SecureBlackbox 2020 Python Edition

Questions / Feedback?

PDFSigner Class

Properties   Methods   Events   Configuration Settings   Errors  

The PDFSigner class signs PDF documents digitally.


class secureblackbox.PDFSigner


PDFSigner can sign PDF documents in accordance with a selection of PDF and PAdES signature standards.

Standards and technologies supported

PDFSigner can create PDF signatures that match the following baseline standards:

  • Generic PDF signatures (ISO 32000)
  • PAdES: all profiles are supported (BES, EPES, T, LTV, B-B, B-T, and others) (ETSI EN 319 142-1 and others)
  • Signature and document timestamps using external TSAs.
  • All industry-standard cryptographic algorithms (RSA, ECDSA, SHA256-512, and many others).

Configuring the signature spec

Configuring PDFSigner to produce signatures of the right type is one of the most important questions you need to address. Normally the service or software you will be communicating your PDF documents to will provide you with the list of requirements that your signatures should match.

Typically, those will dictate the following key aspects of the signatures:

  • Level (BES, T, or LTV). This can be adjusted with the property (Note: when creating EPES signatures you need to provide the signature and properties).
  • Timestamp requirement: provide the address of your online TSA service via timestamp_server property.
  • When creating LTV signatures, tune up validation parameters via revocation_check, offline_mode, and ignore_chain_validation_errors properties.
  • To create a document timestamp, sign your document first, and then sign the result again with set to pslDocumentTimestamp and timestamp_server pointing to the TSA URL.

Signing certificates

PDFSigner can use certificates residing on different media. Besides generic certificates stored in PFX or PEM files (A1), it can operate with non-exportable certificates residing on hardware media (A3) or in the cloud.

Non-exportable certificates can be accessed transparently via a Windows CSP or a PKCS#11 driver, if supplied by the certificate issuer. Proprietary interfaces can be plugged in with the external signing feature (see below).

You can use CertificateManager and CertificateStorage components to load the signing certificate. Assign the certificate to signing_certificate property, and optionally provide the remainder of its chain via signing_chain property.

Note: If signing with a non-exportable key (such as residing on a hardware device or in the cloud), please make sure you keep the original CertificateStorage object open until the signing is completed. This is because the storage component provides a 'bridge' to the private key. If the storage is closed prematurely, this bridge is destroyed, and the private key can't be used.

You don't need to provide a signing certificate or chain when creating document timestamp signatures, since this type of signatures is done with a TSA's certificate.

Widget adjustment

PDFSigner provides means to customize the look of the signature widget to be shown on the document page. Create your very own signatures in the form of your company's logo, a handwritten signature, or a wet seal.

Alternatively, you can choose not to associate any widget with your signature by setting to true.

Signing the document

Now that you have set up all signature, certificate, and widget properties, it is time to sign. You can provide the input document in one of the following forms: as a file (assign the path to input_file property), as a stream (assign to input_stream property), or as a byte array (assign to input_bytes). Similarly, the output can be collected in one of the same forms, either by passing the destination path or stream via output_file and output_stream respectively, or by reading the resulting document bytes from the output_bytes property after the signing.

Having set up the input and output, call the component's sign method. This will initiate the signing process. Depending on the settings, the signing may be as straightforward as calculating the document hash and signing it with the private key (e.g. in PAdES-BES signing variant), or it may involve advanced chain validation routines (PAdES-LTV). During the latter the component may contact a number of external revocation information sources (CRL and OCSP servers) to establish the validity of the signing certificate.

If a TSA server was provided via the timestamp_server property, the component will contact it too to timestamp the new signature.

During the signing PDFSigner may fire events to let your code know of certain conditions. If the input document is encrypted but no decryption parameters were found in password and decryption_certificate properties, the component would fire on_decryption_info_needed event to tell your code that it needs decryption information to be able to continue with the signing. It may fire on_tls_cert_validate if one of the HTTP endpoints involved during the operation (which may be a CRL, OCSP, or TSA service) works over TLS and needs its certificate to be validated.

