SecureBlackbox 2020 macOS Edition

Questions / Feedback?

SignAsyncBegin Method

Initiates the asynchronous signing operation.

Syntax

public func signAsyncBegin() throws -> String

Remarks

When using the DC framework, call this method to initiate the asynchronous signing process. Upon completion, a pre-signed copy of the document will be saved in OutputFile (or OutputStream). Keep the pre-signed copy somewhere local, and pass the returned string ('the request state') to the DC processor for handling.

Upon receiving the response state from the DC processor, assign the path to the pre-signed copy to InputFile (or InputStream), and call SignAsyncEnd to finalize the signing.

Note that depending on the signing method and DC configuration used, you may still need to provide the public part of the signing certificate via the SigningCertificate property.

AsyncState is a message of the distributed cryptography (DC) protocol. DC protocol is based on exchange of async states between a DC client (an application that wants to sign a PDF, XML, or Office document) and a DC server (an application that controls access to the private key). An async state can carry one or more signing requests, comprised of document hashes, or one or more signatures produced over those hashes.

In a typical scenario you get a client-side async state from the SignAsyncBegin method. This state contains document hashes to be signed on the DC server side. You then send the async state to the DC server (often represented by the DCAuth control), which processes it and produces a matching signatures state. The async state produced by the server is then passed to the SignAsyncEnd method.

There are some conditions that should be met when signing PDF documents asynchronously. The advanced PDF signature levels, specifically, BES, EPES, and LTV, require that the 'signingCertificate' attribute is included in the signature. This can only be satisfied if either ExternalCrypto is configured to use asmdPKCS7 method, or the public copy of the signing certificate is provided on the pre-signing stage.

Please note that you will still be able to sign a document with asmdPKCS1 method and no public copy of the certificate provided (resulting in omission of the 'signingCertificate' attribute from the signature), however, most of the modern PDF processors will reject such signatures as invalid or non-compliant.

Copyright (c) 2022 /n software inc. - All rights reserved.
SecureBlackbox 2020 macOS Edition - Version 20.0 [Build 8166]