stAdvanced)	PAdES-compliant signature (ETSI.CAdES.detached)
2 (stDTS)	Document timestamp (ETSI.RFC3161)
3 (stEmptyField)	Empty signature field (signature placeholder)

The $pdfsignatureindex parameter specifies the index of the item in the array. The size of the array is controlled by the PDFSignatureCount property.

This property is read-only and not available at design time.

Data Type

Integer

PDFSignatureSignerCertIndex Property (SecurePDF_PDFSign Class)

The index of the signer certificate in the DocumentCerts properties.

Object Oriented Interface

public function getPDFSignatureSignerCertIndex($pdfsignatureindex);

Procedural Interface

securepdf_pdfsign_get($res, 160 , $pdfsignatureindex);

Default Value

-1

Remarks

The index of the signer certificate in the DocumentCerts properties.

The $pdfsignatureindex parameter specifies the index of the item in the array. The size of the array is controlled by the PDFSignatureCount property.

This property is read-only and not available at design time.

Data Type

Integer

PDFSignatureTimestampCertIndex Property (SecurePDF_PDFSign Class)

The index of the timestamping certificate in the DocumentCerts properties (if applicable).

Object Oriented Interface

public function getPDFSignatureTimestampCertIndex($pdfsignatureindex);

Procedural Interface

securepdf_pdfsign_get($res, 161 , $pdfsignatureindex);

Default Value

-1

Remarks

The index of the timestamping certificate in the DocumentCerts properties (if applicable).

The $pdfsignatureindex parameter specifies the index of the item in the array. The size of the array is controlled by the PDFSignatureCount property.

This property is read-only and not available at design time.

Data Type

Integer

PDFSignatureTimestamped Property (SecurePDF_PDFSign Class)

Whether the signature contains an embedded timestamp.

Object Oriented Interface

public function getPDFSignatureTimestamped($pdfsignatureindex);

Procedural Interface

securepdf_pdfsign_get($res, 162 , $pdfsignatureindex);

Default Value

false

Remarks

Whether the signature contains an embedded timestamp.

The $pdfsignatureindex parameter specifies the index of the item in the array. The size of the array is controlled by the PDFSignatureCount property.

This property is read-only and not available at design time.

Data Type

Boolean

PDFSignatureValidatedSigningTime Property (SecurePDF_PDFSign Class)

The certified signing time in UTC.

Object Oriented Interface

public function getPDFSignatureValidatedSigningTime($pdfsignatureindex);

Procedural Interface

securepdf_pdfsign_get($res, 163 , $pdfsignatureindex);

Default Value

Remarks

The certified signing time in UTC.

Use this property to obtain the signing time as certified by a timestamp from a trusted timestamping authority. This property is only nonempty if there is a valid timestamp included in the signature.

Note that the validated time, unlike PDFSignatureClaimedSigningTime, is the trusted signing time.

The $pdfsignatureindex parameter specifies the index of the item in the array. The size of the array is controlled by the PDFSignatureCount property.

This property is read-only and not available at design time.

Data Type

String

PDFSignatureValidationResult Property (SecurePDF_PDFSign Class)

The outcome of the cryptographic signature validation.

Object Oriented Interface

public function getPDFSignatureValidationResult($pdfsignatureindex);

Procedural Interface

securepdf_pdfsign_get($res, 164 , $pdfsignatureindex);

Default Value

Remarks

The outcome of the cryptographic signature validation.

Possible values are:


0 (svrUnknown - default)	Signature validity is unknown.
1 (svrValid)	The signature is valid.
2 (svrCorrupted)	The signature is corrupted.
3 (svrSignerNotFound)	Failed to acquire the signing certificate. The signature cannot be validated.
4 (svrFailure)	General failure.

This property is also available as the SignatureValidationResult parameter of the SignatureProcessed event.

The $pdfsignatureindex parameter specifies the index of the item in the array. The size of the array is controlled by the PDFSignatureCount property.

This property is read-only and not available at design time.

Data Type

Integer

PDFSignatureWidgetHeight Property (SecurePDF_PDFSign Class)

The height of the signature widget in points.

Object Oriented Interface

public function getPDFSignatureWidgetHeight($pdfsignatureindex);

Procedural Interface

securepdf_pdfsign_get($res, 165 , $pdfsignatureindex);

Default Value

'70'

Remarks

The height of the signature widget in points. Both integer and decimal values are supported.

The $pdfsignatureindex parameter specifies the index of the item in the array. The size of the array is controlled by the PDFSignatureCount property.

This property is read-only and not available at design time.

Data Type

String

PDFSignatureWidgetOffsetX Property (SecurePDF_PDFSign Class)

The signature widget offset from the left-hand page border in points.

Object Oriented Interface

public function getPDFSignatureWidgetOffsetX($pdfsignatureindex);

Procedural Interface

securepdf_pdfsign_get($res, 166 , $pdfsignatureindex);

Default Value

'0'

Remarks

The signature widget offset from the left-hand page border in points. Both integer and decimal values are supported.

The $pdfsignatureindex parameter specifies the index of the item in the array. The size of the array is controlled by the PDFSignatureCount property.

This property is read-only and not available at design time.

Data Type

String

PDFSignatureWidgetOffsetY Property (SecurePDF_PDFSign Class)

The signature widget offset from the bottom page border in points.

Object Oriented Interface

public function getPDFSignatureWidgetOffsetY($pdfsignatureindex);

Procedural Interface

securepdf_pdfsign_get($res, 167 , $pdfsignatureindex);

Default Value

'0'

Remarks

The signature widget offset from the bottom page border in points. Both integer and decimal values are supported.

The $pdfsignatureindex parameter specifies the index of the item in the array. The size of the array is controlled by the PDFSignatureCount property.

This property is read-only and not available at design time.

Data Type

String

PDFSignatureWidgetPages Property (SecurePDF_PDFSign Class)

The pages that the signature and its widget are placed on.

Object Oriented Interface

public function getPDFSignatureWidgetPages($pdfsignatureindex);

Procedural Interface

securepdf_pdfsign_get($res, 168 , $pdfsignatureindex);

Default Value

Remarks

The pages that the signature and its widget are placed on.

The $pdfsignatureindex parameter specifies the index of the item in the array. The size of the array is controlled by the PDFSignatureCount property.

This property is read-only and not available at design time.

Data Type

String

PDFSignatureWidgetWidth Property (SecurePDF_PDFSign Class)

The width of the signature widget in points.

Object Oriented Interface

public function getPDFSignatureWidgetWidth($pdfsignatureindex);

Procedural Interface

securepdf_pdfsign_get($res, 169 , $pdfsignatureindex);

Default Value

'70'

Remarks

The width of the signature widget in points. Both integer and decimal values are supported.

The $pdfsignatureindex parameter specifies the index of the item in the array. The size of the array is controlled by the PDFSignatureCount property.

This property is read-only and not available at design time.

Data Type

String

SignatureType Property (SecurePDF_PDFSign Class)

The type of signature to create.

Object Oriented Interface

public function getSignatureType();
public function setSignatureType($value);

Procedural Interface

securepdf_pdfsign_get($res, 170 );
securepdf_pdfsign_set($res, 170, $value );

Default Value

Remarks

This property is used to specify the type of the signature.

Possible values are:


0 (stLegacy - default)	Legacy Adobe signature (adbe.pkcs7.detached)
1 (stAdvanced)	PAdES-compliant signature (ETSI.CAdES.detached)
2 (stDTS)	Document timestamp (ETSI.RFC3161)
3 (stEmptyField)	Empty signature field (signature placeholder)

Note: This property only applies when creating a new signature.

Data Type

Integer

SignatureWidgetHeight Property (SecurePDF_PDFSign Class)

The height of the signature widget.

Object Oriented Interface

public function getSignatureWidgetHeight();
public function setSignatureWidgetHeight($value);

Procedural Interface

securepdf_pdfsign_get($res, 171 );
securepdf_pdfsign_set($res, 171, $value );

Default Value

'70'

Remarks

This property is used to specify the height of the signature widget in points. Both integer and decimal values are supported.

Note: This property only applies when creating a new signature.

Data Type

String

SignatureWidgetOffsetX Property (SecurePDF_PDFSign Class)

The signature widget offset from the left-hand page border.

Object Oriented Interface

public function getSignatureWidgetOffsetX();
public function setSignatureWidgetOffsetX($value);

Procedural Interface

securepdf_pdfsign_get($res, 172 );
securepdf_pdfsign_set($res, 172, $value );

Default Value

'0'

Remarks

This property is used to specify the signature widget offset from the left-hand page border in points. Both integer and decimal values are supported.

Note: This property only applies when creating a new signature.

Data Type

String

SignatureWidgetOffsetY Property (SecurePDF_PDFSign Class)

The signature widget offset from the bottom page border.

Object Oriented Interface

public function getSignatureWidgetOffsetY();
public function setSignatureWidgetOffsetY($value);

Procedural Interface

securepdf_pdfsign_get($res, 173 );
securepdf_pdfsign_set($res, 173, $value );

Default Value

'0'

Remarks

This property is used to specify the signature widget offset from the bottom page border in points. Both integer and decimal values are supported.

Note: This property only applies when creating a new signature.

Data Type

String

SignatureWidgetPages Property (SecurePDF_PDFSign Class)

The pages to place the signature and its widget on.

Object Oriented Interface

public function getSignatureWidgetPages();
public function setSignatureWidgetPages($value);

Procedural Interface

securepdf_pdfsign_get($res, 174 );
securepdf_pdfsign_set($res, 174, $value );

Default Value

Remarks

This property is used to specify the pages on which the signature and its widget will be placed.

A variety of syntaxes are supported:

A single page number: 3
A comma-separated list of page numbers: 1,2,5,7
The asterisk character (*) indicates that the widget should be placed on all pages in the document.
The first and last placeholders specify that the signature should be placed on the respective page, independently of its number.

Note: This property only applies when creating a new signature.

Data Type

String

SignatureWidgetWidth Property (SecurePDF_PDFSign Class)

The width of the signature widget.

Object Oriented Interface

public function getSignatureWidgetWidth();
public function setSignatureWidgetWidth($value);

Procedural Interface

securepdf_pdfsign_get($res, 175 );
securepdf_pdfsign_set($res, 175, $value );

Default Value

'70'

Remarks

This property is used to specify the width of the signature widget in points. Both integer and decimal values are supported.

Note: This property only applies when creating a new signature.

Data Type

String

SigningCertEffectiveDate Property (SecurePDF_PDFSign Class)

The date on which this certificate becomes valid.

Object Oriented Interface

public function getSigningCertEffectiveDate();

Procedural Interface

securepdf_pdfsign_get($res, 176 );

Default Value

Remarks

The date on which this certificate becomes valid. Before this date, it is not valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2000 15:00:00.

This property is read-only and not available at design time.

Data Type

String

SigningCertExpirationDate Property (SecurePDF_PDFSign Class)

The date on which the certificate expires.

Object Oriented Interface

public function getSigningCertExpirationDate();

Procedural Interface

securepdf_pdfsign_get($res, 177 );

Default Value

Remarks

23-Jan-2001 15:00:00.

This property is read-only and not available at design time.

Data Type

String

SigningCertExtendedKeyUsage Property (SecurePDF_PDFSign Class)

A comma-delimited list of extended key usage identifiers.

Object Oriented Interface

public function getSigningCertExtendedKeyUsage();

Procedural Interface

securepdf_pdfsign_get($res, 178 );

Default Value

Remarks

A comma-delimited list of extended key usage identifiers. These are the same as ASN.1 object identifiers (OIDs).

This property is read-only and not available at design time.

Data Type

String

SigningCertFingerprint Property (SecurePDF_PDFSign Class)

The hex-encoded, 16-byte MD5 fingerprint of the certificate.

Object Oriented Interface

public function getSigningCertFingerprint();

Procedural Interface

securepdf_pdfsign_get($res, 179 );

Default Value

Remarks

The following example illustrates the format: bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02

This property is read-only and not available at design time.

Data Type

String

SigningCertFingerprintSHA1 Property (SecurePDF_PDFSign Class)

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.

Object Oriented Interface

public function getSigningCertFingerprintSHA1();

Procedural Interface

securepdf_pdfsign_get($res, 180 );

Default Value

Remarks

The following example illustrates the format: 30:7b:fa:38:65:83:ff:da:b4:4e:07:3f:17:b8:a4:ed:80:be:ff:84

This property is read-only and not available at design time.

Data Type

String

SigningCertFingerprintSHA256 Property (SecurePDF_PDFSign Class)

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.

Object Oriented Interface

public function getSigningCertFingerprintSHA256();

Procedural Interface

securepdf_pdfsign_get($res, 181 );

Default Value

Remarks

The following example illustrates the format: 6a:80:5c:33:a9:43:ea:b0:96:12:8a:64:96:30:ef:4a:8a:96:86:ce:f4:c7:be:10:24:8e:2b:60:9e:f3:59:53

This property is read-only and not available at design time.

Data Type

String

SigningCertIssuer Property (SecurePDF_PDFSign Class)

The issuer of the certificate.

Object Oriented Interface

public function getSigningCertIssuer();

Procedural Interface

securepdf_pdfsign_get($res, 182 );

Default Value

Remarks

The issuer of the certificate. This property contains a string representation of the name of the issuing authority for the certificate.

This property is read-only and not available at design time.

Data Type

String

SigningCertPrivateKey Property (SecurePDF_PDFSign Class)

The private key of the certificate (if available).

Object Oriented Interface

public function getSigningCertPrivateKey();

Procedural Interface

securepdf_pdfsign_get($res, 183 );

Default Value

Remarks

The private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.

Note: The SigningCertPrivateKey may be available but not exportable. In this case, SigningCertPrivateKey returns an empty string.

This property is read-only and not available at design time.

Data Type

String

SigningCertPrivateKeyAvailable Property (SecurePDF_PDFSign Class)

Whether a PrivateKey is available for the selected certificate.

Object Oriented Interface

public function getSigningCertPrivateKeyAvailable();

Procedural Interface

securepdf_pdfsign_get($res, 184 );

Default Value

false

Remarks

Whether a SigningCertPrivateKey is available for the selected certificate. If SigningCertPrivateKeyAvailable is True, the certificate may be used for authentication purposes (e.g., server authentication).

This property is read-only and not available at design time.

Data Type

Boolean

SigningCertPrivateKeyContainer Property (SecurePDF_PDFSign Class)

The name of the PrivateKey container for the certificate (if available).

Object Oriented Interface

public function getSigningCertPrivateKeyContainer();

Procedural Interface

securepdf_pdfsign_get($res, 185 );

Default Value

Remarks

The name of the SigningCertPrivateKey container for the certificate (if available). This functionality is available only on Windows platforms.

This property is read-only and not available at design time.

Data Type

String

SigningCertPublicKey Property (SecurePDF_PDFSign Class)

The public key of the certificate.