External signing and DCAuth

PDFSigner, like many other components offered by the product, supports two methods of signing with external keys. These methods are fully independent of each other: you can choose the one that suits your usage scenario best.

Synchronous method: ExternalSign

This is a simpler method that basically lets you infiltrate into the heart of the signing routine by taking care of the hash signing operation. The component does the rest of the job (hash calculation, preparation of signature objects, CRL/OCSP retrieval).

To initiate this method, call sign_external instead of sign. When the hash is ready, it will be passed back to your code with on_external_sign event. Your event handler needs to sign the hash with the private key and return the created signature back to the component - which will embed it into the document.

You don't need your signing certificate to contain an associated private key when using this method. The certificate itself (its public copy) may be needed though, as it is often included in the hash calculation.

This method is synchronous, meaning sign_external provides you the results immediately upon its completion.

Asynchronous method: DCAuth

DCAuth is a SecureBlackbox know-how technology. This protocol was designed to allow sharing of private keys across environments, allowing the signer and the private key to reside on different systems. It works in the following way:

  • The signing party - such as PDFSigner - initiates the operation using sign_async_begin call. This produces two outcomes: a pre-signed document (a document with a blank signature placeholder), and a request state (an object containing a hash that needs to be signed). At this point the PDFSigner instance can be released, and the process itself terminated (which may be useful when run as part of a web page).
  • The request state is passed to the private key holder party. The private key holder passes the request state to a DCAuth object, which parses the request state, extracts the hash, and signs it. The output of DCAuth processing is another object, response state, which contains the signature. The private key holder then sends the response state back to the signing party.
  • The signing party re-creates the controls, and passes the response state, together with the pre-signed version of the document, to the signer's sign_async_end method. sign_async_end extracts the signature from the response state and incorporates it into the pre-signed document.

This method is asynchronous in that sense that, from the signing party's viewpoint, it splits the signing operation into the pre-signing and completion stages which can be performed independently from each other and in different execution contexts. This makes this method particularly helpful for use in web pages and other scenarios where the signing key is not available in real time.

Fine-grained chain validation setup

Chain validation is a sophisticated, multi-faceted procedure that involves a lot of variables. Depending on the configuration of your operating environment, the specifics of the PKI framework being used, and the validation policy you need to follow, you may want to tune up your chain validation parameters so they fit them best. Below is given a summary of such parameters.

  • revocation_check property lets you choose between and/or prioritize revocation origins. OCSP sources are often preferred to CRL because of their real-time capability and the smaller size of validation tokens they produce.
  • offline_mode is a master switch that stops class from looking for any validation tokens online. If this property is switched on, the component will only use known_certificates, trusted_certificates, known_cr_ls, and known_ocs_ps collections to look for the missing validation material.
  • ignore_chain_validation_errors makes the component ignore any major validation issues it encounters (such us an untrusted chain or missing CRL). This option is handy for debugging and for creating signatures in the environments where the signing certificate is not trusted.
  • known_certificates, known_cr_ls, and known_ocs_ps let you provide your own validation material. This may be useful when working in offline_mode, where the signer has no access to the validation sources, or where the validation material has already been collected.
  • trusted_certificates lets you provide a list of trust anchors, either as a complement to the system's or as an alternative for it.
  • blocked_certificates lets you provide a list of blocked/distrusted certificates. Any CA certificate contained in it will be deemed untrusted/invalid.

The following parameters are not directly related to chain validation, but may have an implicit effect on it.

  • proxy, socket_settings, and tls_settings let you tune up the connectivity and TLS options in accordance with local preferences.
  • tls_client_chain lets you provide the client certificate and its chain for TLS client authentication.
  • Subscribe to on_tls_cert_validate to validate any TLS certificates of the services involved in chain validation.

