OfficeQuickSigner Component
Properties Methods Events Config Settings Errors
The OfficeQuickSigner component signs Office documents in a quick-and-easy manner.
Syntax
TsbxOfficeQuickSigner
Remarks
OfficeQuickSigner provides digital signing capabilities of Office documents.
Property List
The following is the full list of the properties of the component with short descriptions. Click on the links for further details.
| DocumentFormat | Defines the format of the Office document. |
| DocumentType | Defines the type of the Office document. |
| ExternalCrypto | Provides access to external signing and DC parameters. |
| FIPSMode | Reserved. |
| HashAlgorithm | Specifies the hash algorithm to be used. |
| InputBytes | Use this property to pass the input to component in byte array form. |
| InputFile | The file to be signed. |
| OutputBytes | Use this property to read the output the component object has produced. |
| OutputFile | Defines where to save the signed document. |
| SignatureType | Specifies the type of the signature to be made. |
| SignCoreProperties | Whether to sign the core properties of the document. |
| SignDocument | Whether to sign the document itself. |
| SigningCertificate | The certificate to be used for signing. |
| SigningChain | The signing certificate chain. |
| SignSignatureOrigin | Whether to sign the signature origin. |
Method List
The following is the full list of the methods of the component with short descriptions. Click on the links for further details.
| Config | Sets or retrieves a configuration setting. |
| DoAction | Performs an additional action. |
| ExtractAsyncData | Extracts user data from the DC signing service response. |
| Sign | Calculates the signature value. |
| SignAsyncBegin | Initiates the asynchronous signing operation. |
| SignAsyncEnd | Completes the asynchronous signing operation. |
| SignExternal | Signs the document using an external signing facility. |
Event List
The following is the full list of the events fired by the component with short descriptions. Click on the links for further details.
| Error | Information about errors during signing. |
| ExternalSign | Handles remote or external signing initiated by the SignExternal method or other source. |
| Notification | This event notifies the application about an underlying control flow event. |
Config Settings
The following is a list of config settings for the component with short descriptions. Click on the links for further details.
| ExpireTime | Signature expiration time in UTC. |
| SignatureInfoAddress1 | Specifies the location at which the signature was created. |
| SignatureInfoAddress2 | Specifies the location at which the signature was created. |
| SignatureInfoComments | Comments to the signature info text. |
| SignatureInfoDelegateSuggestedSigner | Specifies the name of a person. |
| SignatureInfoDelegateSuggestedSigner2 | Specifies the title of a person. |
| SignatureInfoDelegateSuggestedSignerEmail | Specifies the e-mail address of a person. |
| SignatureInfoImage | Specifies an image for the digital signature. |
| SignatureInfoIncluded | Whether to include the signature info. |
| SignatureInfoInvalidLnImage | Specifies the image of an invalid signature. |
| SignatureInfoSignatureType | Specifies the type of the digital signature. |
| SignatureInfoText | The text to be displayed as the signature info. |
| SignatureInfoValidLnImage | Specifies the image of a valid signature. |
| SignatureLineAdditionalSignatureInfo[Index] | Contains additional signature information. |
| SignatureLineAllowComments[Index] | Indicates if comments are allowed. |
| SignatureLineCount | The number of signature lines. |
| SignatureLineId[Index] | Contains signature unique ID. |
| SignatureLineImageData[Index] | Contains signature image. |
| SignatureLineIndex | Specifies the index of the signature line to sign. |
| SignatureLineShowSignDate[Index] | Indicates if signing date should be shown. |
| SignatureLineSignatureIndex[Index] | The index of the signature that signs signature line. |
| SignatureLineSignatureProviderId[Index] | Contains signature provider ID. |
| SignatureLineSignatureProviderUrl[Index] | Contains signature provider URL. |
| SignatureLineSigned[Index] | Indicates if signature line is signed. |
| SignatureLineSigningInstructions[Index] | Contains signing instructions. |
| SignatureLineSuggestedSigner2[Index] | Suggested signer line two. |
| SignatureLineSuggestedSigner[Index] | Suggested signer line one. |
| SignatureLineSuggestedSignerEmail[Index] | Suggested signer email address. |
| SignTime | Specifies the signing time in UTC. |
| TempPath | Location where the temporary files are stored. |
| CheckKeyIntegrityBeforeUse | Enables or disable private key integrity check before use. |
| CookieCaching | Specifies whether a cookie cache should be used for HTTP(S) transports. |
| Cookies | Gets or sets local cookies for the component. |
| DefDeriveKeyIterations | Specifies the default key derivation algorithm iteration count. |
| EnableClientSideSSLFFDHE | Enables or disables finite field DHE key exchange support in TLS clients. |
| GlobalCookies | Gets or sets global cookies for all the HTTP transports. |
| HttpUserAgent | Specifies the user agent name to be used by all HTTP clients. |
| LogDestination | Specifies the debug log destination. |
| LogDetails | Specifies the debug log details to dump. |
| LogFile | Specifies the debug log filename. |
| LogFilters | Specifies the debug log filters. |
| LogFlushMode | Specifies the log flush mode. |
| LogLevel | Specifies the debug log level. |
| LogMaxEventCount | Specifies the maximum number of events to cache before further action is taken. |
| LogRotationMode | Specifies the log rotation mode. |
| MaxASN1BufferLength | Specifies the maximal allowed length for ASN.1 primitive tag data. |
| MaxASN1TreeDepth | Specifies the maximal depth for processed ASN.1 trees. |
| OCSPHashAlgorithm | Specifies the hash algorithm to be used to identify certificates in OCSP requests. |
| StaticDNS | Specifies whether static DNS rules should be used. |
| StaticIPAddress[domain] | Gets or sets an IP address for the specified domain name. |
| StaticIPAddresses | Gets or sets all the static DNS rules. |
| Tag | Allows to store any custom data. |
| TLSSessionGroup | Specifies the group name of TLS sessions to be used for session resumption. |
| TLSSessionLifetime | Specifies lifetime in seconds of the cached TLS session. |
| TLSSessionPurgeInterval | Specifies how often the session cache should remove the expired TLS sessions. |
| UseOwnDNSResolver | Specifies whether the client components should use own DNS resolver. |
| UseSharedSystemStorages | Specifies whether the validation engine should use a global per-process copy of the system certificate stores. |
| UseSystemOAEPAndPSS | Enforces or disables the use of system-driven RSA OAEP and PSS computations. |
| UseSystemRandom | Enables or disables the use of the OS PRNG. |
DocumentFormat Property (OfficeQuickSigner Component)
Defines the format of the Office document.
Syntax
property DocumentFormat: TsbxOfficeDocumentFormats read get_DocumentFormat;
TsbxOfficeDocumentFormats = ( odfUnknown, odfBinary, odfOpenXML, odfOpenXPS, odfOpenDocument );
Default Value
odfUnknown
Remarks
This property contains the Office document format.
| odfUnknown | 0 | Unknown document format |
| odfBinary | 1 | Binary Office document |
| odfOpenXML | 2 | OpenXML Office document |
| odfOpenXPS | 3 | OpenXPS document |
| odfOpenDocument | 4 | OpenOffice document |
This property is read-only and not available at design time.
DocumentType Property (OfficeQuickSigner Component)
Defines the type of the Office document.
Syntax
property DocumentType: String read get_DocumentType;
Default Value
''
Remarks
This property contains the Office document type.
This property is read-only and not available at design time.
ExternalCrypto Property (OfficeQuickSigner Component)
Provides access to external signing and DC parameters.
Syntax
property ExternalCrypto: TsbxExternalCrypto read get_ExternalCrypto;
Remarks
Use this property to tune-up remote cryptography settings. SecureBlackbox supports two independent types of external cryptography: synchronous (based on the ExternalSign event) and asynchronous (based on the DC protocol and the DCAuth signing component).
This property is read-only.
Please refer to the ExternalCrypto type for a complete list of fields.FIPSMode Property (OfficeQuickSigner Component)
Reserved.
Syntax
property FIPSMode: Boolean read get_FIPSMode write set_FIPSMode;
Default Value
false
Remarks
This property is reserved for future use.
HashAlgorithm Property (OfficeQuickSigner Component)
Specifies the hash algorithm to be used.