Object Oriented Interface

public function getSigningCertPublicKey();

Procedural Interface

securepdf_pdfsign_get($res, 186 );

Default Value

Remarks

The public key of the certificate. The key is provided as PEM/Base64-encoded data.

This property is read-only and not available at design time.

Data Type

String

SigningCertPublicKeyAlgorithm Property (SecurePDF_PDFSign Class)

The textual description of the certificate's public key algorithm.

Object Oriented Interface

public function getSigningCertPublicKeyAlgorithm();

Procedural Interface

securepdf_pdfsign_get($res, 187 );

Default Value

Remarks

This property is read-only and not available at design time.

Data Type

String

SigningCertPublicKeyLength Property (SecurePDF_PDFSign Class)

The length of the certificate's public key (in bits).

Object Oriented Interface

public function getSigningCertPublicKeyLength();

Procedural Interface

securepdf_pdfsign_get($res, 188 );

Default Value

Remarks

The length of the certificate's public key (in bits). Common values are 512, 1024, and 2048.

This property is read-only and not available at design time.

Data Type

Integer

SigningCertSerialNumber Property (SecurePDF_PDFSign Class)

The serial number of the certificate encoded as a string.

Object Oriented Interface

public function getSigningCertSerialNumber();

Procedural Interface

securepdf_pdfsign_get($res, 189 );

Default Value

Remarks

The serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, with each pair representing a byte of the serial number.

This property is read-only and not available at design time.

Data Type

String

SigningCertSignatureAlgorithm Property (SecurePDF_PDFSign Class)

The text description of the certificate's signature algorithm.

Object Oriented Interface

public function getSigningCertSignatureAlgorithm();

Procedural Interface

securepdf_pdfsign_get($res, 190 );

Default Value

Remarks

This property is read-only and not available at design time.

Data Type

String

SigningCertStore Property (SecurePDF_PDFSign Class)

The name of the certificate store for the client certificate.

Object Oriented Interface

public function getSigningCertStore();
public function setSigningCertStore($value);

Procedural Interface

securepdf_pdfsign_get($res, 191 );
securepdf_pdfsign_set($res, 191, $value );

Default Value

'MY'

Remarks

The name of the certificate store for the client certificate.

The SigningCertStoreType property denotes the type of the certificate store specified by SigningCertStore. If the store is password-protected, specify the password in SigningCertStorePassword.

SigningCertStore is used in conjunction with the SigningCertSubject property to specify client certificates. If SigningCertStore has a value, and SigningCertSubject or SigningCertEncoded is set, a search for a certificate is initiated. Please see the SigningCertSubject property for details.

Designations of certificate stores are platform dependent.

The following designations are the most common User and Machine certificate stores in Windows:


MY	A certificate store holding personal certificates with their associated private keys.
CA	Certifying authority certificates.
ROOT	Root certificates.

This property is not available at design time.

Data Type

Binary String

SigningCertStorePassword Property (SecurePDF_PDFSign Class)

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Object Oriented Interface

public function getSigningCertStorePassword();
public function setSigningCertStorePassword($value);

Procedural Interface

securepdf_pdfsign_get($res, 192 );
securepdf_pdfsign_set($res, 192, $value );

Default Value

Remarks

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

This property is not available at design time.

Data Type

String

SigningCertStoreType Property (SecurePDF_PDFSign Class)

The type of certificate store for this certificate.

Object Oriented Interface

public function getSigningCertStoreType();
public function setSigningCertStoreType($value);

Procedural Interface

securepdf_pdfsign_get($res, 193 );
securepdf_pdfsign_set($res, 193, $value );

Default Value

Remarks

The type of certificate store for this certificate.


0 (cstUser - default)	For Windows, this specifies that the certificate store is a certificate store owned by the current user. Note: This store type is not available in Java.
1 (cstMachine)	For Windows, this specifies that the certificate store is a machine store. Note: This store type is not available in Java.
2 (cstPFXFile)	The certificate store is the name of a PFX (PKCS#12) file containing certificates.
3 (cstPFXBlob)	The certificate store is a string (binary or Base64-encoded) representing a certificate store in PFX (PKCS#12) format.
4 (cstJKSFile)	The certificate store is the name of a Java Key Store (JKS) file containing certificates. Note: This store type is only available in Java.
5 (cstJKSBlob)	The certificate store is a string (binary or Base64-encoded) representing a certificate store in Java Key Store (JKS) format. Note: This store type is only available in Java.
6 (cstPEMKeyFile)	The certificate store is the name of a PEM-encoded file that contains a private key and an optional certificate.
7 (cstPEMKeyBlob)	The certificate store is a string (binary or Base64-encoded) that contains a private key and an optional certificate.
8 (cstPublicKeyFile)	The certificate store is the name of a file that contains a PEM- or DER-encoded public key certificate.
9 (cstPublicKeyBlob)	The certificate store is a string (binary or Base64-encoded) that contains a PEM- or DER-encoded public key certificate.
10 (cstSSHPublicKeyBlob)	The certificate store is a string (binary or Base64-encoded) that contains an SSH-style public key.
11 (cstP7BFile)	The certificate store is the name of a PKCS#7 file containing certificates.
12 (cstP7BBlob)	The certificate store is a string (binary) representing a certificate store in PKCS#7 format.
13 (cstSSHPublicKeyFile)	The certificate store is the name of a file that contains an SSH-style public key.
14 (cstPPKFile)	The certificate store is the name of a file that contains a PPK (PuTTY Private Key).
15 (cstPPKBlob)	The certificate store is a string (binary) that contains a PPK (PuTTY Private Key).
16 (cstXMLFile)	The certificate store is the name of a file that contains a certificate in XML format.
17 (cstXMLBlob)	The certificate store is a string that contains a certificate in XML format.
18 (cstJWKFile)	The certificate store is the name of a file that contains a JWK (JSON Web Key).
19 (cstJWKBlob)	The certificate store is a string that contains a JWK (JSON Web Key).
21 (cstBCFKSFile)	The certificate store is the name of a file that contains a BCFKS (Bouncy Castle FIPS Key Store). Note: This store type is only available in Java and .NET.
22 (cstBCFKSBlob)	The certificate store is a string (binary or Base64-encoded) representing a certificate store in BCFKS (Bouncy Castle FIPS Key Store) format. Note: This store type is only available in Java and .NET.
23 (cstPKCS11)	The certificate is present on a physical security key accessible via a PKCS#11 interface. To use a security key, the necessary data must first be collected using the CertMgr class. The ListStoreCertificates method may be called after setting CertStoreType to `cstPKCS11`, CertStorePassword to the PIN, and CertStore to the full path of the PKCS#11 DLL. The certificate information returned in the CertList event's `CertEncoded` parameter may be saved for later use. When using a certificate, pass the previously saved security key information as the SigningCertStore and set SigningCertStorePassword to the PIN. Code Example. SSH Authentication with Security Key: `certmgr.CertStoreType = CertStoreTypes.cstPKCS11; certmgr.OnCertList += (s, e) => { secKeyBlob = e.CertEncoded; }; certmgr.CertStore = @"C:\Program Files\OpenSC Project\OpenSC\pkcs11\opensc-pkcs11.dll"; certmgr.CertStorePassword = "123456"; //PIN certmgr.ListStoreCertificates(); sftp.SSHCert = new Certificate(CertStoreTypes.cstPKCS11, secKeyBlob, "123456", "*"); sftp.SSHUser = "test"; sftp.SSHLogon("myhost", 22);`
99 (cstAuto)	The store type is automatically detected from the input data. This setting may be used with both public and private keys and can detect any of the supported formats automatically.

This property is not available at design time.

Data Type

Integer

SigningCertSubjectAltNames Property (SecurePDF_PDFSign Class)

Comma-separated lists of alternative subject names for the certificate.

Object Oriented Interface

public function getSigningCertSubjectAltNames();

Procedural Interface

securepdf_pdfsign_get($res, 194 );

Default Value

Remarks

Comma-separated lists of alternative subject names for the certificate.

This property is read-only and not available at design time.

Data Type

String

SigningCertThumbprintMD5 Property (SecurePDF_PDFSign Class)

The MD5 hash of the certificate.

Object Oriented Interface

public function getSigningCertThumbprintMD5();

Procedural Interface

securepdf_pdfsign_get($res, 195 );

Default Value

Remarks

The MD5 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only and not available at design time.

Data Type

String

SigningCertThumbprintSHA1 Property (SecurePDF_PDFSign Class)

The SHA-1 hash of the certificate.

Object Oriented Interface

public function getSigningCertThumbprintSHA1();

Procedural Interface

securepdf_pdfsign_get($res, 196 );

Default Value

Remarks

The SHA-1 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only and not available at design time.

Data Type

String

SigningCertThumbprintSHA256 Property (SecurePDF_PDFSign Class)

The SHA-256 hash of the certificate.

Object Oriented Interface

public function getSigningCertThumbprintSHA256();

Procedural Interface

securepdf_pdfsign_get($res, 197 );

Default Value

Remarks

The SHA-256 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only and not available at design time.

Data Type

String

SigningCertUsage Property (SecurePDF_PDFSign Class)

The text description of UsageFlags .

Object Oriented Interface

public function getSigningCertUsage();

Procedural Interface

securepdf_pdfsign_get($res, 198 );

Default Value

Remarks

The text description of SigningCertUsageFlags.

This value will be one or more of the following strings and will be separated by commas:

Digital Signature
Non-Repudiation
Key Encipherment
Data Encipherment
Key Agreement
Certificate Signing
CRL Signing
Encipher Only

If the provider is OpenSSL, the value is a comma-separated list of X.509 certificate extension names.

This property is read-only and not available at design time.

Data Type

String

SigningCertUsageFlags Property (SecurePDF_PDFSign Class)

The flags that show intended use for the certificate.

Object Oriented Interface

public function getSigningCertUsageFlags();

Procedural Interface

securepdf_pdfsign_get($res, 199 );

Default Value

Remarks

The flags that show intended use for the certificate. The value of SigningCertUsageFlags is a combination of the following flags:


0x80	Digital Signature
0x40	Non-Repudiation
0x20	Key Encipherment
0x10	Data Encipherment
0x08	Key Agreement
0x04	Certificate Signing
0x02	CRL Signing
0x01	Encipher Only

Please see the SigningCertUsage property for a text representation of SigningCertUsageFlags.

This functionality currently is not available when the provider is OpenSSL.

This property is read-only and not available at design time.

Data Type

Integer

SigningCertVersion Property (SecurePDF_PDFSign Class)

The certificate's version number.

Object Oriented Interface

public function getSigningCertVersion();

Procedural Interface

securepdf_pdfsign_get($res, 200 );

Default Value

Remarks

The certificate's version number. The possible values are the strings "V1", "V2", and "V3".

This property is read-only and not available at design time.

Data Type

String

SigningCertSubject Property (SecurePDF_PDFSign Class)

The subject of the certificate used for client authentication.

Object Oriented Interface

public function getSigningCertSubject();
public function setSigningCertSubject($value);

Procedural Interface

securepdf_pdfsign_get($res, 201 );
securepdf_pdfsign_set($res, 201, $value );

Default Value

Remarks

The subject of the certificate used for client authentication.

If a matching certificate is found, the property is set to the full subject of the matching certificate.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.


Field	Meaning
CN	Common Name. This is commonly a hostname like www.server.com.
O	Organization
OU	Organizational Unit
L	Locality
S	State
C	Country
E	Email Address

If a field value contains a comma, it must be quoted.

This property is not available at design time.

Data Type

String

SigningCertEncoded Property (SecurePDF_PDFSign Class)

The certificate (PEM/Base64 encoded).

Object Oriented Interface

public function getSigningCertEncoded();
public function setSigningCertEncoded($value);

Procedural Interface

securepdf_pdfsign_get($res, 202 );
securepdf_pdfsign_set($res, 202, $value );

Default Value

Remarks

The certificate (PEM/Base64 encoded). This property is used to assign a specific certificate. The SigningCertStore and SigningCertSubject properties also may be used to specify a certificate.

When SigningCertEncoded is set, a search is initiated in the current SigningCertStore for the private key of the certificate. If the key is found, SigningCertSubject is updated to reflect the full subject of the selected certificate; otherwise, SigningCertSubject is set to an empty string.

This property is not available at design time.

Data Type

Binary String

TimestampServer Property (SecurePDF_PDFSign Class)

The address of the timestamping server.

Object Oriented Interface

public function getTimestampServer();
public function setTimestampServer($value);

Procedural Interface

securepdf_pdfsign_get($res, 203 );
securepdf_pdfsign_set($res, 203, $value );

Default Value

Remarks

This property is used to specify the address of the TSA (Timestamping Authority) server to use for timestamping the signature (normal signing) or the document (LTV update).

If the timestamping service enforces credential-based user authentication (basic or digest), the credentials can be provided in the same URL. For example: pdfsign.TimestampServer = "http://user:password@timestamp.server.com/TsaService"; If the TSA requires TLS client authentication, provide the client certificate via the TSATLSClientCertStoreType, TSATLSClientCertStore, TSATLSClientCertSubject, and TSATLSClientCertStorePassword configuration settings.

Data Type

String

TrustedCertCount Property (SecurePDF_PDFSign Class)

The number of records in the TrustedCert arrays.

Object Oriented Interface

public function getTrustedCertCount();
public function setTrustedCertCount($value);

Procedural Interface

securepdf_pdfsign_get($res, 204 );
securepdf_pdfsign_set($res, 204, $value );

Default Value

Remarks

This property controls the size of the following arrays:

TrustedCertEffectiveDate
TrustedCertEncoded
TrustedCertExpirationDate
TrustedCertExtendedKeyUsage
TrustedCertFingerprint
TrustedCertFingerprintSHA1
TrustedCertFingerprintSHA256
TrustedCertIssuer
TrustedCertPrivateKey
TrustedCertPrivateKeyAvailable
TrustedCertPrivateKeyContainer
TrustedCertPublicKey
TrustedCertPublicKeyAlgorithm
TrustedCertPublicKeyLength
TrustedCertSerialNumber
TrustedCertSignatureAlgorithm
TrustedCertStore
TrustedCertStorePassword
TrustedCertStoreType
TrustedCertSubject
TrustedCertSubjectAltNames
TrustedCertThumbprintMD5
TrustedCertThumbprintSHA1
TrustedCertThumbprintSHA256
TrustedCertUsage
TrustedCertUsageFlags
TrustedCertVersion

The array indices start at 0 and end at TrustedCertCount - 1.

This property is not available at design time.

Data Type

Integer

TrustedCertEffectiveDate Property (SecurePDF_PDFSign Class)

The date on which this certificate becomes valid.

Object Oriented Interface

public function getTrustedCertEffectiveDate($trustedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 205 , $trustedcertindex);

Default Value

Remarks

The date on which this certificate becomes valid. Before this date, it is not valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2000 15:00:00.