The results of the chain validation procedure, upon its completion, are published in the following properties:

  • chain_validation_result contains the primary result of the chain validation routine: valid, valid but untrusted, invalid, or undefined.
  • chain_validation_details provides the details of the factors that contributed to the chain validation result, such as an outdated certificate, a missing CRL, or a missing CA certificate.
  • validation_log contains the detailed chain validation log. The log can often be very helpful in nailing down various validation issues.

Property List

The following is the full list of the properties of the class with short descriptions. Click on the links for further details.

blocked_cert_countThe number of records in the BlockedCert arrays.
blocked_cert_bytesReturns raw certificate data in DER format.
blocked_cert_handleAllows to get or set a 'handle', a unique identifier of the underlying property object.
claimed_signing_timeThe signing time from the signer's computer.
decryption_certificate_bytesReturns raw certificate data in DER format.
decryption_certificate_handleAllows to get or set a 'handle', a unique identifier of the underlying property object.
decryption_cert_countThe number of records in the DecryptionCert arrays.
decryption_cert_bytesReturns raw certificate data in DER format.
decryption_cert_handleAllows to get or set a 'handle', a unique identifier of the underlying property object.
empty_field_indexSpecifies the index of the empty signature field to sign.
encryptedIndicates if the PDF document is encrypted.
encryption_algorithmThe symmetric algorithm used to encrypt the document.
encryption_typeThe document encryption type.
external_crypto_custom_paramsCustom parameters to be passed to the signing service (uninterpreted).
external_crypto_dataAdditional data to be included in the async state and mirrored back by the requestor.
external_crypto_external_hash_calculationSpecifies whether the message hash is to be calculated at the external endpoint.
external_crypto_hash_algorithmSpecifies the request's signature hash algorithm.
external_crypto_key_idThe ID of the pre-shared key used for DC request authentication.
external_crypto_key_secretThe pre-shared key used for DC request authentication.
external_crypto_methodSpecifies the asynchronous signing method.
external_crypto_modeSpecifies the external cryptography mode.
external_crypto_public_key_algorithmProvide public key algorithm here if the certificate is not available on the pre-signing stage.
field_indexSpecifies the index of the signature field to update.
ignore_chain_validation_errorsMakes the class tolerant to chain validation errors.
input_bytesUse this property to pass the input to class in the byte array form.
input_fileThe PDF file to be signed or updated.
known_cert_countThe number of records in the KnownCert arrays.
known_cert_bytesReturns raw certificate data in DER format.
known_cert_handleAllows to get or set a 'handle', a unique identifier of the underlying property object.
known_crl_countThe number of records in the KnownCRL arrays.
known_crl_bytesReturns raw CRL data in DER format.
known_crl_handleAllows to get or set a 'handle', a unique identifier of the underlying property object.
known_ocsp_countThe number of records in the KnownOCSP arrays.
known_ocsp_bytesBuffer containing raw OCSP response data.
known_ocsp_handleAllows to get or set a 'handle', a unique identifier of the underlying property object.
metadata_encryptedIndicates if the document metadata is encrypted.
offline_modeSwitches the class to the offline mode.
output_bytesUse this property to read the output the class object has produced.
output_fileThe file to save the signed or updated document to.
passwordThe decryption password.
perms_annotationsIndicates whether the viewer may add annotations to the document.
perms_assembleIndicates if the viewer may assemble a new document on the basis of the encrypted one.
perms_extractIndicates if the user may extract (copy) pictures and text from the encrypted document.
perms_extract_accIndicates if the user may extract pictures/text from the document for accessibility purposes.
perms_fill_in_formsIndicates if the user may fill in forms in the document.
perms_high_quality_printIndicates if the document may be printed in high quality.
perms_low_quality_printIndicates if the document may be printed in low quality.
perms_modifyIndicates if the document may be modified.
profileSpecifies a pre-defined profile to apply when creating the signature.
proxy_addressThe IP address of the proxy server.
proxy_authenticationThe authentication type used by the proxy server.
proxy_passwordThe password to authenticate to the proxy server.
proxy_portThe port on the proxy server to connect to.
proxy_proxy_typeThe type of the proxy server.
proxy_request_headersContains HTTP request headers for WebTunnel and HTTP proxy.
proxy_response_bodyContains the HTTP or HTTPS (WebTunnel) proxy response body.