Syntax
property HashAlgorithm: String read get_HashAlgorithm write set_HashAlgorithm;
Default Value
'SHA256'
Remarks
Use this property to set the hash algorithm for signature calculation.
Supported values:
| SB_HASH_ALGORITHM_MD5 | MD5 | |
| SB_HASH_ALGORITHM_SHA1 | SHA1 | |
| SB_HASH_ALGORITHM_SHA224 | SHA224 | |
| SB_HASH_ALGORITHM_SHA256 | SHA256 | |
| SB_HASH_ALGORITHM_SHA384 | SHA384 | |
| SB_HASH_ALGORITHM_SHA512 | SHA512 | |
| SB_HASH_ALGORITHM_RIPEMD160 | RIPEMD160 | |
| SB_HASH_ALGORITHM_GOST_R3411_1994 | GOST1994 | |
| SB_HASH_ALGORITHM_WHIRLPOOL | WHIRLPOOL | |
| SB_HASH_ALGORITHM_SHA3_256 | SHA3_256 | |
| SB_HASH_ALGORITHM_SHA3_384 | SHA3_384 | |
| SB_HASH_ALGORITHM_SHA3_512 | SHA3_512 |
InputBytes Property (OfficeQuickSigner Component)
Use this property to pass the input to component in byte array form.
Syntax
property InputBytes: TBytes read get_InputBytes write set_InputBytes;
Remarks
Assign a byte array containing the data to be processed to this property.
This property is not available at design time.
InputFile Property (OfficeQuickSigner Component)
The file to be signed.
Syntax
property InputFile: String read get_InputFile write set_InputFile;
Default Value
''
Remarks
Provide the path to the Office document to be signed.
OutputBytes Property (OfficeQuickSigner Component)
Use this property to read the output the component object has produced.
Syntax
property OutputBytes: TBytes read get_OutputBytes;
Remarks
Read the contents of this property after the operation has completed to read the produced output. This property will only be set if the OutputFile and OutputStream properties had not been assigned.
This property is read-only and not available at design time.
OutputFile Property (OfficeQuickSigner Component)
Defines where to save the signed document.
Syntax
property OutputFile: String read get_OutputFile write set_OutputFile;
Default Value
''
Remarks
Specifies the path where the signed Office document should be saved.
SignatureType Property (OfficeQuickSigner Component)
Specifies the type of the signature to be made.
Syntax
property SignatureType: TsbxOfficeSignatureTypes read get_SignatureType write set_SignatureType;
TsbxOfficeSignatureTypes = ( ostDefault, ostBinaryCryptoAPI, ostBinaryXML, ostOpenXML, ostOpenXPS, ostOpenDocument );
Default Value
ostDefault
Remarks
Use this property to define what kind of signature should be made over the document.
| ostDefault | 0 | |
| ostBinaryCryptoAPI | 1 | |
| ostBinaryXML | 2 | |
| ostOpenXML | 3 | |
| ostOpenXPS | 4 | |
| ostOpenDocument | 5 |
SignCoreProperties Property (OfficeQuickSigner Component)
Whether to sign the core properties of the document.
Syntax
property SignCoreProperties: Boolean read get_SignCoreProperties write set_SignCoreProperties;
Default Value
false
Remarks
The core properties are a set of elements that describe common and well-known properties of the Office document package such as creator, version, revision, etc.
SignDocument Property (OfficeQuickSigner Component)
Whether to sign the document itself.
Syntax
property SignDocument: Boolean read get_SignDocument write set_SignDocument;
Default Value
true
Remarks
Use this property to specify whether the signature should be computed over the document itself.
SigningCertificate Property (OfficeQuickSigner Component)
The certificate to be used for signing.
Syntax
property SigningCertificate: TsbxCertificate read get_SigningCertificate write set_SigningCertificate;
Remarks
Use this property to specify the certificate that shall be used for signing the data. Note that this certificate should have a private key associated with it. Use SigningChain to supply the rest of the certificate chain for inclusion into the signature.
This property is not available at design time.
Please refer to the Certificate type for a complete list of fields.SigningChain Property (OfficeQuickSigner Component)
The signing certificate chain.
Syntax
property SigningChain: TsbxCertificateList read get_SigningChain write set_SigningChain;
Remarks
Use this property to provide the chain for the signing certificate. Use the SigningCertificate property, if it is available, to provide the signing certificate itself.
This property is not available at design time.
Please refer to the Certificate type for a complete list of fields.SignSignatureOrigin Property (OfficeQuickSigner Component)
Whether to sign the signature origin.
Syntax
property SignSignatureOrigin: Boolean read get_SignSignatureOrigin write set_SignSignatureOrigin;
Default Value
false
Remarks
Specifies whether to sign the XPS document's signature origin.
Config Method (OfficeQuickSigner Component)
Sets or retrieves a configuration setting.
Syntax
function Config(ConfigurationString: String): String;
Remarks
Config is a generic method available in every component. It is used to set and retrieve configuration settings for the component.
These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the component, access to these internal properties is provided through the Config method.
To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).
To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.
DoAction Method (OfficeQuickSigner Component)
Performs an additional action.
Syntax
function DoAction(ActionID: String; ActionParams: String): String;
Remarks
DoAction is a generic method available in every component. It is used to perform an additional action introduced after the product major release. The list of actions is not fixed, and may be flexibly extended over time.
The unique identifier (case insensitive) of the action is provided in the ActionID parameter.
ActionParams contains the value of a single parameter, or a list of multiple parameters for the action in the form of PARAM1=VALUE1;PARAM2=VALUE2;....
ExtractAsyncData Method (OfficeQuickSigner Component)
Extracts user data from the DC signing service response.
Syntax
function ExtractAsyncData(AsyncReply: String): String;
Remarks
Call this method before finalizing the asynchronous signing process to extract the data passed to the ExternalCrypto.Data property on the pre-signing stage.
The Data parameter can be used to pass some state or document identifier along with the signing request from the pre-signing to the completion async stage.
Sign Method (OfficeQuickSigner Component)
Calculates the signature value.
Syntax
procedure Sign();
Remarks
Call this method to generate a signature over the document.
SignAsyncBegin Method (OfficeQuickSigner Component)
Initiates the asynchronous signing operation.
Syntax
function SignAsyncBegin(): String;
Remarks
When using the DC framework, call this method to initiate the asynchronous signing process. Upon completion, a pre-signed copy of the document will be saved in OutputFile (or OutputStream). Keep the pre-signed copy somewhere local, and pass the returned string ('the request state') to the DC processor for handling.
Upon receiving the response state from the DC processor, assign the path to the pre-signed copy to InputFile (or InputStream), and call SignAsyncEnd to finalize the signing.
Note that depending on the signing method and DC configuration used, you may still need to provide the public part of the signing certificate via the SigningCertificate property.
Use the ExternalCrypto.AsyncDocumentID property to supply a unique document ID to include in the request. This is helpful when creating batches of multiple async requests, as it allows you to pass the whole response batch to SignAsyncEnd and expect it to recover the correct response from the batch automatically.
AsyncState is a message of the distributed cryptography (DC) protocol. The DC protocol is based on the exchange of async states between a DC client (an application that wants to sign a PDF, XML, or Office document) and a DC server (an application that controls access to the private key). An async state can carry one or more signing requests, comprised of document hashes, or one or more signatures produced over those hashes.
In a typical scenario you get a client-side async state from the SignAsyncBegin method. This state contains document hashes to be signed on the DC server side. You then send the async state to the DC server (often represented by the DCAuth component), which processes it and produces a matching signature state. The async state produced by the server is then passed to the SignAsyncEnd method.
SignAsyncEnd Method (OfficeQuickSigner Component)
Completes the asynchronous signing operation.
Syntax
procedure SignAsyncEnd(AsyncReply: String);
Remarks
When using the DC framework, call this method upon receiving the response state from the DC processor to complete the asynchronous signing process.
Before calling this method, assign the path to the pre-signed copy of the document obtained from the prior SignAsyncBegin call to InputFile (or InputStream). The method will embed the signature into the pre-signed document, and save the complete signed document to OutputFile (or OutputStream).
Note that depending on the signing method and DC configuration used, you may still need to provide the public part of the signing certificate via the SigningCertificate property.
Use the ExternalCrypto.AsyncDocumentID parameter to pass a specific document ID if using batched AsyncReply. If used, it should match the value provided on the pre-signing (SignAsyncBegin) stage.