The $trustedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the TrustedCertCount property.

This property is read-only and not available at design time.

Data Type

String

TrustedCertExpirationDate Property (SecurePDF_PDFSign Class)

The date on which the certificate expires.

Object Oriented Interface

public function getTrustedCertExpirationDate($trustedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 206 , $trustedcertindex);

Default Value

Remarks

23-Jan-2001 15:00:00.

The $trustedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the TrustedCertCount property.

This property is read-only and not available at design time.

Data Type

String

TrustedCertExtendedKeyUsage Property (SecurePDF_PDFSign Class)

A comma-delimited list of extended key usage identifiers.

Object Oriented Interface

public function getTrustedCertExtendedKeyUsage($trustedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 207 , $trustedcertindex);

Default Value

Remarks

A comma-delimited list of extended key usage identifiers. These are the same as ASN.1 object identifiers (OIDs).

The $trustedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the TrustedCertCount property.

This property is read-only and not available at design time.

Data Type

String

TrustedCertFingerprint Property (SecurePDF_PDFSign Class)

The hex-encoded, 16-byte MD5 fingerprint of the certificate.

Object Oriented Interface

public function getTrustedCertFingerprint($trustedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 208 , $trustedcertindex);

Default Value

Remarks

The following example illustrates the format: bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02

The $trustedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the TrustedCertCount property.

This property is read-only and not available at design time.

Data Type

String

TrustedCertFingerprintSHA1 Property (SecurePDF_PDFSign Class)

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.

Object Oriented Interface

public function getTrustedCertFingerprintSHA1($trustedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 209 , $trustedcertindex);

Default Value

Remarks

The following example illustrates the format: 30:7b:fa:38:65:83:ff:da:b4:4e:07:3f:17:b8:a4:ed:80:be:ff:84

The $trustedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the TrustedCertCount property.

This property is read-only and not available at design time.

Data Type

String

TrustedCertFingerprintSHA256 Property (SecurePDF_PDFSign Class)

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.

Object Oriented Interface

public function getTrustedCertFingerprintSHA256($trustedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 210 , $trustedcertindex);

Default Value

Remarks

The following example illustrates the format: 6a:80:5c:33:a9:43:ea:b0:96:12:8a:64:96:30:ef:4a:8a:96:86:ce:f4:c7:be:10:24:8e:2b:60:9e:f3:59:53

The $trustedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the TrustedCertCount property.

This property is read-only and not available at design time.

Data Type

String

TrustedCertIssuer Property (SecurePDF_PDFSign Class)

The issuer of the certificate.

Object Oriented Interface

public function getTrustedCertIssuer($trustedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 211 , $trustedcertindex);

Default Value

Remarks

The issuer of the certificate. This property contains a string representation of the name of the issuing authority for the certificate.

The $trustedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the TrustedCertCount property.

This property is read-only and not available at design time.

Data Type

String

TrustedCertPrivateKey Property (SecurePDF_PDFSign Class)

The private key of the certificate (if available).

Object Oriented Interface

public function getTrustedCertPrivateKey($trustedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 212 , $trustedcertindex);

Default Value

Remarks

The private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.

Note: The TrustedCertPrivateKey may be available but not exportable. In this case, TrustedCertPrivateKey returns an empty string.

The $trustedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the TrustedCertCount property.

This property is read-only and not available at design time.

Data Type

String

TrustedCertPrivateKeyAvailable Property (SecurePDF_PDFSign Class)

Whether a PrivateKey is available for the selected certificate.

Object Oriented Interface

public function getTrustedCertPrivateKeyAvailable($trustedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 213 , $trustedcertindex);

Default Value

false

Remarks

Whether a TrustedCertPrivateKey is available for the selected certificate. If TrustedCertPrivateKeyAvailable is True, the certificate may be used for authentication purposes (e.g., server authentication).

The $trustedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the TrustedCertCount property.

This property is read-only and not available at design time.

Data Type

Boolean

TrustedCertPrivateKeyContainer Property (SecurePDF_PDFSign Class)

The name of the PrivateKey container for the certificate (if available).

Object Oriented Interface

public function getTrustedCertPrivateKeyContainer($trustedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 214 , $trustedcertindex);

Default Value

Remarks

The name of the TrustedCertPrivateKey container for the certificate (if available). This functionality is available only on Windows platforms.

The $trustedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the TrustedCertCount property.

This property is read-only and not available at design time.

Data Type

String

TrustedCertPublicKey Property (SecurePDF_PDFSign Class)

The public key of the certificate.

Object Oriented Interface

public function getTrustedCertPublicKey($trustedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 215 , $trustedcertindex);

Default Value

Remarks

The public key of the certificate. The key is provided as PEM/Base64-encoded data.

The $trustedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the TrustedCertCount property.

This property is read-only and not available at design time.

Data Type

String

TrustedCertPublicKeyAlgorithm Property (SecurePDF_PDFSign Class)

The textual description of the certificate's public key algorithm.

Object Oriented Interface

public function getTrustedCertPublicKeyAlgorithm($trustedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 216 , $trustedcertindex);

Default Value

Remarks

The $trustedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the TrustedCertCount property.

This property is read-only and not available at design time.

Data Type

String

TrustedCertPublicKeyLength Property (SecurePDF_PDFSign Class)

The length of the certificate's public key (in bits).

Object Oriented Interface

public function getTrustedCertPublicKeyLength($trustedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 217 , $trustedcertindex);

Default Value

Remarks

The length of the certificate's public key (in bits). Common values are 512, 1024, and 2048.

The $trustedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the TrustedCertCount property.

This property is read-only and not available at design time.

Data Type

Integer

TrustedCertSerialNumber Property (SecurePDF_PDFSign Class)

The serial number of the certificate encoded as a string.

Object Oriented Interface

public function getTrustedCertSerialNumber($trustedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 218 , $trustedcertindex);

Default Value

Remarks

The serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, with each pair representing a byte of the serial number.

The $trustedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the TrustedCertCount property.

This property is read-only and not available at design time.

Data Type

String

TrustedCertSignatureAlgorithm Property (SecurePDF_PDFSign Class)

The text description of the certificate's signature algorithm.

Object Oriented Interface

public function getTrustedCertSignatureAlgorithm($trustedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 219 , $trustedcertindex);

Default Value

Remarks

The $trustedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the TrustedCertCount property.

This property is read-only and not available at design time.

Data Type

String

TrustedCertStore Property (SecurePDF_PDFSign Class)

The name of the certificate store for the client certificate.

Object Oriented Interface

public function getTrustedCertStore($trustedcertindex);
public function setTrustedCertStore($trustedcertindex, $value);

Procedural Interface

securepdf_pdfsign_get($res, 220 , $trustedcertindex);
securepdf_pdfsign_set($res, 220, $value , $trustedcertindex);

Default Value

'MY'

Remarks

The name of the certificate store for the client certificate.

The TrustedCertStoreType property denotes the type of the certificate store specified by TrustedCertStore. If the store is password-protected, specify the password in TrustedCertStorePassword.

TrustedCertStore is used in conjunction with the TrustedCertSubject property to specify client certificates. If TrustedCertStore has a value, and TrustedCertSubject or TrustedCertEncoded is set, a search for a certificate is initiated. Please see the TrustedCertSubject property for details.

Designations of certificate stores are platform dependent.

The following designations are the most common User and Machine certificate stores in Windows:


MY	A certificate store holding personal certificates with their associated private keys.
CA	Certifying authority certificates.
ROOT	Root certificates.

The $trustedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the TrustedCertCount property.

This property is not available at design time.

Data Type

Binary String

TrustedCertStorePassword Property (SecurePDF_PDFSign Class)

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Object Oriented Interface

public function getTrustedCertStorePassword($trustedcertindex);
public function setTrustedCertStorePassword($trustedcertindex, $value);

Procedural Interface

securepdf_pdfsign_get($res, 221 , $trustedcertindex);
securepdf_pdfsign_set($res, 221, $value , $trustedcertindex);

Default Value

Remarks

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

The $trustedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the TrustedCertCount property.

This property is not available at design time.

Data Type

String

TrustedCertStoreType Property (SecurePDF_PDFSign Class)

The type of certificate store for this certificate.

Object Oriented Interface

public function getTrustedCertStoreType($trustedcertindex);
public function setTrustedCertStoreType($trustedcertindex, $value);

Procedural Interface

securepdf_pdfsign_get($res, 222 , $trustedcertindex);
securepdf_pdfsign_set($res, 222, $value , $trustedcertindex);

Default Value

Remarks

The type of certificate store for this certificate.


0 (cstUser - default)	For Windows, this specifies that the certificate store is a certificate store owned by the current user. Note: This store type is not available in Java.
1 (cstMachine)	For Windows, this specifies that the certificate store is a machine store. Note: This store type is not available in Java.
2 (cstPFXFile)	The certificate store is the name of a PFX (PKCS#12) file containing certificates.
3 (cstPFXBlob)	The certificate store is a string (binary or Base64-encoded) representing a certificate store in PFX (PKCS#12) format.
4 (cstJKSFile)	The certificate store is the name of a Java Key Store (JKS) file containing certificates. Note: This store type is only available in Java.
5 (cstJKSBlob)	The certificate store is a string (binary or Base64-encoded) representing a certificate store in Java Key Store (JKS) format. Note: This store type is only available in Java.
6 (cstPEMKeyFile)	The certificate store is the name of a PEM-encoded file that contains a private key and an optional certificate.
7 (cstPEMKeyBlob)	The certificate store is a string (binary or Base64-encoded) that contains a private key and an optional certificate.
8 (cstPublicKeyFile)	The certificate store is the name of a file that contains a PEM- or DER-encoded public key certificate.
9 (cstPublicKeyBlob)	The certificate store is a string (binary or Base64-encoded) that contains a PEM- or DER-encoded public key certificate.
10 (cstSSHPublicKeyBlob)	The certificate store is a string (binary or Base64-encoded) that contains an SSH-style public key.
11 (cstP7BFile)	The certificate store is the name of a PKCS#7 file containing certificates.
12 (cstP7BBlob)	The certificate store is a string (binary) representing a certificate store in PKCS#7 format.
13 (cstSSHPublicKeyFile)	The certificate store is the name of a file that contains an SSH-style public key.
14 (cstPPKFile)	The certificate store is the name of a file that contains a PPK (PuTTY Private Key).
15 (cstPPKBlob)	The certificate store is a string (binary) that contains a PPK (PuTTY Private Key).
16 (cstXMLFile)	The certificate store is the name of a file that contains a certificate in XML format.
17 (cstXMLBlob)	The certificate store is a string that contains a certificate in XML format.
18 (cstJWKFile)	The certificate store is the name of a file that contains a JWK (JSON Web Key).
19 (cstJWKBlob)	The certificate store is a string that contains a JWK (JSON Web Key).
21 (cstBCFKSFile)	The certificate store is the name of a file that contains a BCFKS (Bouncy Castle FIPS Key Store). Note: This store type is only available in Java and .NET.
22 (cstBCFKSBlob)	The certificate store is a string (binary or Base64-encoded) representing a certificate store in BCFKS (Bouncy Castle FIPS Key Store) format. Note: This store type is only available in Java and .NET.
23 (cstPKCS11)	The certificate is present on a physical security key accessible via a PKCS#11 interface. To use a security key, the necessary data must first be collected using the CertMgr class. The ListStoreCertificates method may be called after setting CertStoreType to `cstPKCS11`, CertStorePassword to the PIN, and CertStore to the full path of the PKCS#11 DLL. The certificate information returned in the CertList event's `CertEncoded` parameter may be saved for later use. When using a certificate, pass the previously saved security key information as the TrustedCertStore and set TrustedCertStorePassword to the PIN. Code Example. SSH Authentication with Security Key: `certmgr.CertStoreType = CertStoreTypes.cstPKCS11; certmgr.OnCertList += (s, e) => { secKeyBlob = e.CertEncoded; }; certmgr.CertStore = @"C:\Program Files\OpenSC Project\OpenSC\pkcs11\opensc-pkcs11.dll"; certmgr.CertStorePassword = "123456"; //PIN certmgr.ListStoreCertificates(); sftp.SSHCert = new Certificate(CertStoreTypes.cstPKCS11, secKeyBlob, "123456", "*"); sftp.SSHUser = "test"; sftp.SSHLogon("myhost", 22);`
99 (cstAuto)	The store type is automatically detected from the input data. This setting may be used with both public and private keys and can detect any of the supported formats automatically.

The $trustedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the TrustedCertCount property.

This property is not available at design time.

Data Type

Integer

TrustedCertSubjectAltNames Property (SecurePDF_PDFSign Class)

Comma-separated lists of alternative subject names for the certificate.

Object Oriented Interface

public function getTrustedCertSubjectAltNames($trustedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 223 , $trustedcertindex);

Default Value

Remarks

Comma-separated lists of alternative subject names for the certificate.

The $trustedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the TrustedCertCount property.

This property is read-only and not available at design time.

Data Type

String

TrustedCertThumbprintMD5 Property (SecurePDF_PDFSign Class)

The MD5 hash of the certificate.

Object Oriented Interface

public function getTrustedCertThumbprintMD5($trustedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 224 , $trustedcertindex);

Default Value

Remarks

The MD5 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

The $trustedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the TrustedCertCount property.

This property is read-only and not available at design time.

Data Type

String

TrustedCertThumbprintSHA1 Property (SecurePDF_PDFSign Class)

The SHA-1 hash of the certificate.

Object Oriented Interface

public function getTrustedCertThumbprintSHA1($trustedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 225 , $trustedcertindex);

Default Value

Remarks

The SHA-1 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

The $trustedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the TrustedCertCount property.

This property is read-only and not available at design time.

Data Type

String

TrustedCertThumbprintSHA256 Property (SecurePDF_PDFSign Class)

The SHA-256 hash of the certificate.

Object Oriented Interface

public function getTrustedCertThumbprintSHA256($trustedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 226 , $trustedcertindex);

Default Value

Remarks

The SHA-256 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

The $trustedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the TrustedCertCount property.

This property is read-only and not available at design time.

Data Type

String

TrustedCertUsage Property (SecurePDF_PDFSign Class)

The text description of UsageFlags .

Object Oriented Interface

public function getTrustedCertUsage($trustedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 227 , $trustedcertindex);

Default Value

Remarks

The text description of TrustedCertUsageFlags.

This value will be one or more of the following strings and will be separated by commas:

Digital Signature
Non-Repudiation
Key Encipherment
Data Encipherment
Key Agreement
Certificate Signing
CRL Signing
Encipher Only

If the provider is OpenSSL, the value is a comma-separated list of X.509 certificate extension names.

The $trustedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the TrustedCertCount property.

This property is read-only and not available at design time.

