CAdESVerifier Class
Properties Methods Events Config Settings Errors
The CAdESVerifier class is used to validate CAdES signatures.
Class Name
SecureBlackbox_CAdESVerifier
Procedural Interface
secureblackbox_cadesverifier_open(); secureblackbox_cadesverifier_close($res); secureblackbox_cadesverifier_register_callback($res, $id, $function); secureblackbox_cadesverifier_get_last_error($res); secureblackbox_cadesverifier_get_last_error_code($res); secureblackbox_cadesverifier_set($res, $id, $index, $value); secureblackbox_cadesverifier_get($res, $id, $index); secureblackbox_cadesverifier_do_config($res, $configurationstring); secureblackbox_cadesverifier_do_doaction($res, $actionid, $actionparams); secureblackbox_cadesverifier_do_verify($res); secureblackbox_cadesverifier_do_verifydetached($res);
Remarks
CAdESVerifier validates electronic signatures that comply with the Electronic Signatures and Infrastructures (ESI) CMS Advanced Electronic Signatures (CAdES) specification.
Property List
The following is the full list of the properties of the class with short descriptions. Click on the links for further details.
| AllSignaturesValid | The cumulative validity of all signatures. |
| BlockedCertCount | The number of records in the BlockedCert arrays. |
| BlockedCertBytes | Returns the raw certificate data in DER format. |
| BlockedCertHandle | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
| CertCount | The number of records in the Cert arrays. |
| CertBytes | Returns the raw certificate data in DER format. |
| CertCA | Indicates whether the certificate has a CA capability (a setting in the BasicConstraints extension). |
| CertCAKeyID | A unique identifier (fingerprint) of the CA certificate's private key. |
| CertCRLDistributionPoints | Locations of the CRL (Certificate Revocation List) distribution points used to check this certificate's validity. |
| CertCurve | Specifies the elliptic curve of the EC public key. |
| CertFingerprint | Contains the fingerprint (a hash imprint) of this certificate. |
| CertFriendlyName | Contains an associated alias (friendly name) of the certificate. |
| CertHandle | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
| CertHashAlgorithm | Specifies the hash algorithm to be used in the operations on the certificate (such as key signing) SB_HASH_ALGORITHM_SHA1 SHA1 SB_HASH_ALGORITHM_SHA224 SHA224 SB_HASH_ALGORITHM_SHA256 SHA256 SB_HASH_ALGORITHM_SHA384 SHA384 SB_HASH_ALGORITHM_SHA512 SHA512 SB_HASH_ALGORITHM_MD2 MD2 SB_HASH_ALGORITHM_MD4 MD4 SB_HASH_ALGORITHM_MD5 MD5 SB_HASH_ALGORITHM_RIPEMD160 RIPEMD160 SB_HASH_ALGORITHM_CRC32 CRC32 SB_HASH_ALGORITHM_SSL3 SSL3 SB_HASH_ALGORITHM_GOST_R3411_1994 GOST1994 SB_HASH_ALGORITHM_WHIRLPOOL WHIRLPOOL SB_HASH_ALGORITHM_POLY1305 POLY1305 SB_HASH_ALGORITHM_SHA3_224 SHA3_224 SB_HASH_ALGORITHM_SHA3_256 SHA3_256 SB_HASH_ALGORITHM_SHA3_384 SHA3_384 SB_HASH_ALGORITHM_SHA3_512 SHA3_512 SB_HASH_ALGORITHM_BLAKE2S_128 BLAKE2S_128 SB_HASH_ALGORITHM_BLAKE2S_160 BLAKE2S_160 SB_HASH_ALGORITHM_BLAKE2S_224 BLAKE2S_224 SB_HASH_ALGORITHM_BLAKE2S_256 BLAKE2S_256 SB_HASH_ALGORITHM_BLAKE2B_160 BLAKE2B_160 SB_HASH_ALGORITHM_BLAKE2B_256 BLAKE2B_256 SB_HASH_ALGORITHM_BLAKE2B_384 BLAKE2B_384 SB_HASH_ALGORITHM_BLAKE2B_512 BLAKE2B_512 SB_HASH_ALGORITHM_SHAKE_128 SHAKE_128 SB_HASH_ALGORITHM_SHAKE_256 SHAKE_256 SB_HASH_ALGORITHM_SHAKE_128_LEN SHAKE_128_LEN SB_HASH_ALGORITHM_SHAKE_256_LEN SHAKE_256_LEN . |
| CertIssuer | The common name of the certificate issuer (CA), typically a company name. |
| CertIssuerRDN | A collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate issuer. |
| CertKeyAlgorithm | Specifies the public key algorithm of this certificate. |
| CertKeyBits | Returns the length of the public key. |
| CertKeyFingerprint | Returns a fingerprint of the public key contained in the certificate. |
| CertKeyUsage | Indicates the purposes of the key contained in the certificate, in the form of an OR'ed flag set. |