AsyncState is a message of the distributed cryptography (DC) protocol. The DC protocol is based on the exchange of async states between a DC client (an application that wants to sign a PDF, XML, or Office document) and a DC server (an application that controls access to the private key). An async state can carry one or more signing requests, comprised of document hashes, or one or more signatures produced over those hashes.
In a typical scenario you get a client-side async state from the SignAsyncBegin method. This state contains document hashes to be signed on the DC server side. You then send the async state to the DC server (often represented by the DCAuth component), which processes it and produces a matching signature state. The async state produced by the server is then passed to the SignAsyncEnd method.
SignExternal Method (OfficeQuickSigner Component)
Signs the document using an external signing facility.
Syntax
procedure SignExternal();
Remarks
Call this method to delegate the low-level signing operation to an external, remote, or custom signing engine. This method is useful if the signature has to be made by a device accessible through a custom or non-standard signing interface.
When all preparations are done and hash is computed, the component fires ExternalSign event which allows to pass the hash value for signing.
Error Event (OfficeQuickSigner Component)
Information about errors during signing.
Syntax
type TErrorEvent = procedure ( Sender: TObject; ErrorCode: Integer; const Description: String ) of Object;
property OnError: TErrorEvent read FOnError write FOnError;
Remarks
This event is fired in case of exceptional conditions during the office document processing.
ErrorCode contains an error code and Description contains a textual description of the error.
ExternalSign Event (OfficeQuickSigner Component)
Handles remote or external signing initiated by the SignExternal method or other source.
Syntax
type TExternalSignEvent = procedure ( Sender: TObject; const OperationId: String; const HashAlgorithm: String; const Pars: String; const Data: String; var SignedData: String ) of Object;
property OnExternalSign: TExternalSignEvent read FOnExternalSign write FOnExternalSign;
Remarks
Assign a handler to this event if you need to delegate a low-level signing operation to an external, remote, or custom signing engine. Depending on the settings, the handler will receive a hashed or unhashed value to be signed.
The event handler must pass the value of Data to the signer, obtain the signature, and pass it back to the component via the SignedData parameter.
OperationId provides a comment about the operation and its origin. It depends on the exact component being used, and may be empty. HashAlgorithm specifies the hash algorithm being used for the operation, and Pars contains algorithm-dependent parameters.
The component uses base16 (hex) encoding for the Data, SignedData, and Pars parameters. If your signing engine uses a different input and output encoding, you may need to decode and/or encode the data before and/or after the signing.
A sample MD5 hash encoded in base16: a0dee2a0382afbb09120ffa7ccd8a152 - lower case base16 A0DEE2A0382AFBB09120FFA7CCD8A152 - upper case base16
A sample event handler that uses the .NET RSACryptoServiceProvider class may look like the following:
signer.OnExternalSign += (s, e) =>
{
var cert = new X509Certificate2("cert.pfx", "", X509KeyStorageFlags.Exportable);
var key = (RSACryptoServiceProvider)cert.PrivateKey;
var dataToSign = e.Data.FromBase16String();
var signedData = key.SignHash(dataToSign, "2.16.840.1.101.3.4.2.1");
e.SignedData = signedData.ToBase16String();
};
Notification Event (OfficeQuickSigner Component)
This event notifies the application about an underlying control flow event.
Syntax
type TNotificationEvent = procedure ( Sender: TObject; const EventID: String; const EventParam: String ) of Object;
property OnNotification: TNotificationEvent read FOnNotification write FOnNotification;
Remarks
The component fires this event to let the application know about some event, occurrence, or milestone in the component. For example, it may fire to report completion of the document processing. The list of events being reported is not fixed, and may be flexibly extended over time.
The unique identifier of the event is provided in the EventID parameter. EventParam contains any parameters accompanying the occurrence. Depending on the type of the component, the exact action it is performing, or the document being processed, one or both may be omitted.
This component can fire this event with the following EventID values:
| DocumentLoaded | Reports the completion of Office document processing by the component. Use the event handler to access document-related information. The EventParam value passed with this EventID is empty. |
| BeforeTimestamp | This event is fired before a timestamp is requested from the timestamping authority. Use the event handler to modify TSA and HTTP settings. |
| TimestampError | This event is only fired if the component failed to obtain a timestamp from the timestamping authority. The EventParam parameter contains extended error info. |
| TimestampRequest | A timestamp is requested from the custom timestamping
authority. This event is only fired if TimestampServer was set to a
virtual:// URI. The EventParam parameter contains the
TSP request (or the plain hash, depending on the value provided to
TimestampServer), in base16, that needs to be sent to the TSA.
Use the event handler to send the request to the TSA. Upon receiving the response, assign it, in base16, to the TimestampResponse configuration property. |
Certificate Type
Provides details of an individual X.509 certificate.
Remarks
This type provides access to X.509 certificate details.
Fields
Bytes
TBytes (read-only)
Default Value: ""
Returns the raw certificate data in DER format.
CA
Boolean
Default Value: False
Indicates whether the certificate has a CA capability (a setting in the BasicConstraints extension).
CAKeyID
TBytes (read-only)
Default Value: ""
A unique identifier (fingerprint) of the CA certificate's private key.