Data Type

String

TrustedCertUsageFlags Property (SecurePDF_PDFSign Class)

The flags that show intended use for the certificate.

Object Oriented Interface

public function getTrustedCertUsageFlags($trustedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 228 , $trustedcertindex);

Default Value

Remarks

The flags that show intended use for the certificate. The value of TrustedCertUsageFlags is a combination of the following flags:


0x80	Digital Signature
0x40	Non-Repudiation
0x20	Key Encipherment
0x10	Data Encipherment
0x08	Key Agreement
0x04	Certificate Signing
0x02	CRL Signing
0x01	Encipher Only

Please see the TrustedCertUsage property for a text representation of TrustedCertUsageFlags.

This functionality currently is not available when the provider is OpenSSL.

The $trustedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the TrustedCertCount property.

This property is read-only and not available at design time.

Data Type

Integer

TrustedCertVersion Property (SecurePDF_PDFSign Class)

The certificate's version number.

Object Oriented Interface

public function getTrustedCertVersion($trustedcertindex);

Procedural Interface

securepdf_pdfsign_get($res, 229 , $trustedcertindex);

Default Value

Remarks

The certificate's version number. The possible values are the strings "V1", "V2", and "V3".

The $trustedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the TrustedCertCount property.

This property is read-only and not available at design time.

Data Type

String

TrustedCertSubject Property (SecurePDF_PDFSign Class)

The subject of the certificate used for client authentication.

Object Oriented Interface

public function getTrustedCertSubject($trustedcertindex);
public function setTrustedCertSubject($trustedcertindex, $value);

Procedural Interface

securepdf_pdfsign_get($res, 230 , $trustedcertindex);
securepdf_pdfsign_set($res, 230, $value , $trustedcertindex);

Default Value

Remarks

The subject of the certificate used for client authentication.

If a matching certificate is found, the property is set to the full subject of the matching certificate.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.


Field	Meaning
CN	Common Name. This is commonly a hostname like www.server.com.
O	Organization
OU	Organizational Unit
L	Locality
S	State
C	Country
E	Email Address

If a field value contains a comma, it must be quoted.

The $trustedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the TrustedCertCount property.

This property is not available at design time.

Data Type

String

TrustedCertEncoded Property (SecurePDF_PDFSign Class)

The certificate (PEM/Base64 encoded).

Object Oriented Interface

public function getTrustedCertEncoded($trustedcertindex);
public function setTrustedCertEncoded($trustedcertindex, $value);

Procedural Interface

securepdf_pdfsign_get($res, 231 , $trustedcertindex);
securepdf_pdfsign_set($res, 231, $value , $trustedcertindex);

Default Value

Remarks

The certificate (PEM/Base64 encoded). This property is used to assign a specific certificate. The TrustedCertStore and TrustedCertSubject properties also may be used to specify a certificate.

When TrustedCertEncoded is set, a search is initiated in the current TrustedCertStore for the private key of the certificate. If the key is found, TrustedCertSubject is updated to reflect the full subject of the selected certificate; otherwise, TrustedCertSubject is set to an empty string.

The $trustedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the TrustedCertCount property.

This property is not available at design time.

Data Type

Binary String

TrustedLists Property (SecurePDF_PDFSign Class)

A list of known Trusted Lists for chain validation.

Object Oriented Interface

public function getTrustedLists();
public function setTrustedLists($value);

Procedural Interface

securepdf_pdfsign_get($res, 232 );
securepdf_pdfsign_set($res, 232, $value );

Default Value

'%EUTL%'

Remarks

This property is used to supply a semicolon-separated list of URLs or paths of known Trusted Lists to the class for chain validation.

A Trusted List is an XML document that contains a government-issued list of CAs that have passed regulated compliance checks. When validating the chain, the class will consult the Trusted List to establish certificate trust, ensuring that the CA is legitimate and entitled to issue certificates of the kind being checked.

The default value is the special %EUTL% macro, which, if applicable, instructs the class to check the root certificate against up-to-date versions of the primary EU Trusted Lists from the EU LOTL. Custom values can be appended: component.TrustedLists = "%EUTL%;http://my.company/tsl;c:\tsls\mytsl.xml"; Note: The class will cache all Trusted Lists it downloads and uses during chain validation. This cache is shared between class instances within the same process. If this property contains a URL that is also present in the cache, the class will retrieve the cached data and reuse them in the current validation. If the data are invalid, the class will download a fresh Trusted List and add it to the cache.

Data Type

String

TrustSources Property (SecurePDF_PDFSign Class)

The trust sources to use during chain validation.

Object Oriented Interface

public function getTrustSources();
public function setTrustSources($value);

Procedural Interface

securepdf_pdfsign_get($res, 233 );
securepdf_pdfsign_set($res, 233, $value );

Default Value

Remarks

This property is used to specify the sources the class will use to establish certificate trust during chain validation.

Establishing trust for a particular certificate, when either signing or verifying, involves building a chain up to a valid trust anchor. This trust anchor is a root certificate that typically resides on the local system. If the certificate does not eventually chain up to a valid trust anchor, the chain is considered untrusted and therefore invalid.

Possible values are:


0 (tsManual)	The class will consult the TrustedCerts property only.
1 (tsLocal)	The class will consult local system stores (e.g., Windows Trusted Root Certification Authorities) as well as TrustedCerts.
2 (tsTrustedLists)	The class will consult TrustedLists only.
3 (tsLocalAndTrustedLists - default)	The class will consult local system stores, TrustedCerts, and TrustedLists.

Data Type

Integer

ValidationFlags Property (SecurePDF_PDFSign Class)

Additional chain validation settings.

Object Oriented Interface

public function getValidationFlags();
public function setValidationFlags($value);

Procedural Interface

securepdf_pdfsign_get($res, 234 );
securepdf_pdfsign_set($res, 234, $value );

Default Value

Remarks

This property is used to specify additional settings that affect the overall flow of the chain validation.

Its value should be provided as a bitmask of the following flags:


0x001 (cvfForceCompleteChainValidationForTrusted)	Perform full chain validation for explicitly trusted intermediary or end-entity certificates. This may be useful when creating signatures to enforce the completeness of the collected revocation information. It often makes sense to omit this flag when validating signatures to reduce validation time and avoid issues with poorly configured environments.
0x002 (cvfIgnoreChainLoops)	Currently unsupported.
0x004 (cvfIgnoreOCSPNoCheckExtension)	Currently unsupported.
0x008 (cvfTolerateMinorChainIssues)	Currently unsupported.

Data Type

Integer

ValidationPolicy Property (SecurePDF_PDFSign Class)

The level at which to perform chain validation.

Object Oriented Interface

public function getValidationPolicy();
public function setValidationPolicy($value);

Procedural Interface

securepdf_pdfsign_get($res, 235 );
securepdf_pdfsign_set($res, 235, $value );

Default Value

Remarks

This property is used to specify the overall validation policy the class will follow.

Possible values are:


0 (vpNone)	No chain validation is attempted at all.
1 (vpFull - default)	Revocation and trust checks must succeed for all chains.
2 (vpFullNoTrust)	Revocation checks must succeed, but trust checks will not occur.
3 (vpFullNoRevocation)	Trust checks must succeed, but revocation checks will not occur.
4 (vpBestEffort)	Currently unsupported.

Validation Policy Heuristics

The choice of validation policy will depend on the scenario for which the chain is validated.

Creating a new signature:

For a basic signature with or without a timestamp, chain validation is not required, so it is recommended to use vpNone. This policy may also be used in test environments or on offline systems.
For an LTV signature, use vpFull or vpFullNoTrust depending on whether trust checks are necessary in the current environment. If the signature is being created in an environment that does not match the prospective validation environment, consider vpFullNoTrust to validate the chain properly and fully without expecting good trust.

Updating or extending an existing signature:

When updating a basic signature to LTV, similarly use vpFull or vpFullNoTrust as above.
When extending an LTV signature, similarly use vpFull or vpFullNoTrust as above.

Validating an existing signature:

For basic signature validation, use vpFullNoRevocation if trust checks, but not revocation checks, are necessary in the current environment. This policy may also be used on offline systems if the trust anchor is already available to the class.
For archival validation, use vpFull to validate the chain properly and fully. This policy expects the trust anchor and all the revocation material to be available.

Data Type

Integer

ValidationTime Property (SecurePDF_PDFSign Class)

The time point at which the signature should be validated.

Object Oriented Interface

public function getValidationTime();
public function setValidationTime($value);

Procedural Interface

securepdf_pdfsign_get($res, 236 );
securepdf_pdfsign_set($res, 236, $value );

Default Value

Remarks

This property is used to specify the moment in time at which the signature validity should be established. The time should be provided in UTC in yyyyMMddHHmmssZ format.

Leave this property empty to stick to the default time point. The class will then prioritize:

The signature creation time if the signature contains a signature timestamp (), or
The local time included in the signature by the signer ().

Note: The validity of the same signature may differ depending on the time point chosen due to temporal changes in chain validities, revocation statuses, and timestamp times.

Data Type

String

AddAttachment Method (SecurePDF_PDFSign Class)

Adds an attachment to a PDF document.

Object Oriented Interface

public function doAddAttachment($filename, $description);

Procedural Interface

securepdf_pdfsign_do_addattachment($res, $filename, $description);

Remarks

This method is used to add an attachment (embedded file) to the document specified in InputFile, InputData, or SetInputStream and to the Attachments properties.

The document containing the newly added attachment will be saved to OutputFile, OutputData, or the stream set in SetOutputStream.

The FileName and Description parameters specify the filename and description of the attachment respectively.

Example: pdfsign.InputFile = "input.pdf"; pdfsign.OutputFile = "input_with_attachment.pdf"; pdfsign.Open(); pdfsign.AddAttachment("foo.txt", "desc"); // Alternatively, create a PDFAttachment object and add it to Attachments manually: PDFAttachment attachment = new PDFAttachment(); attachment.FileName = "foo.txt"; // or attachment.DataB = new byte[] { ... }; // or attachment.InputStream = new FileStream(...); attachment.Description = "desc"; pdfsign.Attachments.Add(attachment); // Or using one of the constructors: pdfsign.Attachments.Add(new PDFAttachment("foo.txt", "desc")); pdfsign.Close(); The full list of attachments is contained in the Attachments property.

Note: If the document is not already opened, this method will open it, perform the operation, then close it.

AddTimestamp Method (SecurePDF_PDFSign Class)

Adds a document timestamp to a PDF document.

Object Oriented Interface

public function doAddTimestamp();

Procedural Interface

securepdf_pdfsign_do_addtimestamp($res);

Remarks

This method is used to obtain a document timestamp and embed it into the document specified in InputFile, InputData, or SetInputStream. The document containing the newly added document timestamp will be saved to OutputFile, OutputData, or the stream set in SetOutputStream.

A document timestamp is a fully independent signature that is added to the PDF document after the initial signature. Unlike the main signature, the document timestamp is made by a TSA, and its purpose is to preserve the document's long-term validity. Typically, adding a document timestamp is done close to the expiration date of the certificate that produced the last timestamp (which is either embedded in the main signature, or is a previous document timestamp). An LTV document therefore contains a chain of document timestamps updated periodically to keep its long-term status.

Example: pdfsign.InputFile = "signed.pdf"; pdfsign.OutputFile = "signed_with_dts.pdf"; pdfsign.TimestampServer = "http://time.certum.pl"; pdfsign.AddTimestamp(); Note: If the document is not already opened, this method will open it, perform the operation, then close it.

Close Method (SecurePDF_PDFSign Class)

Closes an opened PDF document.

Object Oriented Interface

public function doClose();

Procedural Interface

securepdf_pdfsign_do_close($res);

Remarks

This method is used to close the previously opened document specified in InputFile, InputData, or SetInputStream. It should always be preceded by a call to the Open method.

Example: component.InputFile = "input.pdf"; component.Open(); // Some operation component.Close();

If any changes are made to the document, they will be saved automatically to OutputFile, OutputData, or the stream set in SetOutputStream when this method is called. To configure this saving behavior, set the SaveChanges configuration setting.

Config Method (SecurePDF_PDFSign Class)

Sets or retrieves a configuration setting.

Object Oriented Interface

public function doConfig($configurationstring);

Procedural Interface

securepdf_pdfsign_do_config($res, $configurationstring);

Remarks

Config is a generic method available in every class. It is used to set and retrieve configuration settings for the class.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

Encrypted Method (SecurePDF_PDFSign Class)

Checks whether a PDF document is encrypted.

Object Oriented Interface

public function doEncrypted();

Procedural Interface

securepdf_pdfsign_do_encrypted($res);

Remarks

This method is used to determine whether or not the document specified in InputFile, InputData, or SetInputStream is encrypted. It will return false if the document is pseudo-encrypted with an empty password.

Example: component.InputFile = "input.pdf"; if (component.Encrypted()) { // Set Password or DecryptionCert } component.Open(); // Some operation component.Close(); Note: If the document is not already opened, this method will open it, perform the operation, then close it.

GetPageProperty Method (SecurePDF_PDFSign Class)

Retrieves the value of a page property.

Object Oriented Interface

public function doGetPageProperty($page, $pageproperty);

Procedural Interface

securepdf_pdfsign_do_getpageproperty($res, $page, $pageproperty);

Remarks

This method is used to read general information about the pages of the document specified in InputFile, InputData, or SetInputStream, such as their dimensions and content positioning details.

The Page parameter specifies the page to read information about (with a valid range from 1 to PageCount), and the PageProperty parameter specifies the page property to read. The latter can take one of the following values:


Page property	Default value	Description
CropLowerLeftX	0	The lower-left X coordinate of the page crop area in points.
CropLowerLeftY	0	The lower-left Y coordinate of the page crop area in points.
CropUpperRightX	0	The upper-right X coordinate of the page crop area in points.
CropUpperRightY	0	The upper-right Y coordinate of the page crop area in points.
Height	0	The height of the page in points. Both integer and decimal values are supported.
MediaLowerLeftX	0	The lower-left X coordinate of the page media area in points.
MediaLowerLeftY	0	The lower-left Y coordinate of the page media area in points.
MediaUpperRightX	0	The upper-right X coordinate of the page media area in points.
MediaUpperRightY	0	The upper-right Y coordinate of the page media area in points.
Rotation	0	The rotation angle of the page in degrees. Possible values: `0`, `90`, `180`, `270`.
Width	0	The width of the page in points. Both integer and decimal values are supported.

Note: Each page property is only populated once the document has been loaded, which is reported by the DocumentInfo event.

Example: int pageCount = 0; component.OnDocumentInfo += (s, e) => { pageCount = e.PageCount; }; component.InputFile = "input.pdf"; component.Open(); for (int i = 1; i <= pageCount; i++) component.GetPageProperty(i, "Height"); component.Close(); The page properties can be used to adjust the position of the signature widget based on the page dimensions. For example: int x = int.Parse(pdfsign.GetPageProperty(1, "Width")) - 100; int y = int.Parse(pdfsign.GetPageProperty(1, "Height")) - 100; pdfsign.SetWidgetProperty("OffsetX", x.ToString()); pdfsign.SetWidgetProperty("OffsetY", y.ToString()); Note: If the document is not already opened, this method will open it, perform the operation, then close it.