proxy_response_headersContains response headers received from an HTTP or HTTPS (WebTunnel) proxy server.
proxy_use_i_pv6Specifies whether IPv6 should be used when connecting through the proxy.
proxy_use_proxyEnables or disables proxy-driven connection.
proxy_usernameSpecifies the username credential for proxy authentication.
revocation_checkSpecifies the kind(s) of revocation check to perform.
sig_algorithm_captionCaption of the signature widget property with information about the signature algorithm.
sig_algorithm_infoInformation about the algorithm to be shown on the signature widget.
sig_allowed_changesThe changes to the document are allowed by the signature.
sig_author_nameA human-readable signer name.
sig_auto_font_sizeEnables default widget font sizes.
sig_auto_posUse the default widget position on a page.
sig_auto_sizeUse the default widget size.
sig_auto_stretch_backgroundStretches the background picture to fit the signature widget.
sig_auto_textUse the default widget descriptions.
sig_background_dataContains/takes the data of the signature widget background bitmap.
sig_background_heightThe height of the background image in pixels.
sig_background_image_typeThe type of the image contained in BackgroundData .
sig_background_maskContains the background image mask.
sig_background_styleThe style of the signature widget background.
sig_background_widthThe width of the background image in pixels.
sig_certificationSpecifies whether this is a Certification (MDP) signature.
sig_chain_validation_detailsThe details of a certificate chain validation outcome.
sig_chain_validation_resultThe outcome of a certificate chain validation routine.
sig_claimed_signing_timeReturns or sets signature's creation time.
sig_compress_widget_dataWhether the signature widget data should be compressed before saving.
sig_contact_infoContains signer's contact information.
sig_custom_appearanceContains custom widget description in raw PDF graphic operators format.
sig_custom_background_content_streamSpecifies custom custom background content stream for pwbsCustom BackgroundStyle .
sig_custom_dataA uninterpreted custom data to save with the signature.
sig_custom_visual_status_matrixDefines the custom visual status matrix.
sig_date_caption_formatThe format string used to display the signing time in the signature widget.
sig_empty_fieldIndicates whether or not the signature created/read is an empty property (a signature placeholder).
sig_filter_nameThe signature filter name.
sig_handleAllows to get or set a 'handle', a unique identifier of the underlying property object.
sig_hash_algorithmSpecifies the hash algorithm to be used for signing.
sig_headerSpecifies the header text to put on the signature widget.
sig_heightSpecifies the height of the signature widget.
sig_hide_default_textSwitch offs generation of any headers for the signature widget.
sig_ignore_existing_appearanceTells the class to discard any existing widget parameters when signing empty signature properties.
sig_invert_maskSpecifies whether BackgroundMask should be inverted.
sig_invisibleControls whether the signature widget is visible on the page.
sig_levelSpecifies the signature kind and level.
sig_locationSpecifies the host name or the physical location of the signing entity.
sig_lockedSpecifies whether the signature widget can be moved by the user.
sig_locked_contentsSpecifies whether signature widget contents should be locked.
sig_no_rotateIf this value is True the signature widget will not be rotated when the document is rotated in the viewing app.
sig_no_viewIf this value is True the signature widget will not be displayed when the document is viewed.
sig_no_zoomIf this value is True the signature widget size will not be changed during zooming.
sig_offsetxSpecifies the signature widget offset from the left-hand page border when AutoPos is False.
sig_offsetySpecifies the signature widget offset from the bottom page border when AutoPos is False.
sig_pageThe index of the page on which to place the signature.
sig_pages_to_place_onPage numbers on which the signature is shown.
sig_policy_hashThe signature policy hash value for EPES signatures.
sig_policy_hash_algorithmThe algorithm that was used to calculate the signature policy hash.
sig_policy_idThe policy ID to be included into the signature.
sig_printWhether the signature shall appear in printed documents.
sig_read_onlyControls the ReadOnly flag of the widget.
sig_reasonSpecifies the reason for signing.
sig_rotateSpecifies the rotation angle of the signature widget in degrees.
sig_section_text_font_sizeUse this property to specify the font size to be used for general text on the widget.
sig_section_title_font_sizeUse this property to specify the font size to be used for section title text on the widget.
sig_show_on_all_pagesForces the signature widget to be displayed on all pages in the document.
sig_show_timestampWhether to display the signing time details on the widget.
