MessageSigner Class
Properties Methods Events Configuration Settings Errors
The MessageSigner class digitally signs data and stores it in the PKCS#7 format.
Syntax
class secureblackbox.MessageSigner
Remarks
PKCS#7 (Public Key Cryptography Standard #7) is a common format used to store encrypted and signed data. It is used by a variety of protocols, including S/MIME and CMS.
Property List
The following is the full list of the properties of the class with short descriptions. Click on the links for further details.
| claimed_signing_time | The signing time from the signer's computer. |
| external_crypto_custom_params | Custom parameters to be passed to the signing service (uninterpreted). |
| external_crypto_data | Additional data to be included in the async state and mirrored back by the requestor. |
| external_crypto_external_hash_calculation | Specifies whether the message hash is to be calculated at the external endpoint. |
| external_crypto_hash_algorithm | Specifies the request's signature hash algorithm. |
| external_crypto_key_id | The ID of the pre-shared key used for DC request authentication. |
| external_crypto_key_secret | The pre-shared key used for DC request authentication. |
| external_crypto_method | Specifies the asynchronous signing method. |
| external_crypto_mode | Specifies the external cryptography mode. |
| external_crypto_public_key_algorithm | Provide public key algorithm here if the certificate is not available on the pre-signing stage. |
| hash_algorithm | Specifies the hash algorithm to be used. |
| input_bytes | Use this property to pass the input to class in the byte array form. |
| input_file | A path to the source file. |
| output_bytes | Use this property to read the output the class object has produced. |
| output_file | A path to the output file. |
| proxy_address | The IP address of the proxy server. |
| proxy_authentication | The authentication type used by the proxy server. |
| proxy_password | The password to authenticate to the proxy server. |
| proxy_port | The port on the proxy server to connect to. |
| proxy_proxy_type | The type of the proxy server. |
| proxy_request_headers | Contains HTTP request headers for WebTunnel and HTTP proxy. |
| proxy_response_body | Contains the HTTP or HTTPS (WebTunnel) proxy response body. |
| proxy_response_headers | Contains response headers received from an HTTP or HTTPS (WebTunnel) proxy server. |
| proxy_use_i_pv6 | Specifies whether IPv6 should be used when connecting through the proxy. |
| proxy_use_proxy | Enables or disables proxy-driven connection. |
| proxy_username | Specifies the username credential for proxy authentication. |
| signature_type | Specifies the kind of signature to create. |
| signed_attribute_count | The number of records in the SignedAttribute arrays. |
| signed_attribute_oid | The object identifier of the attribute. |
| signed_attribute_value | The value of the attribute. |
| signing_cert_bytes | Returns raw certificate data in DER format. |
| signing_cert_handle | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
| signing_chain_count | The number of records in the SigningChain arrays. |
| signing_chain_bytes | Returns raw certificate data in DER format. |
| signing_chain_handle | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
| socket_dns_mode | Selects the DNS resolver to use: the class's (secure) built-in one, or the one provided by the system. |
| socket_dns_port | Specifies the port number to be used for sending queries to the DNS server. |
| socket_dns_query_timeout | The timeout (in milliseconds) for each DNS query. |
| socket_dns_servers | The addresses of DNS servers to use for address resolution, separated by commas or semicolons. |
| socket_dns_total_timeout | The timeout (in milliseconds) for the whole resolution process. |
| socket_incoming_speed_limit | The maximum number of bytes to read from the socket, per second. |
| socket_local_address | The local network interface to bind the socket to. |
| socket_local_port | The local port number to bind the socket to. |
| socket_outgoing_speed_limit | The maximum number of bytes to write to the socket, per second. |
| socket_timeout | The maximum period of waiting, in milliseconds, after which the socket operation is considered unsuccessful. |
| socket_use_i_pv6 | Enables or disables IP protocol version 6. |
| timestamp_server | The address of the timestamping server. |
| tls_client_cert_count | The number of records in the TLSClientCert arrays. |
| tls_client_cert_bytes | Returns raw certificate data in DER format. |
| tls_client_cert_handle | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
| tls_server_cert_count | The number of records in the TLSServerCert arrays. |
| tls_server_cert_bytes | Returns raw certificate data in DER format. |
| tls_server_cert_handle | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
| tls_auto_validate_certificates | Specifies whether server-side TLS certificates should be validated automatically using internal validation rules. |
| tls_base_configuration | Selects the base configuration for the TLS settings. |
| tls_ciphersuites | A list of ciphersuites separated with commas or semicolons. |
| tlsec_curves | Defines the elliptic curves to enable. |