GetWidgetProperty Method (SecurePDF_PDFSign Class)

Retrieves the value of a signature widget property.

Object Oriented Interface

public function doGetWidgetProperty($signatureindex, $widgetproperty);

Procedural Interface

securepdf_pdfsign_do_getwidgetproperty($res, $signatureindex, $widgetproperty);

Remarks

This method is used to retrieve the value of a signature widget property. Together with SetWidgetProperty, this method provides an extensible way of managing the widget settings that are not available through the primary properties of the class. The list of settings below may be extended in the future.

The SignatureIndex parameter is the index of the signature of interest in the Signatures properties, and the WidgetProperty parameter specifies the widget property to read. The latter can take one of the following values:


Widget property	Default value	Description
BackgroundHeight	0	The size of the stretched background image in the vertical direction.
BackgroundWidth	0	The size of the stretched background image in the horizontal direction.
CompressWidgetData	False	Whether to compress the signature widget data before saving.
CustomBackgroundContentStream	""	A custom background content stream to use when BackgroundStyle is set to `Custom`.
CustomTextCount	0	The number of custom text blocks on the signature widget.
CustomTextFontResourceName[Index]	""	The font resource name used for the custom text block.
CustomTextFontSizeX[Index]	0	The horizontal font size scale used for the custom text.
CustomTextFontSizeY[Index]	0	The vertical font size scale used for the custom text.
CustomTextX[Index]	0	The horizontal offset of the custom text block on the widget.
CustomTextY[Index]	0	The vertical offset of the custom text block on the widget.
CustomText[Index]	""	The text shown on a custom signature widget text block. This indexed property provides access to the text placed on a specific signature widget text block. CustomText[0] specifies the text on the first block, CustomText[1] on the second block, and so on. Use the CustomTextCount property to get the number of custom text blocks.
Height	70	The height of the signature widget in points. This property is the same as .
Invisible	False	Whether the signature widget is invisible on the page.
OffsetX	0	The signature widget offset from the left-hand page border in points. This property is the same as .
OffsetY	0	The signature widget offset from the bottom page border in points. This property is the same as .
Pages	""	The page numbers on which the signature is shown. This property is the same as .
Rotation	0	The rotation angle of the signature widget in degrees. Supported values: `0`, `90`, `180`, `270`.
Width	70	The width of the signature widget in points. This property is the same as .

Example: pdfsign.InputFile = "signed.pdf"; pdfsign.Open(); bool invisible = bool.Parse(pdfsign.GetWidgetProperty(0, "Invisible")); pdfsign.Close(); Note: Each widget property is only populated after the document has been signed and the signature widget has been generated.

Note: If the document is not already opened, this method will open it, perform the operation, then close it.

Interrupt Method (SecurePDF_PDFSign Class)

Interrupts the current action.

Object Oriented Interface

public function doInterrupt();

Procedural Interface

securepdf_pdfsign_do_interrupt($res);

Remarks

This method interrupts the current action. It can be used, for example, within the ChainCert event to abort the chain validation procedure.

If there is no action in progress, this method simply returns, doing nothing.

Open Method (SecurePDF_PDFSign Class)

Opens a PDF document for processing.

Object Oriented Interface

public function doOpen();

Procedural Interface

securepdf_pdfsign_do_open($res);

Remarks

This method is used to open the document specified in InputFile, InputData, or SetInputStream before performing some operation on it, such as signing or updating. When finished, call Close to complete or discard the operation.

It is recommended to use this method (alongside Close) when performing multiple operations on the document at once.

Note: This method will populate the Attachments, DocumentCerts, and Signatures collections with any corresponding objects found in the document.

Automatic Decryption Functionality

If this method is called on an encrypted document, the Password or RecipientInfo event will fire (depending on the encryption type) as a notification that the document must be decrypted before processing can continue.

Once the correct decryption material is supplied, the class will then attempt to decrypt the document automatically within this method. When this occurs, the decrypted content is kept in memory so that the document's encrypted status is preserved when it is saved later. Use the Decrypt method to save a decrypted copy of the document instead.

RemoveAttachment Method (SecurePDF_PDFSign Class)

Removes an attachment from a PDF document.

Object Oriented Interface

public function doRemoveAttachment($index);

Procedural Interface

securepdf_pdfsign_do_removeattachment($res, $index);

Remarks

This method is used to remove an attachment from the document specified in InputFile, InputData, or SetInputStream and from the Attachments properties.

The document without the attachment will be saved to OutputFile, OutputData, or the stream set in SetOutputStream.

The Index parameter is the index of the attachment in the Attachments properties to be removed.

Example: pdfsign.InputFile = "input_with_attachment.pdf"; pdfsign.OutputFile = "attachment_removed.pdf"; pdfsign.Open(); pdfsign.RemoveAttachment(0); // Alternatively, remove an attachment from Attachments manually: PDFAttachment attachment = pdfsign.Attachments[0]; pdfsign.Attachments.Remove(attachment); pdfsign.Close(); Note: If the document is not already opened, this method will open it, perform the operation, then close it.

Reset Method (SecurePDF_PDFSign Class)

Resets the class.

Object Oriented Interface

public function doReset();

Procedural Interface

securepdf_pdfsign_do_reset($res);

Remarks

This method is used to reset the class's properties and configuration settings to their default values.

SaveAttachment Method (SecurePDF_PDFSign Class)

Saves a PDF attachment to a file.

Object Oriented Interface

public function doSaveAttachment($index, $filename);

Procedural Interface

securepdf_pdfsign_do_saveattachment($res, $index, $filename);

Remarks

This method is used to retrieve the contents of an attachment from the document specified in InputFile, InputData, or SetInputStream and save it to the file specified by FileName. It does not modify the existence of the Attachments properties's contents.

The Index parameter is the index of the attachment in the Attachments properties to be saved.

The FileName parameter specifies the filename that the attachment will be saved to.

Example: component.InputFile = "input_with_attachment.pdf"; component.Open(); component.SaveAttachment(0, "a.dat"); component.Close(); Example (saving to a stream): component.InputFile = "input_with_attachment.pdf"; component.Attachments[0].OutputStream = myStream; component.SaveAttachment(0, null); // null means use the OutputStream property if it's set Note: If the document is not already opened, this method will open it, perform the operation, then close it.

SetWidgetProperty Method (SecurePDF_PDFSign Class)

Sets the value of a signature widget property.

Object Oriented Interface

public function doSetWidgetProperty($widgetproperty, $value);

Procedural Interface

securepdf_pdfsign_do_setwidgetproperty($res, $widgetproperty, $value);

Remarks

This method is used to adjust the look of the signature widget when creating a signature. Together with GetWidgetProperty, this method provides an extensible way of managing the widget settings that are not available through the primary properties of the class. The list of settings below may be extended in the future.

The WidgetProperty and Value parameters specify the widget property and value to set respectively. The former can take one of the following values:


Widget property	Default value	Description
AlgorithmCaption	#auto	The caption of the signature widget field with information about the signature algorithm.
AlgorithmInfo	#auto	Information about the algorithm to be displayed on the signature widget. Keep this property set to `#auto` to make the class generate the algorithm text automatically, in the form of `Algorithm/Key size`, for example `RSA/1024 bits`.
BackgroundData	""	The data of the signature widget background bitmap. Assign the widget background data (in the form of a filename or hex-encoded JPEG or JPEG2000 bytes) to this property.
BackgroundHeight	0	The size of the stretched background image in the vertical direction.
BackgroundImageColorSpace	""	The background image color space. Supported values: `none`, `RGB`, `CMYK`, `Gray`.
BackgroundImageHeight	0	The height of the background image in pixels. It is important that this property matches the exact size of the image when a custom background is used. The width and height of the background image have no direct relation to the dimensions of the signature widget on the document page, and are only used to indicate the parameters of the image to the PDF processor. Big images will ultimately be squeezed to fit into the widget, and smaller ones stretched.
BackgroundImageType	JPEG2000	The type of the image contained in BackgroundData. Supported values: `JPEG2000`, `JPEG`, `Custom`.
BackgroundImageWidth	0	The width of the background image in pixels. It is important that this property matches the exact size of the image when a custom background is used. The width and height of the background image have no direct relation to the dimensions of the signature widget on the document page, and are only used to indicate the parameters of the image to the PDF processor. Big images will ultimately be squeezed to fit into the widget, and smaller ones stretched.
BackgroundPosition	""	The position of the widget background image. The value may be the keyword value `center`, which centers the image, or a pair of coordinates (e.g., `10 5.5`) in which the first value defines X and the second defines Y starting from the bottom-left corner.
BackgroundStyle	Default	The style of the signature widget background. Supported values: `Default`, `None`, `Custom`.
BackgroundWidth	0	The size of the stretched background image in the horizontal direction.
CompressWidgetData	False	Whether to compress the signature widget data before saving.
CustomBackgroundContentStream	""	A custom background content stream to use when BackgroundStyle is set to `Custom`.
CustomTextCount	0	The number of custom text blocks on the signature widget.
CustomTextFontResourceName[Index]	""	The font resource name to use for the custom text block.
CustomTextFontSizeX[Index]	0	The horizontal font size scale to use for the custom text.
CustomTextFontSizeY[Index]	0	The vertical font size scale to use for the custom text.
CustomTextX[Index]	0	The horizontal offset of the custom text block on the widget.
CustomTextY[Index]	0	The vertical offset of the custom text block on the widget.
CustomText[Index]	""	The text to show on a custom signature widget text block. This indexed property provides access to the text to be placed on a specific signature widget text block. CustomText[0] specifies the text on the first block, CustomText[1] on the second block, and so on. Use the CustomTextCount property to set the number of custom text blocks.
DateFontSize	0	The font size of the date and time text on the signature widget.
DateFormat	""	The format string used to display the signing date and time in the signature widget. Leave this property empty (default value) to use the default format. To convert UTC time to local time, set this property to `L` (default format) or use the `L:` prefix with a custom date time format string.
FontName	""	The font name for the signature widget text. Use this property to specify the Type 1 or TrueType font name for the signature widget text. The PDF format supports 14 standard Type 1 fonts: `Times-Roman`, `Helvetica`, `Courier`, `Symbol`, `Times-Bold`, `Helvetica-Bold`, `Courier-Bold`, `ZapfDingbats`, `Times-Italic`, `Helvetica-Oblique`, `Courier-Oblique`, `Times-BoldItalic`, `Helvetica-BoldOblique`, `Courier-BoldOblique`. Note that Adobe no longer supports Type 1 fonts as of January 2023. For TrueType font names, the class supports full font names (e.g., `Times New Roman`, `Arial Bold Italic`), its filename (e.g., `times.ttf`, `arialbi.ttf`), or a full filename. If a TrueType font is used, then a font subset is embedded into the PDF document.
Header	#auto	The header text to put on the signature widget. Keep this property set to `#auto` to make the class generate the header automatically.
Height	70	The height of the signature widget in points. This property is the same as SignatureWidgetHeight.
HideDefaultText	False	Whether default headers for the signature widget will be generated.
IgnoreExistingAppearance	False	Whether to discard all existing widget parameters when signing empty signature fields. This property only makes sense for signatures created by signing existing empty signature fields with pre-defined widget descriptions.
Invisible	False	Whether the signature widget is invisible on the page.
OffsetX	0	The signature widget offset from the left-hand page border in points. This property is the same as SignatureWidgetOffsetX.
OffsetY	0	The signature widget offset from the bottom page border in points. This property is the same as SignatureWidgetOffsetY.
Pages	""	The page numbers on which the signature is shown. This property is the same as SignatureWidgetPages.
PositionAnchor	Default	The anchor to bind the position of the widget to. Supported values: `Default`, `BottomLeft`, `BottomRight`, `TopLeft`, `TopRight`, `Center`.
RenderOptions	Print	A comma-separated list of rendering options. Supported values: `Unknown`, `NoRotate`, `NoView`, `NoZoom`, `Print`, `ReadOnly`, `ToggleNoView`.
Rotation	0	The rotation angle of the signature widget in degrees. Supported values: `0`, `90`, `180`, `270`.
SectionTextFontSize	0	The font size of general text on the signature widget.
SectionTitleFontSize	0	The font size of the section title on the signature widget.
ShowDate	True	Whether to display the signing date and time details on the widget.
SignerCaption	#auto	The caption for the signer section on the signature widget. Keep this property set to `#auto` to make the class generate the default signer caption, which is `Signer:` .
SignerInfo	#auto	Custom signer information to put on the signature widget. The standard signature widget allows for several short strings separated by carriage return line feed (CRLF). Keep this property set to `#auto` to make the class generate the signer text automatically.
TitleFontSize	0	The font size of the main title on the signature widget.
Width	70	The width of the signature widget in points. This property is the same as SignatureWidgetWidth.

Example: pdfsign.SetWidgetProperty("Width", "100"); pdfsign.SetWidgetProperty("Height", "100"); pdfsign.SetWidgetProperty("ShowDate", "false"); pdfsign.SetWidgetProperty("SignerInfo", "Hello\r\nworld!"); pdfsign.SetWidgetProperty("TitleFontSize", "11"); pdfsign.Sign();

Sign Method (SecurePDF_PDFSign Class)

Signs a PDF document.

Object Oriented Interface

public function doSign();

Procedural Interface

securepdf_pdfsign_do_sign($res);

Remarks

This method is used to sign the document specified in InputFile, InputData, or SetInputStream. The document will be signed with SigningCert and saved in OutputFile, OutputData, or the stream set in SetOutputStream.

Use the following properties to adjust new signature settings:

SignatureAuthorName
SignatureClaimedSigningTime
SignatureHashAlgorithm
SignatureProfile
SignatureReason
SignatureType
SignatureWidgetHeight
SignatureWidgetOffsetX
SignatureWidgetOffsetY
SignatureWidgetPages
SignatureWidgetWidth

Use the following properties to adjust chain validation parameters:

BlockedCerts
KnownCerts
OfflineMode
RevocationCheck
TrustedCerts
TrustedLists
TrustSources
ValidationFlags
ValidationPolicy
ValidationTime

During signing, the chain validation log will be available via the Log event if applicable.

Note: If the document is not already opened, this method will open it, perform the operation, then close it.

Signed Method (SecurePDF_PDFSign Class)

Checks whether a PDF document is signed.

Object Oriented Interface

public function doSigned();

Procedural Interface

securepdf_pdfsign_do_signed($res);

Remarks

This method is used to determine whether or not the document specified in InputFile, InputData, or SetInputStream is signed. It will return false if the document contains only empty signature fields.