| CertKeyValid | Returns True if the certificate's key is cryptographically valid, and False otherwise. |
| CertOCSPLocations | Locations of OCSP (Online Certificate Status Protocol) services that can be used to check this certificate's validity, as recorded by the CA. |
| CertPolicyIDs | Contains identifiers (OIDs) of the applicable certificate policies. |
| CertPublicKeyBytes | Contains the certificate's public key in DER format. |
| CertSelfSigned | Indicates whether the certificate is self-signed (root) or signed by an external CA. |
| CertSerialNumber | Returns the certificate's serial number. |
| CertSigAlgorithm | Indicates the algorithm that was used by the CA to sign this certificate. |
| CertSubject | The common name of the certificate holder, typically an individual's name, a URL, an e-mail address, or a company name. |
| CertSubjectKeyID | Contains a unique identifier (fingerprint) of the certificate's private key. |
| CertSubjectRDN | A collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate holder (subject). |
| CertValidFrom | The time point at which the certificate becomes valid, in UTC. |
| CertValidTo | The time point at which the certificate expires, in UTC. |
| CRLCount | The number of records in the CRL arrays. |
| CRLBytes | Returns the raw CRL data in DER format. |
| CRLHandle | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
| CRLIssuer | The common name of the CRL issuer (CA), typically a company name. |
| CRLIssuerRDN | A collection of information, in the form of [OID, Value] pairs, uniquely identifying the CRL issuer. |
| CRLLocation | The URL that the CRL was downloaded from. |
| CRLNextUpdate | The planned time and date of the next version of this CRL to be published. |
| CRLThisUpdate | The date and time at which this version of the CRL was published. |
| DataBytes | Use this property to pass the signed data to class in the byte array form. |
| DataFile | A path to the file containing the originally signed data. |
| FIPSMode | Reserved. |
| IgnoreChainValidationErrors | Makes the class tolerant to chain validation errors. |
| InputBytes | Use this property to pass the input to class in byte array form. |
| InputFile | A path to the file containing the signature blob. |
| InputIsHash | Specifies whether the input source contains the hash of the data or the actual data. |
| KnownCertCount | The number of records in the KnownCert arrays. |
| KnownCertBytes | Returns the raw certificate data in DER format. |
| KnownCertHandle | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
| KnownCRLCount | The number of records in the KnownCRL arrays. |
| KnownCRLBytes | Returns the raw CRL data in DER format. |
| KnownCRLHandle | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
| KnownOCSPCount | The number of records in the KnownOCSP arrays. |
| KnownOCSPBytes | A buffer containing the raw OCSP response data. |
| KnownOCSPHandle | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
| OCSPCount | The number of records in the OCSP arrays. |
| OCSPBytes | A buffer containing the raw OCSP response data. |
| OCSPHandle | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
| OCSPIssuer | Indicates the issuer of this response (a CA or its authorized representative). |
| OCSPIssuerRDN | Indicates the RDN of the issuer of this response (a CA or its authorized representative). |
| OCSPLocation | The location of the OCSP responder. |
| OCSPProducedAt | Specifies the time when the response was produced, in UTC. |
| OfflineMode | Switches the class to offline mode. |
| OutputBytes | Use this property to read the output the class object has produced. |
| OutputFile | A path to the file to write the extracted data to. |
| Profile | Specifies a pre-defined profile to apply when creating the signature. |
| ProxyAddress | The IP address of the proxy server. |