sig_show_visual_statusSpecifies whether to show the signature's status icon.
sig_signature_nameSpecifies the unique signature identifier to use.
sig_signer_captionSpecifies the caption for the signer section on the signature widget.
sig_signer_infoProvides custom signer information to put on the signature widget.
sig_simple_font_nameSpecifies the Type 1 font name for the signature text.
sig_stretchxUse this property to manually adjust the horizontal size of the stretched background picture.
sig_stretchyUse this property to manually adjust the size of the stretched background picture in the vertical direction.
sig_timestamp_font_sizeUse this property to specify the font size to be used for timestamp text on the widget.
sig_title_font_sizeUse this property to specify the font size to be used for the main title on the widget.
sig_toggle_no_viewWhen True, the signature widget will be displayed only when the user is moving a mouse over it.
sig_validation_logContains the signing certificate's chain validation log.
sig_widthSpecifies the width of the signature widget.
signing_cert_bytesReturns raw certificate data in DER format.
signing_cert_handleAllows to get or set a 'handle', a unique identifier of the underlying property object.
signing_chain_countThe number of records in the SigningChain arrays.
signing_chain_bytesReturns raw certificate data in DER format.
signing_chain_handleAllows to get or set a 'handle', a unique identifier of the underlying property object.
socket_dns_modeSelects the DNS resolver to use: the class's (secure) built-in one, or the one provided by the system.
socket_dns_portSpecifies the port number to be used for sending queries to the DNS server.
socket_dns_query_timeoutThe timeout (in milliseconds) for each DNS query.
socket_dns_serversThe addresses of DNS servers to use for address resolution, separated by commas or semicolons.
socket_dns_total_timeoutThe timeout (in milliseconds) for the whole resolution process.
socket_incoming_speed_limitThe maximum number of bytes to read from the socket, per second.
socket_local_addressThe local network interface to bind the socket to.
socket_local_portThe local port number to bind the socket to.
socket_outgoing_speed_limitThe maximum number of bytes to write to the socket, per second.
socket_timeoutThe maximum period of waiting, in milliseconds, after which the socket operation is considered unsuccessful.
socket_use_i_pv6Enables or disables IP protocol version 6.
timestamp_serverThe address of the timestamping server.
tls_client_cert_countThe number of records in the TLSClientCert arrays.
tls_client_cert_bytesReturns raw certificate data in DER format.
tls_client_cert_handleAllows to get or set a 'handle', a unique identifier of the underlying property object.
tls_server_cert_countThe number of records in the TLSServerCert arrays.
tls_server_cert_bytesReturns raw certificate data in DER format.
tls_server_cert_handleAllows to get or set a 'handle', a unique identifier of the underlying property object.
tls_auto_validate_certificatesSpecifies whether server-side TLS certificates should be validated automatically using internal validation rules.
tls_base_configurationSelects the base configuration for the TLS settings.
tls_ciphersuitesA list of ciphersuites separated with commas or semicolons.
tlsec_curvesDefines the elliptic curves to enable.
tls_force_resume_if_destination_changesWhether to force TLS session resumption when the destination address changes.
tls_pre_shared_identityDefines the identity used when the PSK (Pre-Shared Key) key-exchange mechanism is negotiated.
tls_pre_shared_keyContains the pre-shared for the PSK (Pre-Shared Key) key-exchange mechanism, encoded with base16.
tls_pre_shared_key_ciphersuiteDefines the ciphersuite used for PSK (Pre-Shared Key) negotiation.
tls_renegotiation_attack_prevention_modeSelects renegotiation attack prevention mechanism.
tls_revocation_checkSpecifies the kind(s) of revocation check to perform.
tlsssl_optionsVarious SSL (TLS) protocol options, set of cssloExpectShutdownMessage 0x001 Wait for the close-notify message when shutting down the connection cssloOpenSSLDTLSWorkaround 0x002 (DEPRECATED) Use a DTLS version workaround when talking to very old OpenSSL versions cssloDisableKexLengthAlignment 0x004 Do not align the client-side PMS by the RSA modulus size.
tlstls_modeSpecifies the TLS mode to use.
tls_use_extended_master_secretEnables Extended Master Secret Extension, as defined in RFC 7627.
tls_use_session_resumptionEnables or disables TLS session resumption capability.
tls_versionsTh SSL/TLS versions to enable by default.
trusted_cert_countThe number of records in the TrustedCert arrays.
trusted_cert_bytesReturns raw certificate data in DER format.
trusted_cert_handleAllows to get or set a 'handle', a unique identifier of the underlying property object.
validation_logContains the complete log of the certificate validation routine.