Example: pdfverify.InputFile = "input.pdf"; if (pdfverify.Signed()) { // Configure validation-related properties as desired pdfverify.Verify(); } Note: If the document is not already opened, this method will open it, perform the operation, then close it.

Update Method (SecurePDF_PDFSign Class)

Updates the most recent signature.

Object Oriented Interface

public function doUpdate();

Procedural Interface

securepdf_pdfsign_do_update($res);

Remarks

This method is used to update the most recent signature by embedding newer or missing revocation information into the signed document specified in InputFile, InputData, or SetInputStream. The updated document will be saved to OutputFile, OutputData, or the stream set in SetOutputStream.

Updating a signature starts with its cryptographic validation. Before any new validation material is inserted, the signature's integrity must be validated. If the signature is found to be correct, the class will proceed with chain validation and the retrieval of any missing chain elements. If the signature is cryptographically wrong, the class will throw an exception.

The update approach is typically used to extend the validity of an LTV signature. For LTA signatures, updating is typically accompanied with a document timestamping operation. Set TimestampServer to have the class obtain and embed a document timestamp automatically.

Further validation material and document timestamps may be added to a document over time to maintain its authenticity and integrity.

Use the following properties to adjust chain validation parameters:

BlockedCerts
KnownCerts
OfflineMode
RevocationCheck
TrustedCerts
TrustedLists
TrustSources
ValidationFlags
ValidationPolicy
ValidationTime

Note: To choose a different signature to update, set the UpdateIndex configuration setting.

Note: If the document is not already opened, this method will open it, perform the operation, then close it.

ChainCert Event (SecurePDF_PDFSign Class)

Fired when the class encounters a chain certificate.

Object Oriented Interface

public function fireChainCert($param);

Procedural Interface

securepdf_pdfsign_register_callback($res, 1, array($this, 'fireChainCert'));

Parameter List

 'certencoded'
 'certsubject'
 'certissuer'
 'validationtime'
 'validationresult'
 'validationdetails'

Remarks

This event is fired once for each certificate encountered during chain validation to report that it is about to be processed. The class will try to retrieve all required chain certificates automatically.

The CertEncoded parameter specifies the PEM (Base64-encoded) public certificate.

The CertSubject and CertIssuer parameters specify the distinguished names of the certificate owner and issuer respectively.

The ValidationTime parameter specifies the time point (in UTC) at which the certificate validity was established.

The ValidationResult parameter reports the outcome of the individual certificate validation and can be one of the following values:


0 (cvrUnknown - default)	Certificate validity is unknown.
1 (cvrValid)	The certificate is valid.
2 (cvrValidButUntrusted)	The certificate is valid but not trusted.
3 (cvrInvalid)	The certificate is not valid (it is revoked, expired, or contains an invalid signature).
4 (cvrCantBeEstablished)	The validity of the certificate cannot be established because of missing or unavailable validation information (certificates, CRLs, or OCSP responses).

In the case of a failure, the ValidationDetails parameter provides more details on its reasons. Its value is a bitmask of the following flags:


0x001 (cvdRevoked)	The certificate is revoked.
0x002 (cvdExpiredOrNotYetValid)	The certificate is expired or not yet valid.
0x004 (cvdUnknownCA)	A CA certificate for the certificate has not been found, is not trusted, or has a wrong public key (chain incomplete).
0x008 (cvdPolicyViolated)	One of the CA certificates is not authorized to act as a CA, a mandatory key usage is not enabled, or a weak algorithm is used in the certificate.
0x010 (cvdRevocationCheckFailed)	One or more CRLs or OCSP responses could not be verified.
0x020 (cvdBlocked)	The certificate is blocked.
0x040 (cvdFailure)	General validation failure.

Overridable Chain Validation

While the class will follow the validation rules defined by the X.509 standard to the best of its ability, minor technical issues may arise when validating the chain. The ValidationResult and ValidationDetails parameters can be overridden to relax such requirements on a per-certificate basis.

For example, set ValidationResult to cvrValid and ValidationDetails to 0 in order to:

Ignore CA or TLS key usage requirements
Ignore the AuthorityKeyId extension in certificate-issuing CAs (helps with incorrectly renewed certificates)
Ignore the Basic Constraints or Name Constraints extensions of CA certificates
Tolerate some weaker algorithms
Implicitly trust self-signed certificates
Skip validity period checks for trusted certificates (helps with older devices that have expired root certificates)
Ignore chain loops (helps with buggy CAs that include subchains that sign themselves)

Based on the adjusted validity of the certificate that is currently being processed, the class will continue or abort the chain validation procedure accordingly as if it had arrived at the chosen validation result itself.

Note: The user code is ultimately responsible for certificate validity decisions made via these two parameters. If their values are modified within this event, the resulting chain validation procedure may deviate from the standard.

DocumentInfo Event (SecurePDF_PDFSign Class)

Fired when the document has been loaded into memory.

Object Oriented Interface

public function fireDocumentInfo($param);

Procedural Interface

securepdf_pdfsign_register_callback($res, 2, array($this, 'fireDocumentInfo'));

Parameter List

 'pagecount'
 'signaturecount'

Remarks

This event is fired once per document processing routine to report that the document has been processed and loaded into memory.

The handler for this event is a good place to check the document structure and access document-related information such as page number and document file details. These may be useful when preparing the signature. For example, the GetPageProperty method can be used to find the optimal position for the signature widget.

The PageCount parameter reports the number of pages in the document.

The SignatureCount parameter reports the number of signatures in the document.

This event is fired when the Open method is called, but only after Password or RecipientInfo is fired (if applicable) and the document has been decrypted.

Error Event (SecurePDF_PDFSign Class)

Fired when information is available about errors during data delivery.

Object Oriented Interface

public function fireError($param);

Procedural Interface

securepdf_pdfsign_register_callback($res, 3, array($this, 'fireError'));

Parameter List

 'errorcode'
 'description'

Remarks

The Error event is fired in case of exceptional conditions during message processing. Normally the class fails with an error.

The ErrorCode parameter contains an error code, and the Description parameter contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.

Log Event (SecurePDF_PDFSign Class)

Fired once for each log message.

Object Oriented Interface

public function fireLog($param);

Procedural Interface

securepdf_pdfsign_register_callback($res, 4, array($this, 'fireLog'));

Parameter List

 'loglevel'
 'message'
 'logtype'

Remarks

This event is fired once for each log message generated by the class. The verbosity is controlled by the LogLevel configuration setting.

The LogLevel parameter indicates the detail level of the message. Possible values are:


0 (None)	No messages are logged.
1 (Info - default)	Informational events such as the basics of the chain validation procedure are logged.
2 (Verbose)	Detailed data such as HTTP requests are logged.
3 (Debug)	Debug data including the full chain validation procedure are logged.

The Message parameter is the log message.

The LogType parameter identifies the type of log entry. Possible values are:

CertValidator
Font
HTTP
PDFInvalidSignature
PDFRevocationInfo
Timestamp
TSL

Password Event (SecurePDF_PDFSign Class)

Fired when the class detects that the PDF document is encrypted with a password.

Object Oriented Interface

public function firePassword($param);

Procedural Interface

securepdf_pdfsign_register_callback($res, 5, array($this, 'firePassword'));

Parameter List

 'available'
 'cancel'

Remarks

This event is fired during document processing to report that the document is encrypted with a password. It may be used to supply the correct decryption password to the Password property.

The Available parameter indicates whether the decryption password is already available to the class or still needs to be set. If this parameter is set to false, the correct password must be provided for the decryption attempt to succeed.

The Cancel parameter determines whether the class will stop firing this event to request a password.

RecipientInfo Event (SecurePDF_PDFSign Class)

Fired for each recipient certificate of the encrypted PDF document.

Object Oriented Interface

public function fireRecipientInfo($param);

Procedural Interface

securepdf_pdfsign_register_callback($res, 6, array($this, 'fireRecipientInfo'));

Parameter List

 'issuer'
 'serialnumber'
 'subjectkeyidentifier'
 'available'
 'cancel'

Remarks

This event is fired during document processing for each recipient certificate that the document has been encrypted for (if applicable). It may be used to identify the certificate(s) to load and supply to the DecryptionCert property.

The Issuer parameter specifies the subject of the issuer certificate.

The SerialNumber parameter specifies the serial number of the encryption certificate.

The SubjectKeyIdentifier parameter specifies the X.509 subjectKeyIdentifier extension value of the encryption certificate, encoded as a hex string.

The Available parameter indicates whether the decryption certificate is already available to the class or still needs to be set. If this parameter is set to false, the correct certificate must be provided for the decryption attempt to succeed.

The Cancel parameter determines whether the class will stop firing this event to request a certificate.

Note: The document may be encrypted with more than one certificate (or have "more than one recipient"), in which case each certificate will cause its own invocation of this event.

SignatureInfo Event (SecurePDF_PDFSign Class)

Fired when the class finds a signature in the document.

Object Oriented Interface

public function fireSignatureInfo($param);

Procedural Interface

securepdf_pdfsign_register_callback($res, 7, array($this, 'fireSignatureInfo'));

Parameter List

 'signatureindex'
 'validatesignature'
 'validatechain'

Remarks

This event is fired once for each signature found in the document to report that the signature specified by SignatureIndex is about to be validated.

The SignatureIndex parameter is the index of the signature in the Signatures properties.

Signature validation consists of two independent stages: cryptographic signature validation and chain validation. The ValidateSignature and ValidateChain parameters determine whether each stage should be included in the validation. They can be overridden to modify the validation policy on a per-signature basis, allowing signatures to be verified individually instead of all at once (via Verify). To skip validation entirely, set both parameters to false.

Use the following properties to adjust chain validation parameters:

BlockedCerts
KnownCerts
OfflineMode
RevocationCheck
TrustedCerts
TrustedLists
TrustSources
ValidationFlags
ValidationPolicy
ValidationTime

SignatureProcessed Event (SecurePDF_PDFSign Class)

Fired after a signature has been processed.

Object Oriented Interface

public function fireSignatureProcessed($param);

Procedural Interface

securepdf_pdfsign_register_callback($res, 8, array($this, 'fireSignatureProcessed'));

Parameter List

 'signatureindex'
 'signaturevalidationresult'
 'chainvalidationresult'
 'chainvalidationdetails'

Remarks

This event is fired once for each signature found in the document to report that the signature specified by SignatureIndex has completed validation. It is fired after SignatureInfo if that event's ValidateSignature parameter is set to true.

The SignatureIndex parameter is the index of the signature in the Signatures properties.

Signature validation consists of two independent stages: cryptographic signature validation and chain validation. Separate validation results are reported for each in the SignatureValidationResult and ChainValidationResult parameters.

The former reports the validity of the signature and can be one of the following values:


0 (svrUnknown - default)	Signature validity is unknown.
1 (svrValid)	The signature is valid.
2 (svrCorrupted)	The signature is corrupted.
3 (svrSignerNotFound)	Failed to acquire the signing certificate. The signature cannot be validated.
4 (svrFailure)	General failure.

The latter reports the validity of the chain and can be one of the following values:


0 (cvrUnknown - default)	Chain validity is unknown.
1 (cvrValid)	The chain is valid.
2 (cvrValidButUntrusted)	The chain is valid, but the root certificate is not trusted.
3 (cvrInvalid)	The chain is not valid (some of the certificates are revoked, expired, or contain an invalid signature).
4 (cvrCantBeEstablished)	The validity of the chain cannot be established because of missing or unavailable validation information (certificates, CRLs, or OCSP responses).

In the case of a failure, the ChainValidationDetails parameter provides more details on its reasons. Its value is a bitmask of the following flags:


0x001 (cvdRevoked)	One or more certificates are revoked.
0x002 (cvdExpiredOrNotYetValid)	One or more certificates are expired or not yet valid.
0x004 (cvdUnknownCA)	A CA certificate for one or more certificates has not been found, is not trusted, or has a wrong public key (chain incomplete).
0x008 (cvdPolicyViolated)	One of the CA certificates is not authorized to act as a CA, a mandatory key usage is not enabled in one of the chain certificates, or a weak algorithm is used in one of the certificates or revocation elements.
0x010 (cvdRevocationCheckFailed)	One or more CRLs or OCSP responses could not be verified.
0x020 (cvdBlocked)	One or more certificates are blocked.
0x040 (cvdFailure)	General validation failure.

Note: SignatureValidationResult, ChainValidationResult, and ChainValidationDetails are also available as properties in the PDFSignature type.

SSLServerAuthentication Event (SecurePDF_PDFSign Class)

Fired after the server presents its certificate to the client.

Object Oriented Interface

public function fireSSLServerAuthentication($param);

Procedural Interface

securepdf_pdfsign_register_callback($res, 9, array($this, 'fireSSLServerAuthentication'));

Parameter List

 'certencoded'
 'certsubject'
 'certissuer'
 'status'
 'accept'

Remarks

This event is fired during timestamping or chain validation after the server presents its SSL/TLS certificate to the class. It only applies if the TSA, CRL, OCSP, or Trusted List endpoint operates over HTTPS.

During this event, the client can decide whether or not to continue with the connection process. The Accept parameter is a recommendation on whether to continue or close the connection. This is just a suggestion: application software must use its own logic to determine whether or not to continue.

When the Accept parameter is false, the Status parameter shows why the verification failed (otherwise, Status contains the string OK). If it is decided to continue, you can override and accept the certificate by setting the Accept parameter to true.

SSLStatus Event (SecurePDF_PDFSign Class)

Fired when secure connection progress messages are available.

Object Oriented Interface

public function fireSSLStatus($param);

Procedural Interface

securepdf_pdfsign_register_callback($res, 10, array($this, 'fireSSLStatus'));

Parameter List

 'message'

Remarks

This event is fired during timestamping or chain validation for informational and logging purposes only. This event tracks the progress of the SSL/TLS connection. It only applies if the TSA, CRL, OCSP, or Trusted List endpoint operates over HTTPS.

Config Settings (PDFSign Class)

The class accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.

PDFSign Config Settings

CacheRevocationInfo: Whether to cache revocation information.

This setting specifies whether the class will cache revocation information. If set to true, the class will preserve downloaded CRLs and OCSP responses in memory and reuse them in subsequent chain validations. If set to false, the class will always collect revocation information from scratch (when applicable). The default value is true.

CloseInputStreamAfterProcessing: Whether to close the input stream after processing.

This setting determines whether the input stream specified in SetInputStream will be closed after processing is complete. The default value is true.

CloseOutputStreamAfterProcessing: Whether to close the output stream after processing.

This setting determines whether the output stream specified in SetOutputStream will be closed after processing is complete. The default value is true.

CompressDSS: Whether to compress content in the DSS dictionary.

This setting determines whether content in the DSS dictionary will be compressed. The default value is true.

ContactInfo[Index]: The signer's contact information.