| ProxyAuthentication | The authentication type used by the proxy server. |
| ProxyPassword | The password to authenticate to the proxy server. |
| ProxyPort | The port on the proxy server to connect to. |
| ProxyProxyType | The type of the proxy server. |
| ProxyRequestHeaders | Contains HTTP request headers for WebTunnel and HTTP proxy. |
| ProxyResponseBody | Contains the HTTP or HTTPS (WebTunnel) proxy response body. |
| ProxyResponseHeaders | Contains response headers received from an HTTP or HTTPS (WebTunnel) proxy server. |
| ProxyUseIPv6 | Specifies whether IPv6 should be used when connecting through the proxy. |
| ProxyUseProxy | Enables or disables proxy-driven connection. |
| ProxyUsername | Specifies the username credential for proxy authentication. |
| RevocationCheck | Specifies the kind(s) of revocation check to perform for all chain certificates. |
| SignatureChainValidationDetails | The details of a certificate chain validation outcome. |
| SignatureChainValidationResult | The outcome of a certificate chain validation routine. |
| SignatureClaimedSigningTime | Returns or sets signature's creation time. |
| SignatureCompatibilityErrors | Returns compatibility errors encountered during validation. |
| SignatureContentType | The signature content type. |
| SignatureCountersigned | Indicates if the signature is countersigned. |
| SignatureHandle | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
| SignatureHashAlgorithm | Set or returns the hash algorithm used to generate the signature. |
| SignatureIssuerRDN | The Relative Distinguished Name of the signing certificate's issuer. |
| SignatureLastArchivalTime | Indicates the most recent archival time of an archived signature This property returns the time of the most recent archival timestamp applied to the signature. |
| SignatureLevel | Returns the CAdES signature level. |
| SignatureMessageDigest | The binary of the signature's message digest. |
| SignaturePolicyHash | The signature policy hash value. |
| SignaturePolicyHashAlgorithm | The algorithm that was used to calculate the signature policy hash Use this property to get or set the hash algorithm used to calculate the signature policy hash. |
| SignaturePolicyID | The policy ID that was included or to be included into the signature. |
| SignaturePolicyURI | The signature policy URI that was included in the signature. |
| SignaturePublicKeyAlgorithm | Returns the public key algorithm that was used to create the signature. |
| SignatureScope | Returns the type of the entity that this signature corresponds to. |
| SignatureSerialNumber | The serial number of the timestamp. |
| SignatureSignatureBytes | Returns the binary representation of the ASiC signature. |
| SignatureSignatureValidationResult | The outcome of the cryptographic signature validation. |
| SignatureSubjectKeyID | Contains the subject key identifier of the signing certificate. |
| SignatureSubjectRDN | Contains the RDN of the owner of the signing certificate. |
| SignatureTimestamped | Use this property to establish whether the signature contains an embedded timestamp. |
| SignatureValidatedSigningTime | Contains the certified signing time. |
| SignatureValidationLog | Contains the signing certificate's chain validation log. |
| SignedAttributeCount | The number of records in the SignedAttribute arrays. |
| SignedAttributeOID | The object identifier of the attribute. |
| SignedAttributeValue | The value of the attribute. |
| SigningCertBytes | Returns the raw certificate data in DER format. |
| SigningCertCA | Indicates whether the certificate has a CA capability (a setting in the BasicConstraints extension). |
| SigningCertCAKeyID | A unique identifier (fingerprint) of the CA certificate's private key. |
| SigningCertCRLDistributionPoints | Locations of the CRL (Certificate Revocation List) distribution points used to check this certificate's validity. |