Method List

The following is the full list of the methods of the class with short descriptions. Click on the links for further details.

configSets or retrieves a configuration setting.
extract_async_dataExtracts user data from the DC signing service response.
signSigns a PDF document.
sign_async_beginInitiates the asynchronous signing operation.
sign_async_endCompletes the asynchronous signing operation.
sign_externalSigns the document using an external signing facility.
updateUpdates a signature.

Event List

The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.

on_decryption_info_neededRequests decryption information during decryption, signing, or validation.
on_errorInformation about errors during signing/validation.
on_external_decryptHandles remote or external decryption.
on_external_signHandles remote or external signing initiated by the SignExternal method or other source.
on_notificationThis event notifies the application about an underlying control flow event.
on_recipient_foundProvides recipient certificate details to the application.
on_tls_cert_validateThis event is fired upon receipt of the TLS server's certificate, allowing the user to control its acceptance.

Configuration Settings

The following is a list of configuration settings for the class with short descriptions. Click on the links for further details.

AssemblyOptionsSpecifies the assembly options.
AutoCollectRevocationInfoWhether revocation info should be collected automatically.
AutoRotateSignatureSpecifies whether to auto-rotate signature widget.
BackgroundPositionSpecifies the background position.
CollectRevInfoForTimestampsWhether revocation info for timestamps should be collected automatically.
CustomTextCountThe number of custom text block on the signature widget.
CustomTextFontResourceName[Index]The font resource name to use for the custom text block.
CustomTextFontSizeX[Index]The horizontal font size scale.
CustomTextFontSizeY[Index]The vertical font size scale.
CustomTextText[Index]A text to show on a custom signature widget text block.
CustomTextX[Index]The horizontal offset of the text block.
CustomTextY[Index]The vertical offset of the text block.
DeepValidationWhether a complete validation should be performed.
EmptyFullFieldNameSpecifies the full name of the empty signature field to sign.
EmptySignatureFieldAddRevInfo[Index]Specifies if revocation checking should be performed.
EmptySignatureFieldAlternateName[Index]Contains an alternate field name.
EmptySignatureFieldCountThe number of empty signature form fields.
EmptySignatureFieldFlags[Index]The field flags of the signature form field.
EmptySignatureFieldHeight[Index]The Height of the empty signature form field.
EmptySignatureFieldInvisible[Index]The visibility status of the field.
EmptySignatureFieldLegalAttestations[Index]Specifies the legal attestations that are associated with the signature.
EmptySignatureFieldMappingName[Index]The mapping name to be used when exporting form field data from the document.
EmptySignatureFieldName[Index]Textual field name.
EmptySignatureFieldOffsetX[Index]The field's offset from the left page border.
EmptySignatureFieldOffsetY[Index]The field's offset from the bottom page border.
EmptySignatureFieldPage[Index]The index of the form field's page in the document.
EmptySignatureFieldRequiredAllowedChanges[Index]Specifies the changes allowed by the signature.
EmptySignatureFieldRequiredConstraints[Index]Specifies the required Seed Value Dictionary (SVD) constraints.
EmptySignatureFieldRequiredDigestAlgorithms[Index]Specifies the required digest algorithms.