This indexed setting specifies the signer's contact information for a signature. Index is the index of the signature in the Signatures properties. When creating a new signature, use -1 as the Index.

CustomProfile: A pre-defined custom profile to apply when creating the signature.

This setting specifies a pre-defined custom profile to apply when creating the signature. Possible values are:


BR.AD_RB_v1_0	Brazilian signature with Basic Reference (AD-RB) version 1.0
BR.AD_RB_v1_1	Brazilian signature with Basic Reference (AD-RB) version 1.1
BR.AD_RT_v1_0	Brazilian signature with Time Reference (AD-RT) version 1.0
BR.AD_RT_v1_1	Brazilian signature with Time Reference (AD-RT) version 1.1
BR.AD_RC_v1_1	Brazilian signature with Complete References (AD-RC) version 1.1
BR.AD_RC_v1_2	Brazilian signature with Complete References (AD-RC) version 1.2
BR.AD_RA_v1_1	Brazilian signature with References for Archiving (AD-RA) version 1.1
BR.AD_RA_v1_2	Brazilian signature with References for Archiving (AD-RA) version 1.2

ExtraSpace: The number of extra 0 bytes to allocate in the document behind the signature.

This setting specifies the number of extra 0 bytes to allocate in the document behind the signature. The allocated space can be used in the future to place a timestamp.

FilterName[Index]: The signature filter name.

This indexed setting specifies the signature filter name. The default value is nsoftware.SecurePDF.

Index is the index of the signature in the Signatures properties. When creating a new signature, use -1 as the Index. If set to PBAD_PAdES, the class will create a PBAD.PAdES-compatible signature.

FontPaths: The font search paths.

This setting specifies a CRLF-separated list of paths where the class will search for additional TrueType font files. The default value is the system font search paths.

FullSignatureName[Index]: The full name of the signature field.

This indexed setting specifies the full name of the signature field. It is an internal identifier of a signature (such as Signature1) and is not meant to be human-readable.

Index is the index of the signature in the Signatures properties. When creating a new signature, use -1 as the Index.

HTTPRetryCount: The number of HTTP request retries.

This setting specifies the number of times to retry an HTTP request. It can be useful in the case of timestamping or CRL/OCSP retrieval failures.

HTTPRetryInterval: A time interval to apply between HTTP request retries.

This setting specifies the time interval (in seconds) to apply between successive HTTP request retries. It can be useful in the case of timestamping or CRL/OCSP retrieval failures.

IncludeRevocationInfo: Whether to include revocation information in the document.

This setting specifies whether and where revocation information will be included in the document when Sign or Update is called. Its value should be provided as a bitmask of the following flags:


0x001 (rilAuto)	Revocation information will be included in either the DSS dictionary or the adbe-revocationInfoArchival signature attribute depending on the SignatureType.
0x002 (rilDSS)	Revocation information will be included in the DSS dictionary.
0x004 (rilAdbeAttribute)	Revocation information will be included in the adbe-revocationInfoArchival signature attribute.

The default value is 0x001, meaning the class will save revocation information in the DSS dictionary for advanced (PAdES) signatures, and in the adbe-revocationInfoArchival signature attribute for legacy signatures. This complies with the respective standards.

IncludeSigningChain: Whether to include the full signing chain in the signature.

This setting specifies whether and how the full signing certificate chain will be included in the signature. Possible values are:


0	Do not include the signing chain in the signature.
1 (default)	Attempt to build the signing chain automatically, and if successful, include it in the signature.
2	Include the contents of KnownCerts in the signature.

LogLevel: The level of detail that is logged.

This setting controls the level of detail that is logged through the Log event. Possible values are:


0 (None)	No messages are logged.
1 (Info - default)	Informational events such as the basics of the chain validation procedure are logged.
2 (Verbose)	Detailed data such as HTTP requests are logged.
3 (Debug)	Debug data including the full chain validation procedure are logged.

OwnerPassword: The owner password to decrypt the document with.

This setting is used to provide the document owner password for decryption. Though it may be different from Password, most implementations use the same value for both.

Permissions: The document permissions associated with the encryption.

This setting returns the permissions protected by this encryption. The PDF specification expects applications to comply with these permissions when handling encrypted documents, but note that it is a policy-like requirement rather than an enforcement.

This setting is read-only. Its value is a bitmask of the following flags:


0x001 (pepAnnotations)	Annotating is allowed.
0x002 (pepAssemble)	Assembling a new document on the basis of the processed one is allowed.
0x004 (pepExtract)	Extraction/copying of the pictures and text from the document is allowed.
0x008 (pepExtractAcc)	Content extraction is allowed for accessibility purposes only.
0x010 (pepFillInForms)	Filling in forms is allowed.
0x020 (pepHighQualityPrint)	High quality printing is allowed.
0x040 (pepLowQualityPrint)	Low quality printing is allowed.
0x080 (pepModify)	Modifications are allowed.

PolicyHash: The signature policy hash value.

This setting specifies the signature policy hash value. It must be set in order to create an EPES signature. The hash is calculated by the policy author when the policy is created, and it is included in the policy file.

PolicyHashAlgorithm: The algorithm that was used to calculate the signature policy hash.

This setting specifies the algorithm that was used to calculate the signature policy hash. It must be set in order to create an EPES signature.

PolicyId: The policy Id to be included in the signature.

This setting specifies the policy Id to be included in the signature. It must be set in order to create an EPES signature.

PreferEmbeddedRevocationInfo: Whether to prioritize revocation information that is embedded into the document.

This setting specifies whether the class will use revocation information that is embedded into the document when checking revocation status. If set to true, the class will not download CRLs or OCSP responses from online sources unnecessarily. If set to false or no embedded revocation information is present, the class will retrieve it as normal based on the value of RevocationCheck. The default value is true.

SaveChanges: Whether to save changes made to the PDF document.

This setting specifies whether and how changes made to the PDF document will be saved when the Close method is called. Possible values are:


0	Discard all changes.
1	Save the document to OutputFile, OutputData, or the stream set in SetOutputStream, even if it has not been modified.
2 (default)	Save the document to OutputFile, OutputData, or the stream set in SetOutputStream, but only if it has been modified.

SignatureData[Index]: The hex-encoded representation of the underlying PKCS#7 signature blob.

This indexed setting returns the hex-encoded representation of the underlying PKCS#7 signature blob. Index is the index of the signature in the Signatures properties. This setting is read-only.

SystemFontNames: The system font names.

This setting returns a CRLF-separated list of system TrueType font names that are supported by the class. This setting is read-only.

TempPath: The location where temporary files are stored.

This setting specifies an absolute path to the location on disk where temporary files are stored. It can be useful to reduce memory usage.

TimestampHashAlgorithm: A specific hash algorithm for use with the timestamping service.

This setting specifies a different hash algorithm to use for the timestamp. In its default configuration, the class will use the same hash algorithm for the main signature and any associated timestamps.

TSATLSClientCertStore: The TLS client certificate store to search.

This setting specifies the TLS client certificate store to search when the TSA requests TLS client authentication. Designations of certificate stores are platform-dependent. The following designations are the most common User and Machine certificate stores in Windows:


MY	A certificate store holding personal certificates with their associated private keys.
CA	Certifying authority certificates.
ROOT	Root certificates.

When TSATLSClientCertStoreType is set to 2 (cstPFXFile), this setting must be set to the name of the file. When the type is set to 3 (cstPFXBlob), this setting must be set to the binary contents of a PFX file (i.e., a PKCS#12 certificate store). If the store is password-protected, specify the password in TSATLSClientCertStorePassword.

TSATLSClientCertStorePassword: The password needed to open the TLS client certificate store.

This setting specifies the password needed to open the TLS client certificate store when the TSA requests TLS client authentication.

TSATLSClientCertStoreType: The type of the TLS client certificate store.

This setting specifies the type of the TLS client certificate store specified by TSATLSClientCertStore. The class supports both public and private keys in a variety of formats. When the cstAuto value is used, the class will automatically determine the type. This property can take one of the following values:


0 (cstUser - default)	For Windows, this specifies that the certificate store is a certificate store owned by the current user. Note: This store type is not available in Java.
1 (cstMachine)	For Windows, this specifies that the certificate store is a machine store. Note: This store type is not available in Java.
2 (cstPFXFile)	The certificate store is the name of a PFX (PKCS#12) file containing certificates.
3 (cstPFXBlob)	The certificate store is a string (binary or Base64-encoded) representing a certificate store in PFX (PKCS#12) format.
4 (cstJKSFile)	The certificate store is the name of a Java Key Store (JKS) file containing certificates. Note: This store type is only available in Java.
5 (cstJKSBlob)	The certificate store is a string (binary or Base64-encoded) representing a certificate store in Java Key Store (JKS) format. Note: This store type is only available in Java.
6 (cstPEMKeyFile)	The certificate store is the name of a PEM-encoded file that contains a private key and an optional certificate.
7 (cstPEMKeyBlob)	The certificate store is a string (binary or Base64-encoded) that contains a private key and an optional certificate.
8 (cstPublicKeyFile)	The certificate store is the name of a file that contains a PEM- or DER-encoded public key certificate.
9 (cstPublicKeyBlob)	The certificate store is a string (binary or Base64-encoded) that contains a PEM- or DER-encoded public key certificate.
10 (cstSSHPublicKeyBlob)	The certificate store is a string (binary or Base64-encoded) that contains an SSH-style public key.
11 (cstP7BFile)	The certificate store is the name of a PKCS#7 file containing certificates.
12 (cstP7BBlob)	The certificate store is a string (binary) representing a certificate store in PKCS#7 format.
13 (cstSSHPublicKeyFile)	The certificate store is the name of a file that contains an SSH-style public key.
14 (cstPPKFile)	The certificate store is the name of a file that contains a PPK (PuTTY Private Key).
15 (cstPPKBlob)	The certificate store is a string (binary) that contains a PPK (PuTTY Private Key).
16 (cstXMLFile)	The certificate store is the name of a file that contains a certificate in XML format.
17 (cstXMLBlob)	The certificate store is a string that contains a certificate in XML format.
18 (cstJWKFile)	The certificate store is the name of a file that contains a JWK (JSON Web Key).
19 (cstJWKBlob)	The certificate store is a string that contains a JWK (JSON Web Key).
21 (cstBCFKSFile)	The certificate store is the name of a file that contains a BCFKS (Bouncy Castle FIPS Key Store). Note: This store type is only available in Java and .NET.
22 (cstBCFKSBlob)	The certificate store is a string (binary or Base64-encoded) representing a certificate store in BCFKS (Bouncy Castle FIPS Key Store) format. Note: This store type is only available in Java and .NET.
23 (cstPKCS11)	The certificate is present on a physical security key accessible via a PKCS#11 interface. To use a security key, the necessary data must first be collected using the CertMgr class. The ListStoreCertificates method may be called after setting CertStoreType to `cstPKCS11`, CertStorePassword to the PIN, and CertStore to the full path of the PKCS#11 DLL. The certificate information returned in the CertList event's `CertEncoded` parameter may be saved for later use. When using a certificate, pass the previously saved security key information as the and set to the PIN. Code Example. SSH Authentication with Security Key: `certmgr.CertStoreType = CertStoreTypes.cstPKCS11; certmgr.OnCertList += (s, e) => { secKeyBlob = e.CertEncoded; }; certmgr.CertStore = @"C:\Program Files\OpenSC Project\OpenSC\pkcs11\opensc-pkcs11.dll"; certmgr.CertStorePassword = "123456"; //PIN certmgr.ListStoreCertificates(); sftp.SSHCert = new Certificate(CertStoreTypes.cstPKCS11, secKeyBlob, "123456", "*"); sftp.SSHUser = "test"; sftp.SSHLogon("myhost", 22);`
99 (cstAuto)	The store type is automatically detected from the input data. This setting may be used with both public and private keys and can detect any of the supported formats automatically.

TSATLSClientCertSubject: The subject of the TLS client certificate.

This setting specifies the subject of the TLS client certificate to use when the TSA requests TLS client authentication. It must be set after all other certificate properties are set. When set, a search is performed in the TSATLSClientCertStore to locate a certificate with a matching subject.

If a matching certificate is found, the setting is set to the full subject of the matching certificate. If an exact match is not found, the store is searched for subjects containing the value of the setting. If a match is still not found, the setting is set to an empty string, and no certificate is selected.

The asterisk character (*) picks a random certificate in the certificate store.


Field	Meaning
CN	Common Name. This is commonly a hostname like www.server.com.
O	Organization
OU	Organizational Unit
L	Locality
S	State
C	Country
E	Email Address

If a field value contains a comma, it must be quoted.

UpdateIndex: The index of the signature to update.

This setting specifies the index of the signature in the Signatures properties to be updated. The default value is -1, meaning the class will update the most recent signature.

UsePSS: Whether to use RSA-PSS during signing and verification.

This setting specifies whether RSA-PSS will be used when signing and verifying documents. The default value is false.

Base Config Settings

BuildInfo: Information about the product's build.

When queried, this setting will return a string containing information about the product's build.

CodePage: The system code page used for Unicode to Multibyte translations.

The default code page is Unicode UTF-8 (65001).