| SigningCertCurve | Specifies the elliptic curve of the EC public key. |
| SigningCertFingerprint | Contains the fingerprint (a hash imprint) of this certificate. |
| SigningCertFriendlyName | Contains an associated alias (friendly name) of the certificate. |
| SigningCertHandle | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
| SigningCertHashAlgorithm | Specifies the hash algorithm to be used in the operations on the certificate (such as key signing) SB_HASH_ALGORITHM_SHA1 SHA1 SB_HASH_ALGORITHM_SHA224 SHA224 SB_HASH_ALGORITHM_SHA256 SHA256 SB_HASH_ALGORITHM_SHA384 SHA384 SB_HASH_ALGORITHM_SHA512 SHA512 SB_HASH_ALGORITHM_MD2 MD2 SB_HASH_ALGORITHM_MD4 MD4 SB_HASH_ALGORITHM_MD5 MD5 SB_HASH_ALGORITHM_RIPEMD160 RIPEMD160 SB_HASH_ALGORITHM_CRC32 CRC32 SB_HASH_ALGORITHM_SSL3 SSL3 SB_HASH_ALGORITHM_GOST_R3411_1994 GOST1994 SB_HASH_ALGORITHM_WHIRLPOOL WHIRLPOOL SB_HASH_ALGORITHM_POLY1305 POLY1305 SB_HASH_ALGORITHM_SHA3_224 SHA3_224 SB_HASH_ALGORITHM_SHA3_256 SHA3_256 SB_HASH_ALGORITHM_SHA3_384 SHA3_384 SB_HASH_ALGORITHM_SHA3_512 SHA3_512 SB_HASH_ALGORITHM_BLAKE2S_128 BLAKE2S_128 SB_HASH_ALGORITHM_BLAKE2S_160 BLAKE2S_160 SB_HASH_ALGORITHM_BLAKE2S_224 BLAKE2S_224 SB_HASH_ALGORITHM_BLAKE2S_256 BLAKE2S_256 SB_HASH_ALGORITHM_BLAKE2B_160 BLAKE2B_160 SB_HASH_ALGORITHM_BLAKE2B_256 BLAKE2B_256 SB_HASH_ALGORITHM_BLAKE2B_384 BLAKE2B_384 SB_HASH_ALGORITHM_BLAKE2B_512 BLAKE2B_512 SB_HASH_ALGORITHM_SHAKE_128 SHAKE_128 SB_HASH_ALGORITHM_SHAKE_256 SHAKE_256 SB_HASH_ALGORITHM_SHAKE_128_LEN SHAKE_128_LEN SB_HASH_ALGORITHM_SHAKE_256_LEN SHAKE_256_LEN . |
| SigningCertIssuer | The common name of the certificate issuer (CA), typically a company name. |
| SigningCertIssuerRDN | A collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate issuer. |
| SigningCertKeyAlgorithm | Specifies the public key algorithm of this certificate. |
| SigningCertKeyBits | Returns the length of the public key. |
| SigningCertKeyFingerprint | Returns a fingerprint of the public key contained in the certificate. |
| SigningCertKeyUsage | Indicates the purposes of the key contained in the certificate, in the form of an OR'ed flag set. |
| SigningCertKeyValid | Returns True if the certificate's key is cryptographically valid, and False otherwise. |
| SigningCertOCSPLocations | Locations of OCSP (Online Certificate Status Protocol) services that can be used to check this certificate's validity, as recorded by the CA. |
| SigningCertOCSPNoCheck | Accessor to the value of the certificate's ocsp-no-check extension. |
| SigningCertOrigin | Returns the origin of this certificate. |
| SigningCertPolicyIDs | Contains identifiers (OIDs) of the applicable certificate policies. |
| SigningCertPrivateKeyBytes | Contains the certificate's private key. |
| SigningCertPrivateKeyExists | Indicates whether the certificate has an associated private key. |
| SigningCertPrivateKeyExtractable | Indicates whether the private key is extractable. |
| SigningCertPublicKeyBytes | Contains the certificate's public key in DER format. |
| SigningCertQualifiedStatements | Returns the qualified status of the certificate. |
| SigningCertSelfSigned | Indicates whether the certificate is self-signed (root) or signed by an external CA. |
| SigningCertSerialNumber | Returns the certificate's serial number. |
| SigningCertSigAlgorithm | Indicates the algorithm that was used by the CA to sign this certificate. |
| SigningCertSubject | The common name of the certificate holder, typically an individual's name, a URL, an e-mail address, or a company name. |
| SigningCertSubjectAlternativeName | Returns or sets the value of the Subject Alternative Name extension of the certificate. |
| SigningCertSubjectKeyID | Contains a unique identifier (fingerprint) of the certificate's private key. |
| SigningCertSubjectRDN | A collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate holder (subject). |