Authority Key Identifier is a (non-critical) X.509 certificate extension which allows the identification of certificates produced by the same issuer, but with different public keys.
CRLDistributionPoints
String
Default Value: ""
Locations of the CRL (Certificate Revocation List) distribution points used to check this certificate's validity.
Curve
String
Default Value: ""
Specifies the elliptic curve of the EC public key.
| SB_EC_SECP112R1 | SECP112R1 | |
| SB_EC_SECP112R2 | SECP112R2 | |
| SB_EC_SECP128R1 | SECP128R1 | |
| SB_EC_SECP128R2 | SECP128R2 | |
| SB_EC_SECP160K1 | SECP160K1 | |
| SB_EC_SECP160R1 | SECP160R1 | |
| SB_EC_SECP160R2 | SECP160R2 | |
| SB_EC_SECP192K1 | SECP192K1 | |
| SB_EC_SECP192R1 | SECP192R1 | |
| SB_EC_SECP224K1 | SECP224K1 | |
| SB_EC_SECP224R1 | SECP224R1 | |
| SB_EC_SECP256K1 | SECP256K1 | |
| SB_EC_SECP256R1 | SECP256R1 | |
| SB_EC_SECP384R1 | SECP384R1 | |
| SB_EC_SECP521R1 | SECP521R1 | |
| SB_EC_SECT113R1 | SECT113R1 | |
| SB_EC_SECT113R2 | SECT113R2 | |
| SB_EC_SECT131R1 | SECT131R1 | |
| SB_EC_SECT131R2 | SECT131R2 | |
| SB_EC_SECT163K1 | SECT163K1 | |
| SB_EC_SECT163R1 | SECT163R1 | |
| SB_EC_SECT163R2 | SECT163R2 | |
| SB_EC_SECT193R1 | SECT193R1 | |
| SB_EC_SECT193R2 | SECT193R2 | |
| SB_EC_SECT233K1 | SECT233K1 | |
| SB_EC_SECT233R1 | SECT233R1 | |
| SB_EC_SECT239K1 | SECT239K1 | |
| SB_EC_SECT283K1 | SECT283K1 | |
| SB_EC_SECT283R1 | SECT283R1 | |
| SB_EC_SECT409K1 | SECT409K1 | |
| SB_EC_SECT409R1 | SECT409R1 | |
| SB_EC_SECT571K1 | SECT571K1 | |
| SB_EC_SECT571R1 | SECT571R1 | |
| SB_EC_PRIME192V1 | PRIME192V1 | |
| SB_EC_PRIME192V2 | PRIME192V2 | |
| SB_EC_PRIME192V3 | PRIME192V3 | |
| SB_EC_PRIME239V1 | PRIME239V1 | |
| SB_EC_PRIME239V2 | PRIME239V2 | |
| SB_EC_PRIME239V3 | PRIME239V3 | |
| SB_EC_PRIME256V1 | PRIME256V1 | |
| SB_EC_C2PNB163V1 | C2PNB163V1 | |
| SB_EC_C2PNB163V2 | C2PNB163V2 | |
| SB_EC_C2PNB163V3 | C2PNB163V3 | |
| SB_EC_C2PNB176W1 | C2PNB176W1 | |
| SB_EC_C2TNB191V1 | C2TNB191V1 | |
| SB_EC_C2TNB191V2 | C2TNB191V2 | |
| SB_EC_C2TNB191V3 | C2TNB191V3 | |
| SB_EC_C2ONB191V4 | C2ONB191V4 | |
| SB_EC_C2ONB191V5 | C2ONB191V5 | |
| SB_EC_C2PNB208W1 | C2PNB208W1 | |
| SB_EC_C2TNB239V1 | C2TNB239V1 | |
| SB_EC_C2TNB239V2 | C2TNB239V2 | |
| SB_EC_C2TNB239V3 | C2TNB239V3 | |
| SB_EC_C2ONB239V4 | C2ONB239V4 | |
| SB_EC_C2ONB239V5 | C2ONB239V5 | |
| SB_EC_C2PNB272W1 | C2PNB272W1 | |
| SB_EC_C2PNB304W1 | C2PNB304W1 | |
| SB_EC_C2TNB359V1 | C2TNB359V1 | |
| SB_EC_C2PNB368W1 | C2PNB368W1 | |
| SB_EC_C2TNB431R1 | C2TNB431R1 | |
| SB_EC_NISTP192 | NISTP192 | |
| SB_EC_NISTP224 | NISTP224 | |
| SB_EC_NISTP256 | NISTP256 | |
| SB_EC_NISTP384 | NISTP384 | |
| SB_EC_NISTP521 | NISTP521 | |
| SB_EC_NISTB163 | NISTB163 | |
| SB_EC_NISTB233 | NISTB233 | |
| SB_EC_NISTB283 | NISTB283 | |
| SB_EC_NISTB409 | NISTB409 | |
| SB_EC_NISTB571 | NISTB571 | |
| SB_EC_NISTK163 | NISTK163 | |
| SB_EC_NISTK233 | NISTK233 | |
| SB_EC_NISTK283 | NISTK283 | |
| SB_EC_NISTK409 | NISTK409 | |
| SB_EC_NISTK571 | NISTK571 | |
| SB_EC_GOSTCPTEST | GOSTCPTEST | |
| SB_EC_GOSTCPA | GOSTCPA | |
| SB_EC_GOSTCPB | GOSTCPB | |
| SB_EC_GOSTCPC | GOSTCPC | |
| SB_EC_GOSTCPXCHA | GOSTCPXCHA | |
| SB_EC_GOSTCPXCHB | GOSTCPXCHB | |
| SB_EC_BRAINPOOLP160R1 | BRAINPOOLP160R1 | |
| SB_EC_BRAINPOOLP160T1 | BRAINPOOLP160T1 | |
| SB_EC_BRAINPOOLP192R1 | BRAINPOOLP192R1 | |
| SB_EC_BRAINPOOLP192T1 | BRAINPOOLP192T1 | |
| SB_EC_BRAINPOOLP224R1 | BRAINPOOLP224R1 | |
| SB_EC_BRAINPOOLP224T1 | BRAINPOOLP224T1 | |
| SB_EC_BRAINPOOLP256R1 | BRAINPOOLP256R1 | |
| SB_EC_BRAINPOOLP256T1 | BRAINPOOLP256T1 | |
| SB_EC_BRAINPOOLP320R1 | BRAINPOOLP320R1 | |
| SB_EC_BRAINPOOLP320T1 | BRAINPOOLP320T1 | |
| SB_EC_BRAINPOOLP384R1 | BRAINPOOLP384R1 | |
| SB_EC_BRAINPOOLP384T1 | BRAINPOOLP384T1 | |
| SB_EC_BRAINPOOLP512R1 | BRAINPOOLP512R1 | |
| SB_EC_BRAINPOOLP512T1 | BRAINPOOLP512T1 | |
| SB_EC_CURVE25519 | CURVE25519 | |
| SB_EC_CURVE448 | CURVE448 |
Fingerprint
TBytes (read-only)
Default Value: ""
Contains the fingerprint (a hash imprint) of this certificate.
FriendlyName
String (read-only)
Default Value: ""
Contains an associated alias (friendly name) of the certificate.
Handle
Int64
Default Value: 0
Allows to get or set a 'handle', a unique identifier of the underlying property object. Use this property to assign objects of the same type in a quicker manner, without copying them fieldwise.
When you pass a handle of one object to another, the source object is copied to the destination rather than assigned. It is safe to get rid of the original object
after such operation.
pdfSigner.setSigningCertHandle(certMgr.getCertHandle());
HashAlgorithm
String
Default Value: ""
Specifies the hash algorithm to be used in the operations on the certificate (such as key signing)
| SB_HASH_ALGORITHM_SHA1 | SHA1 | |
| SB_HASH_ALGORITHM_SHA224 | SHA224 | |
| SB_HASH_ALGORITHM_SHA256 | SHA256 | |
| SB_HASH_ALGORITHM_SHA384 | SHA384 | |
| SB_HASH_ALGORITHM_SHA512 | SHA512 | |
| SB_HASH_ALGORITHM_MD2 | MD2 | |
| SB_HASH_ALGORITHM_MD4 | MD4 | |
| SB_HASH_ALGORITHM_MD5 | MD5 | |
| SB_HASH_ALGORITHM_RIPEMD160 | RIPEMD160 | |
| SB_HASH_ALGORITHM_CRC32 | CRC32 | |
| SB_HASH_ALGORITHM_SSL3 | SSL3 | |
| SB_HASH_ALGORITHM_GOST_R3411_1994 | GOST1994 | |
| SB_HASH_ALGORITHM_WHIRLPOOL | WHIRLPOOL | |
| SB_HASH_ALGORITHM_POLY1305 | POLY1305 | |
| SB_HASH_ALGORITHM_SHA3_224 | SHA3_224 | |
| SB_HASH_ALGORITHM_SHA3_256 | SHA3_256 | |
| SB_HASH_ALGORITHM_SHA3_384 | SHA3_384 | |
| SB_HASH_ALGORITHM_SHA3_512 | SHA3_512 | |
| SB_HASH_ALGORITHM_BLAKE2S_128 | BLAKE2S_128 | |
| SB_HASH_ALGORITHM_BLAKE2S_160 | BLAKE2S_160 | |
| SB_HASH_ALGORITHM_BLAKE2S_224 | BLAKE2S_224 | |
| SB_HASH_ALGORITHM_BLAKE2S_256 | BLAKE2S_256 | |
| SB_HASH_ALGORITHM_BLAKE2B_160 | BLAKE2B_160 | |
| SB_HASH_ALGORITHM_BLAKE2B_256 | BLAKE2B_256 | |
| SB_HASH_ALGORITHM_BLAKE2B_384 | BLAKE2B_384 | |
| SB_HASH_ALGORITHM_BLAKE2B_512 | BLAKE2B_512 | |
| SB_HASH_ALGORITHM_SHAKE_128 | SHAKE_128 | |
| SB_HASH_ALGORITHM_SHAKE_256 | SHAKE_256 | |
| SB_HASH_ALGORITHM_SHAKE_128_LEN | SHAKE_128_LEN | |
| SB_HASH_ALGORITHM_SHAKE_256_LEN | SHAKE_256_LEN |
Issuer
String (read-only)
Default Value: ""
The common name of the certificate issuer (CA), typically a company name.
IssuerRDN
String
Default Value: ""
A collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate issuer.