EmptySignatureFieldRequiredFilter[Index]Specifies the required filter.
EmptySignatureFieldRequiredLockAction[Index]Indicates which set of fields shall be locked.
EmptySignatureFieldRequiredLockFields[Index]Indicates the fields that shall be locked on signing.
EmptySignatureFieldRequiredReasons[Index]Specifies the required reasons.
EmptySignatureFieldRequiredSubfilters[Index]Specifies the required subfilters.
EmptySignatureFieldTimestampRequired[Index]Specifies if the signature should be time-stamped.
EmptySignatureFieldTSPURL[Index]URL for a TSP server.
EmptySignatureFieldWidth[Index]The Width of the empty signature form field.
EncryptionHandlerNameSpecifies the custom security handler PDF-name.
ExtensionIdentifierModeSpecifies the extension identifier mode.
ExtraSpaceAllows the allocation of extra zero character space in the document behind the signature.
ForceCompleteChainValidationWhether to check issuer (CA) certificates when signing certificate is invalid.
ForceCompleteChainValidationForTrustedWhether to continue with the full validation up to the root CA certificate for mid-level trust anchors.
GracePeriodSpecifies a grace period to apply during revocation information checks.
HardenedKeyGenerationSpecifies if hardened Key generation should be used.
IgnoreOCSPNoCheckExtensionWhether OCSP NoCheck extension should be ignored.
IgnoreSystemTrustWhether trusted Windows Certificate Stores should be treated as trusted.
IgnoreTimestampFailureWhether to ignore time-stamping failure during signing.
ImplicitlyTrustSelfSignedCertificatesWhether to trust self-signed certificates.
IncludeKnownRevocationInfoToSignatureWhether to include custom revocation info to the signature.
IncludeRevocationInfoToAdbeAttributeWhether to save revocation info in PDF-compliant form.
LastSignatureWidgetSpecifies that it is the last signature widget to be added.
PAdESOptionsSpecifies the PAdES options.
PageInfoCountThe number of pages.
PageInfoCropBoxEmpty[Index]Check if the page's crop box is empty or not.
PageInfoCropLLX[Index]Defines the X coordinate of the lower left corner of the crop box.
PageInfoCropLLY[Index]Defines the Y coordinate of the lower left corner of the crop box.
PageInfoCropURX[Index]Defines the X coordinate of the upper right corner of the crop box.
PageInfoCropURY[Index]Defines the Y coordinate of the upper right corner of the crop box.
PageInfoHeight[Index]The Height of the page.
PageInfoMediaLLX[Index]Defines the X coordinate of the lower left corner of the media box.
PageInfoMediaLLY[Index]Defines the Y coordinate of the lower left corner of the media box.
PageInfoMediaURX[Index]Defines the X coordinate of the upper right corner of the media box.
PageInfoMediaURY[Index]Defines the Y coordinate of the upper right corner of the media box.
PageInfoRotate[Index]The Rotate value of the page.
PageInfoUserUnit[Index]Defines the size of default user space units.
PageInfoWidth[Index]The Width of the page.
PolicyExplicitTextThe explicit text of the user notice.
PolicyUNNumbersThe noticeNumbers part of the NoticeReference PAdES-EPES attribute.
PolicyUNOrganizationThe organization part of the NoticeReference qualifier.
PolicyURIThe URI of the signature policy.
PositionAnchorSpecifies the signature widget position anchor.
PredefinedSignatureSizeUser-defined size of the signature.
PromoteLongOCSPResponsesWhether long OCSP responses are requested.
RC4KeyBitsSpecifies the number of key bits used for RC4 algorithm.
SchemeParamsThe algorithm scheme parameters to employ.
SignatureCountThe number of signatures.