| SigningCertValidFrom | The time point at which the certificate becomes valid, in UTC. |
| SigningCertValidTo | The time point at which the certificate expires, in UTC. |
| SocketDNSMode | Selects the DNS resolver to use: the class's (secure) built-in one, or the one provided by the system. |
| SocketDNSPort | Specifies the port number to be used for sending queries to the DNS server. |
| SocketDNSQueryTimeout | The timeout (in milliseconds) for each DNS query. |
| SocketDNSServers | The addresses of DNS servers to use for address resolution, separated by commas or semicolons. |
| SocketDNSTotalTimeout | The timeout (in milliseconds) for the whole resolution process. |
| SocketIncomingSpeedLimit | The maximum number of bytes to read from the socket, per second. |
| SocketLocalAddress | The local network interface to bind the socket to. |
| SocketLocalPort | The local port number to bind the socket to. |
| SocketOutgoingSpeedLimit | The maximum number of bytes to write to the socket, per second. |
| SocketTimeout | The maximum period of waiting, in milliseconds, after which the socket operation is considered unsuccessful. |
| SocketUseIPv6 | Enables or disables IP protocol version 6. |
| TimestampAccuracy | This property indicates the accuracy of the included time mark, in microseconds. |
| TimestampBytes | Returns the raw timestamp data in DER format. |
| TimestampCertificateIndex | Returns the index of the TSA certificate in the Certificates collection. |
| TimestampChainValidationDetails | The details of a certificate chain validation outcome. |
| TimestampChainValidationResult | The outcome of a certificate chain validation routine. |
| TimestampHashAlgorithm | Returns the timestamp's hash algorithm. |
| TimestampSerialNumber | Returns the timestamp's serial number. |
| TimestampSignatureIndex | Returns the index of the owner signature, if applicable. |
| TimestampTime | The time point incorporated into the timestamp. |
| TimestampTimestampType | Returns the type of the timestamp. |
| TimestampTSAName | This value uniquely identifies the Timestamp Authority (TSA). |
| TimestampValidationLog | Contains the TSA certificate chain validation log. |
| TimestampValidationResult | Contains the timestamp validation outcome. |
| TLSClientCertCount | The number of records in the TLSClientCert arrays. |
| TLSClientCertBytes | Returns the raw certificate data in DER format. |
| TLSClientCertHandle | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
| TLSServerCertCount | The number of records in the TLSServerCert arrays. |
| TLSServerCertBytes | Returns the raw certificate data in DER format. |
| TLSServerCertHandle | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
| TLSAutoValidateCertificates | Specifies whether server-side TLS certificates should be validated automatically using internal validation rules. |
| TLSBaseConfiguration | Selects the base configuration for the TLS settings. |
| TLSCiphersuites | A list of ciphersuites separated with commas or semicolons. |
| TLSECCurves | Defines the elliptic curves to enable. |
| TLSExtensions | Provides access to TLS extensions. |
| TLSForceResumeIfDestinationChanges | Whether to force TLS session resumption when the destination address changes. |
| TLSPreSharedIdentity | Defines the identity used when the PSK (Pre-Shared Key) key-exchange mechanism is negotiated. |
| TLSPreSharedKey | Contains the pre-shared key for the PSK (Pre-Shared Key) key-exchange mechanism, encoded with base16. |
| TLSPreSharedKeyCiphersuite | Defines the ciphersuite used for PSK (Pre-Shared Key) negotiation. |
| TLSRenegotiationAttackPreventionMode | Selects the renegotiation attack prevention mechanism. |
| TLSRevocationCheck | Specifies the kind(s) of revocation check to perform. |