The following is a list of valid code page identifiers:


Identifier	Name
037	IBM EBCDIC - U.S./Canada
437	OEM - United States
500	IBM EBCDIC - International
708	Arabic - ASMO 708
709	Arabic - ASMO 449+, BCON V4
710	Arabic - Transparent Arabic
720	Arabic - Transparent ASMO
737	OEM - Greek (formerly 437G)
775	OEM - Baltic
850	OEM - Multilingual Latin I
852	OEM - Latin II
855	OEM - Cyrillic (primarily Russian)
857	OEM - Turkish
858	OEM - Multilingual Latin I + Euro symbol
860	OEM - Portuguese
861	OEM - Icelandic
862	OEM - Hebrew
863	OEM - Canadian-French
864	OEM - Arabic
865	OEM - Nordic
866	OEM - Russian
869	OEM - Modern Greek
870	IBM EBCDIC - Multilingual/ROECE (Latin-2)
874	ANSI/OEM - Thai (same as 28605, ISO 8859-15)
875	IBM EBCDIC - Modern Greek
932	ANSI/OEM - Japanese, Shift-JIS
936	ANSI/OEM - Simplified Chinese (PRC, Singapore)
949	ANSI/OEM - Korean (Unified Hangul Code)
950	ANSI/OEM - Traditional Chinese (Taiwan; Hong Kong SAR, PRC)
1026	IBM EBCDIC - Turkish (Latin-5)
1047	IBM EBCDIC - Latin 1/Open System
1140	IBM EBCDIC - U.S./Canada (037 + Euro symbol)
1141	IBM EBCDIC - Germany (20273 + Euro symbol)
1142	IBM EBCDIC - Denmark/Norway (20277 + Euro symbol)
1143	IBM EBCDIC - Finland/Sweden (20278 + Euro symbol)
1144	IBM EBCDIC - Italy (20280 + Euro symbol)
1145	IBM EBCDIC - Latin America/Spain (20284 + Euro symbol)
1146	IBM EBCDIC - United Kingdom (20285 + Euro symbol)
1147	IBM EBCDIC - France (20297 + Euro symbol)
1148	IBM EBCDIC - International (500 + Euro symbol)
1149	IBM EBCDIC - Icelandic (20871 + Euro symbol)
1200	Unicode UCS-2 Little-Endian (BMP of ISO 10646)
1201	Unicode UCS-2 Big-Endian
1250	ANSI - Central European
1251	ANSI - Cyrillic
1252	ANSI - Latin I
1253	ANSI - Greek
1254	ANSI - Turkish
1255	ANSI - Hebrew
1256	ANSI - Arabic
1257	ANSI - Baltic
1258	ANSI/OEM - Vietnamese
1361	Korean (Johab)
10000	MAC - Roman
10001	MAC - Japanese
10002	MAC - Traditional Chinese (Big5)
10003	MAC - Korean
10004	MAC - Arabic
10005	MAC - Hebrew
10006	MAC - Greek I
10007	MAC - Cyrillic
10008	MAC - Simplified Chinese (GB 2312)
10010	MAC - Romania
10017	MAC - Ukraine
10021	MAC - Thai
10029	MAC - Latin II
10079	MAC - Icelandic
10081	MAC - Turkish
10082	MAC - Croatia
12000	Unicode UCS-4 Little-Endian
12001	Unicode UCS-4 Big-Endian
20000	CNS - Taiwan
20001	TCA - Taiwan
20002	Eten - Taiwan
20003	IBM5550 - Taiwan
20004	TeleText - Taiwan
20005	Wang - Taiwan
20105	IA5 IRV International Alphabet No. 5 (7-bit)
20106	IA5 German (7-bit)
20107	IA5 Swedish (7-bit)
20108	IA5 Norwegian (7-bit)
20127	US-ASCII (7-bit)
20261	T.61
20269	ISO 6937 Non-Spacing Accent
20273	IBM EBCDIC - Germany
20277	IBM EBCDIC - Denmark/Norway
20278	IBM EBCDIC - Finland/Sweden
20280	IBM EBCDIC - Italy
20284	IBM EBCDIC - Latin America/Spain
20285	IBM EBCDIC - United Kingdom
20290	IBM EBCDIC - Japanese Katakana Extended
20297	IBM EBCDIC - France
20420	IBM EBCDIC - Arabic
20423	IBM EBCDIC - Greek
20424	IBM EBCDIC - Hebrew
20833	IBM EBCDIC - Korean Extended
20838	IBM EBCDIC - Thai
20866	Russian - KOI8-R
20871	IBM EBCDIC - Icelandic
20880	IBM EBCDIC - Cyrillic (Russian)
20905	IBM EBCDIC - Turkish
20924	IBM EBCDIC - Latin-1/Open System (1047 + Euro symbol)
20932	JIS X 0208-1990 & 0121-1990
20936	Simplified Chinese (GB2312)
21025	IBM EBCDIC - Cyrillic (Serbian, Bulgarian)
21027	Extended Alpha Lowercase
21866	Ukrainian (KOI8-U)
28591	ISO 8859-1 Latin I
28592	ISO 8859-2 Central Europe
28593	ISO 8859-3 Latin 3
28594	ISO 8859-4 Baltic
28595	ISO 8859-5 Cyrillic
28596	ISO 8859-6 Arabic
28597	ISO 8859-7 Greek
28598	ISO 8859-8 Hebrew
28599	ISO 8859-9 Latin 5
28605	ISO 8859-15 Latin 9
29001	Europa 3
38598	ISO 8859-8 Hebrew
50220	ISO 2022 Japanese with no halfwidth Katakana
50221	ISO 2022 Japanese with halfwidth Katakana
50222	ISO 2022 Japanese JIS X 0201-1989
50225	ISO 2022 Korean
50227	ISO 2022 Simplified Chinese
50229	ISO 2022 Traditional Chinese
50930	Japanese (Katakana) Extended
50931	US/Canada and Japanese
50933	Korean Extended and Korean
50935	Simplified Chinese Extended and Simplified Chinese
50936	Simplified Chinese
50937	US/Canada and Traditional Chinese
50939	Japanese (Latin) Extended and Japanese
51932	EUC - Japanese
51936	EUC - Simplified Chinese
51949	EUC - Korean
51950	EUC - Traditional Chinese
52936	HZ-GB2312 Simplified Chinese
54936	Windows XP: GB18030 Simplified Chinese (4 Byte)
57002	ISCII Devanagari
57003	ISCII Bengali
57004	ISCII Tamil
57005	ISCII Telugu
57006	ISCII Assamese
57007	ISCII Oriya
57008	ISCII Kannada
57009	ISCII Malayalam
57010	ISCII Gujarati
57011	ISCII Punjabi
65000	Unicode UTF-7
65001	Unicode UTF-8

The following is a list of valid code page identifiers for Mac OS only:


Identifier	Name
1	ASCII
2	NEXTSTEP
3	JapaneseEUC
4	UTF8
5	ISOLatin1
6	Symbol
7	NonLossyASCII
8	ShiftJIS
9	ISOLatin2
10	Unicode
11	WindowsCP1251
12	WindowsCP1252
13	WindowsCP1253
14	WindowsCP1254
15	WindowsCP1250
21	ISO2022JP
30	MacOSRoman
10	UTF16String
0x90000100	UTF16BigEndian
0x94000100	UTF16LittleEndian
0x8c000100	UTF32String
0x98000100	UTF32BigEndian
0x9c000100	UTF32LittleEndian
65536	Proprietary

LicenseInfo: Information about the current license.

When queried, this setting will return a string containing information about the license this instance of a class is using. It will return the following information:

Product: The product the license is for.
Product Key: The key the license was generated from.
License Source: Where the license was found (e.g., RuntimeLicense, License File).
License Type: The type of license installed (e.g., Royalty Free, Single Server).
Last Valid Build: The last valid build number for which the license will work.

MaskSensitiveData: Whether sensitive data is masked in log messages.

In certain circumstances it may be beneficial to mask sensitive data, like passwords, in log messages. Set this to true to mask sensitive data. The default is true.

This setting only works on these classes: AS3Receiver, AS3Sender, Atom, Client(3DS), FTP, FTPServer, IMAP, OFTPClient, SSHClient, SCP, Server(3DS), Sexec, SFTP, SFTPServer, SSHServer, TCPClient, TCPServer.

ProcessIdleEvents: Whether the class uses its internal event loop to process events when the main thread is idle.

If set to False, the class will not fire internal idle events. Set this to False to use the class in a background thread on Mac OS. By default, this setting is True.

SelectWaitMillis: The length of time in milliseconds the class will wait when DoEvents is called if there are no events to process.

If there are no events to process when DoEvents is called, the class will wait for the amount of time specified here before returning. The default value is 20.

UseInternalSecurityAPI: Whether or not to use the system security libraries or an internal implementation.

When set to false, the class will use the system security libraries by default to perform cryptographic functions where applicable.

Setting this configuration setting to true tells the class to use the internal implementation instead of using the system security libraries.

On Windows, this setting is set to false by default. On Linux/macOS, this setting is set to true by default.

To use the system security libraries for Linux, OpenSSL support must be enabled. For more information on how to enable OpenSSL, please refer to the OpenSSL Notes section.

Trappable Errors (PDFSign Class)

PDFSign Errors

801	No timestamp server specified.
802	HTTP download failed. The error description contains the detailed message.
803	The document is not signed.
810	Unsupported image type.
811	Unsupported color space type.
816	Invalid signature. The error description contains the detailed message.
827	Invalid timestamp data. The error description contains the detailed message.
829	Bad signing certificate attribute.
830	Chain validation failed. The error description contains the detailed message.
831	Cannot update this type of signature.
833	Trusted List processing error. The error description contains the detailed message.
834	Cannot parse Trusted List data.
837	Invalid revocation information.
839	Failed to process Trusted List. The error description contains the detailed message.
843	No signing certificate found.
845	Invalid signing certificate chain. The error description contains the detailed message.
851	Unsupported hash algorithm.
855	Invalid signature contents.
856	Invalid signature byte range.
857	Byte range does not cover the entire document.
858	Cannot sign and encrypt document with more than one signature.
862	Cannot timestamp encrypted document.
863	Cannot update encrypted document.
865	Signature is too large to fit in the allocated window. Please consider extending the window by assigning the number of bytes to add to the ExtraSpace config before closing the document.
866	Not enough space to update signature.
875	Bad signature type (only PKCS#7/CMS signatures are supported by this handler).
876	Invalid decryption mode.

PDF Errors

804	PDF decompression failed.
805	Cannot add entry to cross-reference table.
806	Unsupported field size.
807	Unsupported Encoding filter.
808	Unsupported predictor algorithm.
809	Unsupported document version.
812	Cannot read PDF file stream.
813	Cannot write to PDF file stream.
814	OutputFile already exists and Overwrite is `false`.
815	Invalid parameter.
817	Bad cross-reference entry.
818	Invalid object or generation number.
819	Invalid object stream.
820	Invalid stream dictionary.
821	Invalid AcroForm entry.
822	Invalid Root entry.
823	Invalid annotation.
824	The input document is empty.
826	OpenType font error. The error description contains the detailed message.
828	Invalid CMS data. The error description contains the detailed message.
835	Cannot change decryption mode for opened document.
836	Unsupported Date string.
838	Cryptographic error. The error description contains the detailed message.
840	No decryption key found.
841	Encryption failed. The error description contains the detailed message.
842	No proper certificate for encryption found.
846	Unsupported revision.
847	Unsupported security handler SubFilter.
848	Failed to verify permissions.
849	Invalid password.
850	Invalid password information.
852	Unsupported encryption algorithm.
859	Cannot encrypt encrypted document.
864	Cannot modify document after signature update.
868	Cannot encrypt or decrypt object.
869	Invalid security handler information.
870	Invalid encrypted data.
871	Invalid block cipher padding.
872	Failed to reload signature.
873	Object is not encrypted.
874	Unexpected cipher information.
877	Invalid document. Bad document catalog.
878	Invalid document Id.
880	Invalid document. Invalid requirements dictionary.
881	Invalid linearization dictionary.
882	Invalid signature information.
883	Unsupported document format.
890	Unsupported feature.
891	Internal error. The error description contains the detailed message.

Parsing Errors

1001	Bad object.
1002	Bad document trailer.
1003	Illegal stream dictionary.
1004	Illegal string.
1005	Indirect object expected.
1007	Invalid reference.
1008	Invalid reference table.
1009	Invalid stream data.
1010	Unexpected character.
1011	Unexpected EOF.
1012	Unexpected indirect object in cross-reference table.
1021	Invalid type in Root object list.

The class may also return one of the following error codes, which are inherited from other classes.

HTTP Errors

118	Firewall error. The error description contains the detailed message.
143	Busy executing current method.
151	HTTP protocol error. The error message has the server response.
152	No server specified in URL.
153	Specified URLScheme is invalid.
155	Range operation is not supported by server.
156	Invalid cookie index (out of range).
301	Interrupted.
302	Cannot open AttachedFile.

The class may also return one of the following error codes, which are inherited from other classes.

TCPClient Errors

100	You cannot change the RemotePort at this time. A connection is in progress.
101	You cannot change the RemoteHost (Server) at this time. A connection is in progress.
102	The RemoteHost address is invalid (0.0.0.0).
104	Already connected. If you want to reconnect, close the current connection first.
106	You cannot change the LocalPort at this time. A connection is in progress.
107	You cannot change the LocalHost at this time. A connection is in progress.
112	You cannot change MaxLineLength at this time. A connection is in progress.
116	RemotePort cannot be zero. Please specify a valid service port number.
117	You cannot change the UseConnection option while the class is active.
135	Operation would block.
201	Timeout.
211	Action impossible in control's present state.
212	Action impossible while not connected.
213	Action impossible while listening.
301	Timeout.
302	Could not open file.
434	Unable to convert string to selected CodePage.
1105	Already connecting. If you want to reconnect, close the current connection first.
1117	You need to connect first.
1119	You cannot change the LocalHost at this time. A connection is in progress.
1120	Connection dropped by remote host.

SSL Errors

270	Cannot load specified security library.
271	Cannot open certificate store.
272	Cannot find specified certificate.
273	Cannot acquire security credentials.
274	Cannot find certificate chain.
275	Cannot verify certificate chain.
276	Error during handshake.
280	Error verifying certificate.
281	Could not find client certificate.
282	Could not find server certificate.
283	Error encrypting data.
284	Error decrypting data.

TCP/IP Errors

10004	[10004] Interrupted system call.
10009	[10009] Bad file number.
10013	[10013] Access denied.
10014	[10014] Bad address.
10022	[10022] Invalid argument.
10024	[10024] Too many open files.
10035	[10035] Operation would block.
10036	[10036] Operation now in progress.
10037	[10037] Operation already in progress.
10038	[10038] Socket operation on nonsocket.
10039	[10039] Destination address required.
10040	[10040] Message is too long.
10041	[10041] Protocol wrong type for socket.
10042	[10042] Bad protocol option.
10043	[10043] Protocol is not supported.
10044	[10044] Socket type is not supported.
10045	[10045] Operation is not supported on socket.
10046	[10046] Protocol family is not supported.
10047	[10047] Address family is not supported by protocol family.
10048	[10048] Address already in use.
10049	[10049] Cannot assign requested address.
10050	[10050] Network is down.
10051	[10051] Network is unreachable.
10052	[10052] Net dropped connection or reset.
10053	[10053] Software caused connection abort.
10054	[10054] Connection reset by peer.
10055	[10055] No buffer space available.
10056	[10056] Socket is already connected.
10057	[10057] Socket is not connected.
10058	[10058] Cannot send after socket shutdown.
10059	[10059] Too many references, cannot splice.
10060	[10060] Connection timed out.
10061	[10061] Connection refused.
10062	[10062] Too many levels of symbolic links.
10063	[10063] File name is too long.
10064	[10064] Host is down.
10065	[10065] No route to host.
10066	[10066] Directory is not empty
10067	[10067] Too many processes.
10068	[10068] Too many users.
10069	[10069] Disc Quota Exceeded.
10070	[10070] Stale NFS file handle.
10071	[10071] Too many levels of remote in path.
10091	[10091] Network subsystem is unavailable.
10092	[10092] WINSOCK DLL Version out of range.
10093	[10093] Winsock is not loaded yet.
11001	[11001] Host not found.
11002	[11002] Nonauthoritative 'Host not found' (try again or check DNS setup).
11003	[11003] Nonrecoverable errors: FORMERR, REFUSED, NOTIMP.
11004	[11004] Valid name, no data record (check DNS setup).