SignatureHeight[Index]The Height of the signature widget.
SignatureInvisible[Index]The visibility status of the signature.
SignatureName[Index]Textual signature name.
SignatureOffsetX[Index]The siganture widget's offset from the left page border.
SignatureOffsetY[Index]The signature widget's offset from the bottom page border.
SignatureOptionsSpecifies the signature options.
SignaturePage[Index]The index of the signature widget's page in the document.
SignatureSizeEstimationStrategyWhich mechanism to use to estimate the size of a PAdES signature.
SignatureWidth[Index]The Width of the signature widget.
TempPathLocation where the temporary files are stored.
TextObjEncodingThe encoding to apply to string objects stored with the signature.
TLSChainValidationDetailsContains the advanced details of the TLS server certificate validation.
TLSChainValidationResultContains the result of the TLS server certificate validation.
TLSClientAuthRequestedIndicates whether the TLS server requests client authentication.
TLSValidationLogContains the log of the TLS server certificate validation.
TolerateMinorChainIssuesWhether to tolerate minor chain issues.
TspHashAlgorithmSets a specific hash algorithm for use with the timestamping service.
TspReqPolicySets a request policy ID to include in the timestamping request.
UpdateKindAdjusts the scope of modifications that are made to the signature with the Update method.
UseLegacyVisualStyleSpecifies whether to use legacy signature visual style.
UseMicrosoftCTLEnables or disables automatic use of Microsoft online certificate trust list.
UsePSSWhether to use RSASSA-PSS algorithm.
UseSystemCertificatesEnables or disables the use of the system certificates.
UseValidationCacheEnables or disable the use of the product-wide certificate chain validation cache.
CheckKeyIntegrityBeforeUseEnables or disable private key integrity check before use.
CookieCachingSpecifies whether a cookie cache should be used for HTTP(S) transports.
CookiesGets or sets local cookies for the class (supported for HTTPClient, RESTClient and SOAPClient only).
DefDeriveKeyIterationsSpecifies the default key derivation algorithm iteration count.
EnableClientSideSSLFFDHEEnables or disables finite field DHE key exchange support in TLS clients.
GlobalCookiesGets or sets global cookies for all the HTTP transports.
HttpUserAgentSpecifies the user agent name to be used by all HTTP clients.
LogDestinationSpecifies the debug log destination.
LogDetailsSpecifies the debug log details to dump.
LogFileSpecifies the debug log filename.
LogFiltersSpecifies the debug log filters.
LogFlushModeSpecifies the log flush mode.
LogLevelSpecifies the debug log level.
LogMaxEventCountSpecifies the maximum number of events to cache before further action is taken.
LogRotationModeSpecifies the log rotation mode.
MaxASN1BufferLengthSpecifies the maximal allowed length for ASN.1 primitive tag data.
MaxASN1TreeDepthSpecifies the maximal depth for processed ASN.1 trees.
OCSPHashAlgorithmSpecifies the hash algorithm to be used to identify certificates in OCSP requests.
UseOwnDNSResolverSpecifies whether the client classes should use own DNS resolver.
UseSharedSystemStoragesSpecifies whether the validation engine should use a global per-process copy of the system certificate stores.
UseSystemOAEPAndPSSEnforces or disables the use of system-driven RSA OAEP and PSS computations.
UseSystemRandomEnables or disables the use of the OS PRNG.

Copyright (c) 2022 /n software inc. - All rights reserved.
SecureBlackbox 2020 Python Edition - Version 20.0 [Build 8165]