| TLSSSLOptions | Various SSL (TLS) protocol options, set of cssloExpectShutdownMessage 0x001 Wait for the close-notify message when shutting down the connection cssloOpenSSLDTLSWorkaround 0x002 (DEPRECATED) Use a DTLS version workaround when talking to very old OpenSSL versions cssloDisableKexLengthAlignment 0x004 Do not align the client-side PMS by the RSA modulus size. |
| TLSTLSMode | Specifies the TLS mode to use. |
| TLSUseExtendedMasterSecret | Enables the Extended Master Secret Extension, as defined in RFC 7627. |
| TLSUseSessionResumption | Enables or disables the TLS session resumption capability. |
| TLSVersions | The SSL/TLS versions to enable by default. |
| TrustedCertCount | The number of records in the TrustedCert arrays. |
| TrustedCertBytes | Returns the raw certificate data in DER format. |
| TrustedCertHandle | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
| TSACertBytes | Returns the raw certificate data in DER format. |
| TSACertCA | Indicates whether the certificate has a CA capability (a setting in the BasicConstraints extension). |
| TSACertCAKeyID | A unique identifier (fingerprint) of the CA certificate's private key. |
| TSACertCRLDistributionPoints | Locations of the CRL (Certificate Revocation List) distribution points used to check this certificate's validity. |
| TSACertCurve | Specifies the elliptic curve of the EC public key. |
| TSACertFingerprint | Contains the fingerprint (a hash imprint) of this certificate. |
| TSACertFriendlyName | Contains an associated alias (friendly name) of the certificate. |
| TSACertHandle | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
| TSACertHashAlgorithm | Specifies the hash algorithm to be used in the operations on the certificate (such as key signing) SB_HASH_ALGORITHM_SHA1 SHA1 SB_HASH_ALGORITHM_SHA224 SHA224 SB_HASH_ALGORITHM_SHA256 SHA256 SB_HASH_ALGORITHM_SHA384 SHA384 SB_HASH_ALGORITHM_SHA512 SHA512 SB_HASH_ALGORITHM_MD2 MD2 SB_HASH_ALGORITHM_MD4 MD4 SB_HASH_ALGORITHM_MD5 MD5 SB_HASH_ALGORITHM_RIPEMD160 RIPEMD160 SB_HASH_ALGORITHM_CRC32 CRC32 SB_HASH_ALGORITHM_SSL3 SSL3 SB_HASH_ALGORITHM_GOST_R3411_1994 GOST1994 SB_HASH_ALGORITHM_WHIRLPOOL WHIRLPOOL SB_HASH_ALGORITHM_POLY1305 POLY1305 SB_HASH_ALGORITHM_SHA3_224 SHA3_224 SB_HASH_ALGORITHM_SHA3_256 SHA3_256 SB_HASH_ALGORITHM_SHA3_384 SHA3_384 SB_HASH_ALGORITHM_SHA3_512 SHA3_512 SB_HASH_ALGORITHM_BLAKE2S_128 BLAKE2S_128 SB_HASH_ALGORITHM_BLAKE2S_160 BLAKE2S_160 SB_HASH_ALGORITHM_BLAKE2S_224 BLAKE2S_224 SB_HASH_ALGORITHM_BLAKE2S_256 BLAKE2S_256 SB_HASH_ALGORITHM_BLAKE2B_160 BLAKE2B_160 SB_HASH_ALGORITHM_BLAKE2B_256 BLAKE2B_256 SB_HASH_ALGORITHM_BLAKE2B_384 BLAKE2B_384 SB_HASH_ALGORITHM_BLAKE2B_512 BLAKE2B_512 SB_HASH_ALGORITHM_SHAKE_128 SHAKE_128 SB_HASH_ALGORITHM_SHAKE_256 SHAKE_256 SB_HASH_ALGORITHM_SHAKE_128_LEN SHAKE_128_LEN SB_HASH_ALGORITHM_SHAKE_256_LEN SHAKE_256_LEN . |
| TSACertIssuer | The common name of the certificate issuer (CA), typically a company name. |
| TSACertIssuerRDN | A collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate issuer. |
| TSACertKeyAlgorithm | Specifies the public key algorithm of this certificate. |
| TSACertKeyBits | Returns the length of the public key. |
| TSACertKeyFingerprint | Returns a fingerprint of the public key contained in the certificate. |
| TSACertKeyUsage | Indicates the purposes of the key contained in the certificate, in the form of an OR'ed flag set. |
| TSACertKeyValid | Returns True if the certificate's key is cryptographically valid, and False otherwise. |
| TSACertOCSPLocations | Locations of OCSP (Online Certificate Status Protocol) services that can be used to check this certificate's validity, as recorded by the CA. |
| TSACertPolicyIDs | Contains identifiers (OIDs) of the applicable certificate policies. |
| TSACertPublicKeyBytes | Contains the certificate's public key in DER format. |
| TSACertSelfSigned | Indicates whether the certificate is self-signed (root) or signed by an external CA. |