| tls_force_resume_if_destination_changes | Whether to force TLS session resumption when the destination address changes. |
| tls_pre_shared_identity | Defines the identity used when the PSK (Pre-Shared Key) key-exchange mechanism is negotiated. |
| tls_pre_shared_key | Contains the pre-shared for the PSK (Pre-Shared Key) key-exchange mechanism, encoded with base16. |
| tls_pre_shared_key_ciphersuite | Defines the ciphersuite used for PSK (Pre-Shared Key) negotiation. |
| tls_renegotiation_attack_prevention_mode | Selects renegotiation attack prevention mechanism. |
| tls_revocation_check | Specifies the kind(s) of revocation check to perform. |
| tlsssl_options | Various SSL (TLS) protocol options, set of cssloExpectShutdownMessage 0x001 Wait for the close-notify message when shutting down the connection cssloOpenSSLDTLSWorkaround 0x002 (DEPRECATED) Use a DTLS version workaround when talking to very old OpenSSL versions cssloDisableKexLengthAlignment 0x004 Do not align the client-side PMS by the RSA modulus size. |
| tlstls_mode | Specifies the TLS mode to use. |
| tls_use_extended_master_secret | Enables Extended Master Secret Extension, as defined in RFC 7627. |
| tls_use_session_resumption | Enables or disables TLS session resumption capability. |
| tls_versions | Th SSL/TLS versions to enable by default. |
| unsigned_attribute_count | The number of records in the UnsignedAttribute arrays. |
| unsigned_attribute_oid | The object identifier of the attribute. |
| unsigned_attribute_value | The value of the attribute. |
Method List
The following is the full list of the methods of the class with short descriptions. Click on the links for further details.
| config | Sets or retrieves a configuration setting. |
| countersign | Countersigns an existing signature. |
| extract_async_data | Extracts user data from the DC signing service response. |
| sign | Signs the data. |
| sign_async_begin | Initiates the asynchronous signing operation. |
| sign_async_end | Completes the asynchronous signing operation. |
| timestamp | Timestamps a signature. |
Event List
The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.
| on_error | Information about errors during PKCS#7 message signing. |
| on_external_sign | Handles remote or external signing initiated by the SignExternal method or other source. |
| on_notification | This event notifies the application about an underlying control flow event. |
| on_tls_cert_validate | This event is fired upon receipt of the TLS server's certificate, allowing the user to control its acceptance. |
Configuration Settings
The following is a list of configuration settings for the class with short descriptions. Click on the links for further details.
| ContentType | Content type of the message. |
| TempPath | Path for storing temporary files. |
| TLSChainValidationDetails | Contains the advanced details of the TLS server certificate validation. |
| TLSChainValidationResult | Contains the result of the TLS server certificate validation. |
| TLSClientAuthRequested | Indicates whether the TLS server requests client authentication. |
| TLSValidationLog | Contains the log of the TLS server certificate validation. |
| TspHashAlgorithm | Sets a specific hash algorithm for use with the timestamping service. |
| TspReqPolicy | Sets a request policy ID to include in the timestamping request. |
| UsePSS | Whether to use RSASSA-PSS algorithm. |
| UseUndefSize | Allows or forbids the use of ASN.1 tags of undefined size. |
| CheckKeyIntegrityBeforeUse | Enables or disable private key integrity check before use. |
| CookieCaching | Specifies whether a cookie cache should be used for HTTP(S) transports. |
| Cookies | Gets or sets local cookies for the class (supported for HTTPClient, RESTClient and SOAPClient only). |
| DefDeriveKeyIterations | Specifies the default key derivation algorithm iteration count. |
| EnableClientSideSSLFFDHE | Enables or disables finite field DHE key exchange support in TLS clients. |
| GlobalCookies | Gets or sets global cookies for all the HTTP transports. |
| HttpUserAgent | Specifies the user agent name to be used by all HTTP clients. |
| LogDestination | Specifies the debug log destination. |
| LogDetails | Specifies the debug log details to dump. |
| LogFile | Specifies the debug log filename. |
| LogFilters | Specifies the debug log filters. |
| LogFlushMode | Specifies the log flush mode. |
| LogLevel | Specifies the debug log level. |
| LogMaxEventCount | Specifies the maximum number of events to cache before further action is taken. |
| LogRotationMode | Specifies the log rotation mode. |
| MaxASN1BufferLength | Specifies the maximal allowed length for ASN.1 primitive tag data. |
| MaxASN1TreeDepth | Specifies the maximal depth for processed ASN.1 trees. |
| OCSPHashAlgorithm | Specifies the hash algorithm to be used to identify certificates in OCSP requests. |
| UseOwnDNSResolver | Specifies whether the client classes should use own DNS resolver. |
| UseSharedSystemStorages | Specifies whether the validation engine should use a global per-process copy of the system certificate stores. |
| UseSystemOAEPAndPSS | Enforces or disables the use of system-driven RSA OAEP and PSS computations. |
| UseSystemRandom | Enables or disables the use of the OS PRNG. |