KeyAlgorithm
String
Default Value: "0"
Specifies the public key algorithm of this certificate.
| SB_CERT_ALGORITHM_ID_RSA_ENCRYPTION | rsaEncryption | |
| SB_CERT_ALGORITHM_MD2_RSA_ENCRYPTION | md2withRSAEncryption | |
| SB_CERT_ALGORITHM_MD5_RSA_ENCRYPTION | md5withRSAEncryption | |
| SB_CERT_ALGORITHM_SHA1_RSA_ENCRYPTION | sha1withRSAEncryption | |
| SB_CERT_ALGORITHM_ID_DSA | id-dsa | |
| SB_CERT_ALGORITHM_ID_DSA_SHA1 | id-dsa-with-sha1 | |
| SB_CERT_ALGORITHM_DH_PUBLIC | dhpublicnumber | |
| SB_CERT_ALGORITHM_SHA224_RSA_ENCRYPTION | sha224WithRSAEncryption | |
| SB_CERT_ALGORITHM_SHA256_RSA_ENCRYPTION | sha256WithRSAEncryption | |
| SB_CERT_ALGORITHM_SHA384_RSA_ENCRYPTION | sha384WithRSAEncryption | |
| SB_CERT_ALGORITHM_SHA512_RSA_ENCRYPTION | sha512WithRSAEncryption | |
| SB_CERT_ALGORITHM_ID_RSAPSS | id-RSASSA-PSS | |
| SB_CERT_ALGORITHM_ID_RSAOAEP | id-RSAES-OAEP | |
| SB_CERT_ALGORITHM_RSASIGNATURE_RIPEMD160 | ripemd160withRSA | |
| SB_CERT_ALGORITHM_ID_ELGAMAL | elGamal | |
| SB_CERT_ALGORITHM_SHA1_ECDSA | ecdsa-with-SHA1 | |
| SB_CERT_ALGORITHM_RECOMMENDED_ECDSA | ecdsa-recommended | |
| SB_CERT_ALGORITHM_SHA224_ECDSA | ecdsa-with-SHA224 | |
| SB_CERT_ALGORITHM_SHA256_ECDSA | ecdsa-with-SHA256 | |
| SB_CERT_ALGORITHM_SHA384_ECDSA | ecdsa-with-SHA384 | |
| SB_CERT_ALGORITHM_SHA512_ECDSA | ecdsa-with-SHA512 | |
| SB_CERT_ALGORITHM_EC | id-ecPublicKey | |
| SB_CERT_ALGORITHM_SPECIFIED_ECDSA | ecdsa-specified | |
| SB_CERT_ALGORITHM_GOST_R3410_1994 | id-GostR3410-94 | |
| SB_CERT_ALGORITHM_GOST_R3410_2001 | id-GostR3410-2001 | |
| SB_CERT_ALGORITHM_GOST_R3411_WITH_R3410_1994 | id-GostR3411-94-with-GostR3410-94 | |
| SB_CERT_ALGORITHM_GOST_R3411_WITH_R3410_2001 | id-GostR3411-94-with-GostR3410-2001 | |
| SB_CERT_ALGORITHM_SHA1_ECDSA_PLAIN | ecdsa-plain-SHA1 | |
| SB_CERT_ALGORITHM_SHA224_ECDSA_PLAIN | ecdsa-plain-SHA224 | |
| SB_CERT_ALGORITHM_SHA256_ECDSA_PLAIN | ecdsa-plain-SHA256 | |
| SB_CERT_ALGORITHM_SHA384_ECDSA_PLAIN | ecdsa-plain-SHA384 | |
| SB_CERT_ALGORITHM_SHA512_ECDSA_PLAIN | ecdsa-plain-SHA512 | |
| SB_CERT_ALGORITHM_RIPEMD160_ECDSA_PLAIN | ecdsa-plain-RIPEMD160 | |
| SB_CERT_ALGORITHM_WHIRLPOOL_RSA_ENCRYPTION | whirlpoolWithRSAEncryption | |
| SB_CERT_ALGORITHM_ID_DSA_SHA224 | id-dsa-with-sha224 | |
| SB_CERT_ALGORITHM_ID_DSA_SHA256 | id-dsa-with-sha256 | |
| SB_CERT_ALGORITHM_SHA3_224_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-sha3-224 | |
| SB_CERT_ALGORITHM_SHA3_256_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-sha3-256 | |
| SB_CERT_ALGORITHM_SHA3_384_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-sha3-384 | |
| SB_CERT_ALGORITHM_SHA3_512_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-sha3-512 | |
| SB_CERT_ALGORITHM_SHA3_224_ECDSA | id-ecdsa-with-sha3-224 | |
| SB_CERT_ALGORITHM_SHA3_256_ECDSA | id-ecdsa-with-sha3-256 | |
| SB_CERT_ALGORITHM_SHA3_384_ECDSA | id-ecdsa-with-sha3-384 | |
| SB_CERT_ALGORITHM_SHA3_512_ECDSA | id-ecdsa-with-sha3-512 | |
| SB_CERT_ALGORITHM_SHA3_224_ECDSA_PLAIN | id-ecdsa-plain-with-sha3-224 | |
| SB_CERT_ALGORITHM_SHA3_256_ECDSA_PLAIN | id-ecdsa-plain-with-sha3-256 | |
| SB_CERT_ALGORITHM_SHA3_384_ECDSA_PLAIN | id-ecdsa-plain-with-sha3-384 | |
| SB_CERT_ALGORITHM_SHA3_512_ECDSA_PLAIN | id-ecdsa-plain-with-sha3-512 | |
| SB_CERT_ALGORITHM_ID_DSA_SHA3_224 | id-dsa-with-sha3-224 | |
| SB_CERT_ALGORITHM_ID_DSA_SHA3_256 | id-dsa-with-sha3-256 | |
| SB_CERT_ALGORITHM_BLAKE2S_128_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2s128 | |
| SB_CERT_ALGORITHM_BLAKE2S_160_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2s160 | |
| SB_CERT_ALGORITHM_BLAKE2S_224_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2s224 | |
| SB_CERT_ALGORITHM_BLAKE2S_256_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2s256 | |
| SB_CERT_ALGORITHM_BLAKE2B_160_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2b160 | |
| SB_CERT_ALGORITHM_BLAKE2B_256_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2b256 | |
| SB_CERT_ALGORITHM_BLAKE2B_384_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2b384 | |
| SB_CERT_ALGORITHM_BLAKE2B_512_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2b512 | |
| SB_CERT_ALGORITHM_BLAKE2S_128_ECDSA | id-ecdsa-with-blake2s128 | |
| SB_CERT_ALGORITHM_BLAKE2S_160_ECDSA | id-ecdsa-with-blake2s160 | |
| SB_CERT_ALGORITHM_BLAKE2S_224_ECDSA | id-ecdsa-with-blake2s224 | |
| SB_CERT_ALGORITHM_BLAKE2S_256_ECDSA | id-ecdsa-with-blake2s256 | |
| SB_CERT_ALGORITHM_BLAKE2B_160_ECDSA | id-ecdsa-with-blake2b160 | |
| SB_CERT_ALGORITHM_BLAKE2B_256_ECDSA | id-ecdsa-with-blake2b256 | |
| SB_CERT_ALGORITHM_BLAKE2B_384_ECDSA | id-ecdsa-with-blake2b384 | |
| SB_CERT_ALGORITHM_BLAKE2B_512_ECDSA | id-ecdsa-with-blake2b512 | |
| SB_CERT_ALGORITHM_BLAKE2S_128_ECDSA_PLAIN | id-ecdsa-plain-with-blake2s128 | |
| SB_CERT_ALGORITHM_BLAKE2S_160_ECDSA_PLAIN | id-ecdsa-plain-with-blake2s160 | |
| SB_CERT_ALGORITHM_BLAKE2S_224_ECDSA_PLAIN | id-ecdsa-plain-with-blake2s224 | |
| SB_CERT_ALGORITHM_BLAKE2S_256_ECDSA_PLAIN | id-ecdsa-plain-with-blake2s256 | |
| SB_CERT_ALGORITHM_BLAKE2B_160_ECDSA_PLAIN | id-ecdsa-plain-with-blake2b160 | |
| SB_CERT_ALGORITHM_BLAKE2B_256_ECDSA_PLAIN | id-ecdsa-plain-with-blake2b256 | |
| SB_CERT_ALGORITHM_BLAKE2B_384_ECDSA_PLAIN | id-ecdsa-plain-with-blake2b384 | |
| SB_CERT_ALGORITHM_BLAKE2B_512_ECDSA_PLAIN | id-ecdsa-plain-with-blake2b512 | |
| SB_CERT_ALGORITHM_ID_DSA_BLAKE2S_224 | id-dsa-with-blake2s224 | |
| SB_CERT_ALGORITHM_ID_DSA_BLAKE2S_256 | id-dsa-with-blake2s256 | |
| SB_CERT_ALGORITHM_EDDSA_ED25519 | id-Ed25519 | |
| SB_CERT_ALGORITHM_EDDSA_ED448 | id-Ed448 | |
| SB_CERT_ALGORITHM_EDDSA_ED25519_PH | id-Ed25519ph | |
| SB_CERT_ALGORITHM_EDDSA_ED448_PH | id-Ed448ph | |
| SB_CERT_ALGORITHM_EDDSA | id-EdDSA | |
| SB_CERT_ALGORITHM_EDDSA_SIGNATURE | id-EdDSA-sig |
KeyBits
Integer (read-only)
Default Value: 0
Returns the length of the public key.
KeyFingerprint
TBytes (read-only)
Default Value: ""
Returns a fingerprint of the public key contained in the certificate.
KeyUsage
Integer
Default Value: 0
Indicates the purposes of the key contained in the certificate, in the form of an OR'ed flag set.
This value is a bit mask of the following values:
| ckuUnknown | 0x00000 | Unknown key usage |
| ckuDigitalSignature | 0x00001 | Digital signature |
| ckuNonRepudiation | 0x00002 | Non-repudiation |
| ckuKeyEncipherment | 0x00004 | Key encipherment |
| ckuDataEncipherment | 0x00008 | Data encipherment |
| ckuKeyAgreement | 0x00010 | Key agreement |
| ckuKeyCertSign | 0x00020 | Certificate signing |
| ckuCRLSign | 0x00040 | Revocation signing |
| ckuEncipherOnly | 0x00080 | Encipher only |
| ckuDecipherOnly | 0x00100 | Decipher only |
| ckuServerAuthentication | 0x00200 | Server authentication |
| ckuClientAuthentication | 0x00400 | Client authentication |
| ckuCodeSigning | 0x00800 | Code signing |
| ckuEmailProtection | 0x01000 | Email protection |
| ckuTimeStamping | 0x02000 | Timestamping |
| ckuOCSPSigning | 0x04000 | OCSP signing |
| ckuSmartCardLogon | 0x08000 | Smartcard logon |
| ckuKeyPurposeClientAuth | 0x10000 | Kerberos - client authentication |
| ckuKeyPurposeKDC | 0x20000 | Kerberos - KDC |
KeyValid
Boolean (read-only)
Default Value: False
Returns True if the certificate's key is cryptographically valid, and False otherwise.
OCSPLocations
String
Default Value: ""
Locations of OCSP (Online Certificate Status Protocol) services that can be used to check this certificate's validity, as recorded by the CA.
OCSPNoCheck
Boolean
Default Value: False
Accessor to the value of the certificate's ocsp-no-check extension.
Origin
Integer (read-only)
Default Value: 0
Returns the origin of this certificate.
PolicyIDs
String
Default Value: ""
Contains identifiers (OIDs) of the applicable certificate policies.
The Certificate Policies extension identifies a sequence of policies under which the certificate has been issued, and which regulate its usage.
PrivateKeyBytes
TBytes (read-only)
Default Value: ""
Contains the certificate's private key. It is normal for this property to be empty if the private key is non-exportable.
PrivateKeyExists
Boolean (read-only)
Default Value: False
Indicates whether the certificate has an associated private key.
PrivateKeyExtractable
Boolean (read-only)
Default Value: False
Indicates whether the private key is extractable.
PublicKeyBytes
TBytes (read-only)
Default Value: ""
Contains the certificate's public key in DER format.
QualifiedStatements
TsbxQualifiedStatementsTypes
Default Value: 0
Returns the qualified status of the certificate.
SelfSigned
Boolean (read-only)
Default Value: False
Indicates whether the certificate is self-signed (root) or signed by an external CA.
SerialNumber
TBytes
Default Value: ""
Returns the certificate's serial number.
SigAlgorithm
String (read-only)
Default Value: ""
Indicates the algorithm that was used by the CA to sign this certificate.
Subject
String (read-only)
Default Value: ""
The common name of the certificate holder, typically an individual's name, a URL, an e-mail address, or a company name.
SubjectAlternativeName
String
Default Value: ""
Returns or sets the value of the Subject Alternative Name extension of the certificate.
SubjectKeyID
TBytes
Default Value: ""
Contains a unique identifier (fingerprint) of the certificate's private key.
Subject Key Identifier is a (non-critical) X.509 certificate extension which allows the identification of certificates containing a particular public key. In SecureBlackbox, the unique identifier is represented with a SHA1 hash of the bit string of the subject public key.
SubjectRDN
String
Default Value: ""
A collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate holder (subject).
ValidFrom
String
Default Value: ""
The time point at which the certificate becomes valid, in UTC.
ValidTo
String
Default Value: ""
The time point at which the certificate expires, in UTC.
Constructors
>
constructor Create();
Creates a new object with default field values.
ExternalCrypto Type
Specifies the parameters of external cryptographic calls.
Remarks
External cryptocalls are used in a Distributed Cryptography (DC) subsystem, which allows the delegation of security operations to the remote agent. For instance, it can be used to compute the signature value on the server, while retaining the client's private key locally.
Fields
AsyncDocumentID
String
Default Value: ""
Specifies an optional document ID for SignAsyncBegin() and SignAsyncEnd() calls.
Use this property when working with multi-signature DCAuth requests and responses to uniquely identify documents signed within a larger batch. On the completion stage, this value helps the signing component identify the correct signature in the returned batch of responses.
If using batched requests, make sure to set this property to the same value on both the pre-signing (SignAsyncBegin) and completion (SignAsyncEnd) stages.
CustomParams
String
Default Value: ""
Custom parameters to be passed to the signing service (uninterpreted).
Data
String
Default Value: ""
Additional data to be included in the async state and mirrored back by the requestor.
ExternalHashCalculation
Boolean
Default Value: False
Specifies whether the message hash is to be calculated at the external endpoint. Please note that this mode is not supported by the DCAuth component.
If set to true, the component will pass a few kilobytes of to-be-signed data from the document to the OnExternalSign event. This only applies when SignExternal() is called.
HashAlgorithm
String
Default Value: "SHA256"
Specifies the request's signature hash algorithm.
| SB_HASH_ALGORITHM_SHA1 | SHA1 | |
| SB_HASH_ALGORITHM_SHA224 | SHA224 | |
| SB_HASH_ALGORITHM_SHA256 | SHA256 | |
| SB_HASH_ALGORITHM_SHA384 | SHA384 | |
| SB_HASH_ALGORITHM_SHA512 | SHA512 | |
| SB_HASH_ALGORITHM_MD2 | MD2 | |
| SB_HASH_ALGORITHM_MD4 | MD4 | |
| SB_HASH_ALGORITHM_MD5 | MD5 | |
| SB_HASH_ALGORITHM_RIPEMD160 | RIPEMD160 | |
| SB_HASH_ALGORITHM_CRC32 | CRC32 | |
| SB_HASH_ALGORITHM_SSL3 | SSL3 | |
| SB_HASH_ALGORITHM_GOST_R3411_1994 | GOST1994 | |
| SB_HASH_ALGORITHM_WHIRLPOOL | WHIRLPOOL | |
| SB_HASH_ALGORITHM_POLY1305 | POLY1305 | |
| SB_HASH_ALGORITHM_SHA3_224 | SHA3_224 | |
| SB_HASH_ALGORITHM_SHA3_256 | SHA3_256 | |
| SB_HASH_ALGORITHM_SHA3_384 | SHA3_384 | |
| SB_HASH_ALGORITHM_SHA3_512 | SHA3_512 | |
| SB_HASH_ALGORITHM_BLAKE2S_128 | BLAKE2S_128 | |
| SB_HASH_ALGORITHM_BLAKE2S_160 | BLAKE2S_160 | |
| SB_HASH_ALGORITHM_BLAKE2S_224 | BLAKE2S_224 | |
| SB_HASH_ALGORITHM_BLAKE2S_256 | BLAKE2S_256 | |
| SB_HASH_ALGORITHM_BLAKE2B_160 | BLAKE2B_160 | |
| SB_HASH_ALGORITHM_BLAKE2B_256 | BLAKE2B_256 | |
| SB_HASH_ALGORITHM_BLAKE2B_384 | BLAKE2B_384 | |
| SB_HASH_ALGORITHM_BLAKE2B_512 | BLAKE2B_512 | |
| SB_HASH_ALGORITHM_SHAKE_128 | SHAKE_128 | |
| SB_HASH_ALGORITHM_SHAKE_256 | SHAKE_256 | |
| SB_HASH_ALGORITHM_SHAKE_128_LEN | SHAKE_128_LEN | |
| SB_HASH_ALGORITHM_SHAKE_256_LEN | SHAKE_256_LEN |
KeyID
String
Default Value: ""
The ID of the pre-shared key used for DC request authentication.
Asynchronous DCAuth-driven communication requires that parties authenticate each other with a secret pre-shared cryptographic key. This provides an extra protection layer for the protocol and diminishes the risk of the private key becoming abused by foreign parties. Use this property to provide the pre-shared key identifier, and use KeySecret to pass the key itself.
The same KeyID/KeySecret pair should be used on the DCAuth side for the signing requests to be accepted.
Note: The KeyID/KeySecret scheme is very similar to the AuthKey scheme used in various Cloud service providers to authenticate users.
Example:
signer.ExternalCrypto.KeyID = "MainSigningKey";
signer.ExternalCrypto.KeySecret = "abcdef0123456789";
KeySecret
String
Default Value: ""
The pre-shared key used for DC request authentication. This key must be set and match the key used by the DCAuth counterpart for the scheme to work.
Read more about configuring authentication in the KeyID topic.
Method
TsbxAsyncSignMethods
Default Value: 0
Specifies the asynchronous signing method. This is typically defined by the DC server capabilities and setup.
Available options:
| asmdPKCS1 | 0 |
| asmdPKCS7 | 1 |
Mode
TsbxExternalCryptoModes
Default Value: 0
Specifies the external cryptography mode.
Available options:
| ecmDefault | The default value (0) |
| ecmDisabled | Do not use DC or external signing (1) |
| ecmGeneric | Generic external signing with the OnExternalSign event (2) |
| ecmDCAuth | DCAuth signing (3) |
| ecmDCAuthJSON | DCAuth signing in JSON format (4) |
PublicKeyAlgorithm
String
Default Value: ""
Provide the public key algorithm here if the certificate is not available on the pre-signing stage.
| SB_CERT_ALGORITHM_ID_RSA_ENCRYPTION | rsaEncryption | |
| SB_CERT_ALGORITHM_MD2_RSA_ENCRYPTION | md2withRSAEncryption | |
| SB_CERT_ALGORITHM_MD5_RSA_ENCRYPTION | md5withRSAEncryption | |
| SB_CERT_ALGORITHM_SHA1_RSA_ENCRYPTION | sha1withRSAEncryption | |
| SB_CERT_ALGORITHM_ID_DSA | id-dsa | |
| SB_CERT_ALGORITHM_ID_DSA_SHA1 | id-dsa-with-sha1 | |
| SB_CERT_ALGORITHM_DH_PUBLIC | dhpublicnumber | |
| SB_CERT_ALGORITHM_SHA224_RSA_ENCRYPTION | sha224WithRSAEncryption | |
| SB_CERT_ALGORITHM_SHA256_RSA_ENCRYPTION | sha256WithRSAEncryption | |
| SB_CERT_ALGORITHM_SHA384_RSA_ENCRYPTION | sha384WithRSAEncryption | |
| SB_CERT_ALGORITHM_SHA512_RSA_ENCRYPTION | sha512WithRSAEncryption | |
| SB_CERT_ALGORITHM_ID_RSAPSS | id-RSASSA-PSS | |
| SB_CERT_ALGORITHM_ID_RSAOAEP | id-RSAES-OAEP | |
| SB_CERT_ALGORITHM_RSASIGNATURE_RIPEMD160 | ripemd160withRSA | |
| SB_CERT_ALGORITHM_ID_ELGAMAL | elGamal | |
| SB_CERT_ALGORITHM_SHA1_ECDSA | ecdsa-with-SHA1 | |
| SB_CERT_ALGORITHM_RECOMMENDED_ECDSA | ecdsa-recommended | |
| SB_CERT_ALGORITHM_SHA224_ECDSA | ecdsa-with-SHA224 | |
| SB_CERT_ALGORITHM_SHA256_ECDSA | ecdsa-with-SHA256 | |
| SB_CERT_ALGORITHM_SHA384_ECDSA | ecdsa-with-SHA384 | |
| SB_CERT_ALGORITHM_SHA512_ECDSA | ecdsa-with-SHA512 | |
| SB_CERT_ALGORITHM_EC | id-ecPublicKey | |
| SB_CERT_ALGORITHM_SPECIFIED_ECDSA | ecdsa-specified | |
| SB_CERT_ALGORITHM_GOST_R3410_1994 | id-GostR3410-94 | |
| SB_CERT_ALGORITHM_GOST_R3410_2001 | id-GostR3410-2001 | |
| SB_CERT_ALGORITHM_GOST_R3411_WITH_R3410_1994 | id-GostR3411-94-with-GostR3410-94 | |
| SB_CERT_ALGORITHM_GOST_R3411_WITH_R3410_2001 | id-GostR3411-94-with-GostR3410-2001 | |
| SB_CERT_ALGORITHM_SHA1_ECDSA_PLAIN | ecdsa-plain-SHA1 | |
| SB_CERT_ALGORITHM_SHA224_ECDSA_PLAIN | ecdsa-plain-SHA224 | |
| SB_CERT_ALGORITHM_SHA256_ECDSA_PLAIN | ecdsa-plain-SHA256 | |
| SB_CERT_ALGORITHM_SHA384_ECDSA_PLAIN | ecdsa-plain-SHA384 | |
| SB_CERT_ALGORITHM_SHA512_ECDSA_PLAIN | ecdsa-plain-SHA512 | |
| SB_CERT_ALGORITHM_RIPEMD160_ECDSA_PLAIN | ecdsa-plain-RIPEMD160 | |
| SB_CERT_ALGORITHM_WHIRLPOOL_RSA_ENCRYPTION | whirlpoolWithRSAEncryption | |
| SB_CERT_ALGORITHM_ID_DSA_SHA224 | id-dsa-with-sha224 | |
| SB_CERT_ALGORITHM_ID_DSA_SHA256 | id-dsa-with-sha256 | |
| SB_CERT_ALGORITHM_SHA3_224_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-sha3-224 | |
| SB_CERT_ALGORITHM_SHA3_256_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-sha3-256 | |
| SB_CERT_ALGORITHM_SHA3_384_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-sha3-384 | |
| SB_CERT_ALGORITHM_SHA3_512_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-sha3-512 | |
| SB_CERT_ALGORITHM_SHA3_224_ECDSA | id-ecdsa-with-sha3-224 | |
| SB_CERT_ALGORITHM_SHA3_256_ECDSA | id-ecdsa-with-sha3-256 | |
| SB_CERT_ALGORITHM_SHA3_384_ECDSA | id-ecdsa-with-sha3-384 | |
| SB_CERT_ALGORITHM_SHA3_512_ECDSA | id-ecdsa-with-sha3-512 | |
| SB_CERT_ALGORITHM_SHA3_224_ECDSA_PLAIN | id-ecdsa-plain-with-sha3-224 | |
| SB_CERT_ALGORITHM_SHA3_256_ECDSA_PLAIN | id-ecdsa-plain-with-sha3-256 | |
| SB_CERT_ALGORITHM_SHA3_384_ECDSA_PLAIN | id-ecdsa-plain-with-sha3-384 | |
| SB_CERT_ALGORITHM_SHA3_512_ECDSA_PLAIN | id-ecdsa-plain-with-sha3-512 | |
| SB_CERT_ALGORITHM_ID_DSA_SHA3_224 | id-dsa-with-sha3-224 | |
| SB_CERT_ALGORITHM_ID_DSA_SHA3_256 | id-dsa-with-sha3-256 | |
| SB_CERT_ALGORITHM_BLAKE2S_128_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2s128 | |
| SB_CERT_ALGORITHM_BLAKE2S_160_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2s160 | |
| SB_CERT_ALGORITHM_BLAKE2S_224_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2s224 | |
| SB_CERT_ALGORITHM_BLAKE2S_256_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2s256 | |
| SB_CERT_ALGORITHM_BLAKE2B_160_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2b160 | |
| SB_CERT_ALGORITHM_BLAKE2B_256_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2b256 | |
| SB_CERT_ALGORITHM_BLAKE2B_384_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2b384 | |
| SB_CERT_ALGORITHM_BLAKE2B_512_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2b512 | |
| SB_CERT_ALGORITHM_BLAKE2S_128_ECDSA | id-ecdsa-with-blake2s128 | |
| SB_CERT_ALGORITHM_BLAKE2S_160_ECDSA | id-ecdsa-with-blake2s160 | |
| SB_CERT_ALGORITHM_BLAKE2S_224_ECDSA | id-ecdsa-with-blake2s224 | |
| SB_CERT_ALGORITHM_BLAKE2S_256_ECDSA | id-ecdsa-with-blake2s256 | |
| SB_CERT_ALGORITHM_BLAKE2B_160_ECDSA | id-ecdsa-with-blake2b160 | |
| SB_CERT_ALGORITHM_BLAKE2B_256_ECDSA | id-ecdsa-with-blake2b256 | |
| SB_CERT_ALGORITHM_BLAKE2B_384_ECDSA | id-ecdsa-with-blake2b384 | |
| SB_CERT_ALGORITHM_BLAKE2B_512_ECDSA | id-ecdsa-with-blake2b512 | |
| SB_CERT_ALGORITHM_BLAKE2S_128_ECDSA_PLAIN | id-ecdsa-plain-with-blake2s128 | |
| SB_CERT_ALGORITHM_BLAKE2S_160_ECDSA_PLAIN | id-ecdsa-plain-with-blake2s160 | |
| SB_CERT_ALGORITHM_BLAKE2S_224_ECDSA_PLAIN | id-ecdsa-plain-with-blake2s224 | |
| SB_CERT_ALGORITHM_BLAKE2S_256_ECDSA_PLAIN | id-ecdsa-plain-with-blake2s256 | |
| SB_CERT_ALGORITHM_BLAKE2B_160_ECDSA_PLAIN | id-ecdsa-plain-with-blake2b160 | |
| SB_CERT_ALGORITHM_BLAKE2B_256_ECDSA_PLAIN | id-ecdsa-plain-with-blake2b256 | |
| SB_CERT_ALGORITHM_BLAKE2B_384_ECDSA_PLAIN | id-ecdsa-plain-with-blake2b384 | |
| SB_CERT_ALGORITHM_BLAKE2B_512_ECDSA_PLAIN | id-ecdsa-plain-with-blake2b512 | |
| SB_CERT_ALGORITHM_ID_DSA_BLAKE2S_224 | id-dsa-with-blake2s224 | |
| SB_CERT_ALGORITHM_ID_DSA_BLAKE2S_256 | id-dsa-with-blake2s256 | |
| SB_CERT_ALGORITHM_EDDSA_ED25519 | id-Ed25519 | |
| SB_CERT_ALGORITHM_EDDSA_ED448 | id-Ed448 | |
| SB_CERT_ALGORITHM_EDDSA_ED25519_PH | id-Ed25519ph | |
| SB_CERT_ALGORITHM_EDDSA_ED448_PH | id-Ed448ph | |
| SB_CERT_ALGORITHM_EDDSA | id-EdDSA | |
| SB_CERT_ALGORITHM_EDDSA_SIGNATURE | id-EdDSA-sig |
Constructors
>
constructor Create();
Creates a new ExternalCrypto object with default field values.
Config Settings (OfficeQuickSigner Component)
The component accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the component, access to these internal properties is provided through the Config method.OfficeQuickSigner Config Settings
Sample code that demonstrates adding signature information for OpenXML documents:
signer.NewSignature.XAdES = true;
signer.NewSignature.XAdESForm = xafEPES;
signer.Config("SignatureInfoIncluded=true");
signer.Config("SignatureInfoText=Text");
signer.Config("SignatureInfoComments=Comment");
signer.Config("ClaimedRoleText=Role");
signer.Config("CommitmentTypeIndicationCount=1");
signer.Config("CommitmentTypeIndicationAllSignedDataObjects=true");
signer.Config("CommitmentTypeIndicationIdentifier=http://uri.etsi.org/01903/v1.2.2#ProofOfApproval");
signer.Config("CommitmentTypeIndicationIdentifierDescription=Approved this document");
signer.Config("ProductionPlace=CITY=Test City, ST=Test State, POSTALCODE=Test Code, C=Test Country");
signer.Config("SignatureInfoAddress1=Address1");
signer.Config("SignatureInfoAddress2=Address2");
When the type is 2, both SignatureInfoValidLnImage and SignatureInfoInvalidLnImage images should be specified.
Base Config Settings
You can switch this property off to improve performance if your project only uses known, good private keys.
Supported values are:
| off | No caching (default) | |
| local | Local caching | |
| global | Global caching |
This setting only applies to sessions negotiated with TLS version 1.3.
Supported values are:
| file | File | |
| console | Console | |
| systemlog | System Log (supported for Android only) | |
| debugger | Debugger (supported for VCL for Windows and .Net) |
Supported values are:
| time | Current time | |
| level | Level | |
| package | Package name | |
| module | Module name | |
| class | Class name | |
| method | Method name | |
| threadid | Thread Id | |
| contenttype | Content type | |
| content | Content | |
| all | All details |
Supported filter names are:
| exclude-package | Exclude a package specified in the value | |
| exclude-module | Exclude a module specified in the value | |
| exclude-class | Exclude a class specified in the value | |
| exclude-method | Exclude a method specified in the value | |
| include-package | Include a package specified in the value | |
| include-module | Include a module specified in the value | |
| include-class | Include a class specified in the value | |
| include-method | Include a method specified in the value |
| none | No flush (caching only) | |
| immediate | Immediate flush (real-time logging) | |
| maxcount | Flush cached entries upon reaching LogMaxEventCount entries in the cache. |
Supported values are:
| none | None (by default) | |
| fatal | Severe errors that cause premature termination. | |
| error | Other runtime errors or unexpected conditions. | |
| warning | Use of deprecated APIs, poor use of API, 'almost' errors, other runtime situations that are undesirable or unexpected, but not necessarily "wrong". | |
| info | Interesting runtime events (startup/shutdown). | |
| debug | Detailed information on flow of through the system. | |
| trace | More detailed information. |
The default value of this setting is 100.
| none | No rotation | |
| deleteolder | Delete older entries from the cache upon reaching LogMaxEventCount | |
| keepolder | Keep older entries in the cache upon reaching LogMaxEventCount (newer entries are discarded) |
Supported values are:
| none | No static DNS rules (default) | |
| local | Local static DNS rules | |
| global | Global static DNS rules |
This setting only applies to certificates originating from a Windows system store.
Trappable Errors (OfficeQuickSigner Component)
OfficeQuickSigner Errors
| 1048577 Invalid parameter value (SB_ERROR_INVALID_PARAMETER) | |
| 1048578 Component is configured incorrectly (SB_ERROR_INVALID_SETUP) | |
| 1048579 Operation cannot be executed in the current state (SB_ERROR_INVALID_STATE) | |
| 1048580 Attempt to set an invalid value to a property (SB_ERROR_INVALID_VALUE) | |
| 1048581 Certificate does not have its private key loaded (SB_ERROR_NO_PRIVATE_KEY) | |
| 1048581 Cancelled by the user (SB_ERROR_CANCELLED_BY_USER) | |
| 24117249 Input file does not exist (SB_ERROR_OFFICE_INPUTFILE_NOT_EXISTS) | |
| 24117250 Unsupported document format (SB_ERROR_OFFICE_UNSUPPORTED_DOCUMENT_FORMAT) | |
| 24117251 Document cannot be signed (SB_ERROR_OFFICE_DOCUMENT_NOT_SIGNABLE) | |
| 24117252 Document is not signed (SB_ERROR_OFFICE_DOCUMENT_NOT_SIGNED) | |
| 24117253 Document is encrypted (SB_ERROR_OFFICE_DOCUMENT_ENCRYPTED) | |
| 24117254 Document cannot be encrypted (SB_ERROR_OFFICE_DOCUMENT_NOT_ENCRYPTABLE) | |
| 24117255 Document is not encrypted (SB_ERROR_OFFICE_DOCUMENT_NOT_ENCRYPTED) | |
| 24117256 Unknown encryption algorithm (SB_ERROR_OFFICE_DOCUMENT_UNKNOWN_ENCRYPTION) | |
| 24117257 Invalid password (SB_ERROR_OFFICE_INVALID_PASSWORD) | |
| 24117258 Signature not found (SB_ERROR_OFFICE_SIGNATURE_NOT_FOUND) |