| TSACertSerialNumber | Returns the certificate's serial number. |
| TSACertSigAlgorithm | Indicates the algorithm that was used by the CA to sign this certificate. |
| TSACertSubject | The common name of the certificate holder, typically an individual's name, a URL, an e-mail address, or a company name. |
| TSACertSubjectKeyID | Contains a unique identifier (fingerprint) of the certificate's private key. |
| TSACertSubjectRDN | A collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate holder (subject). |
| TSACertValidFrom | The time point at which the certificate becomes valid, in UTC. |
| TSACertValidTo | The time point at which the certificate expires, in UTC. |
| UnsignedAttributeCount | The number of records in the UnsignedAttribute arrays. |
| UnsignedAttributeOID | The object identifier of the attribute. |
| UnsignedAttributeValue | The value of the attribute. |
| ValidationMoment | The time point at which signature validity is to be established. |
Method List
The following is the full list of the methods of the class with short descriptions. Click on the links for further details.
| Config | Sets or retrieves a configuration setting. |
| DoAction | Performs an additional action. |
| Verify | Verifies a digitally signed CAdES message. |
| VerifyDetached | Verifies a detached CAdES signature. |
Event List
The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.
| ChainElementDownload | Fires when there is a need to download a chain element from an online source. |
| ChainElementNeeded | Fires when an element required to validate the chain was not located. |
| ChainValidated | Reports the completion of a certificate chain validation. |
| ChainValidationProgress | This event is fired multiple times during chain validation to report various stages of the validation procedure. |
| Error | Information about errors during CAdES verification. |
| Notification | This event notifies the application about an underlying control flow event. |
| SignatureFound | Signifies the start of individual signature validation. |
| SignatureProcessed | Reports the completion of signature processing. |
| SignatureValidated | Marks the completion of the signature validation routine. |
| TimestampFound | Signifies the start of timestamp validation routine. |
| TimestampProcessed | Reports the completion of the timestamp validation routine. |
| TimestampValidated | Marks the completion of the signature validation routine. |
| TLSCertNeeded | Fires when a remote TLS party requests a client certificate. |
| TLSCertValidate | This event is fired upon receipt of the TLS server's certificate, allowing the user to control its acceptance. |
| TLSEstablished | Fires when a TLS handshake with Host successfully completes. |
| TLSHandshake | Fires when a new TLS handshake is initiated, before the handshake commences. |
| TLSShutdown | Reports the graceful closure of a TLS connection. |
Config Settings
The following is a list of config settings for the class with short descriptions. Click on the links for further details.
| AddReferencesToAllUsedCertsAndRevInfo | whether to include all certificates and revocation references into the signature. |
| AddReferencesToIrrevocableCerts | Whether references to irrevocable certificates should be included into the signature. |
| AddReferenceToSigningCert | Whether a reference to the signing certificate should be included into the signature. |
| AllowPartialValidationInfo | Whether to allow for missing validation info. |
| CmsOptAnnexKArchiveTimestampV2Mode | Toggles use of Annex K method of calculating validation timestamp hashes. |
| CmsOptCheckATSHashIndexElements | Enables extra checks when processing ATSHashIndex attribute. |
| CmsOptCompareRDNAsStrings | Enforces comparison of RDN elements as text strings, rather than their byte encodings. |
| CmsOptDigitPADSSCompatibility | Enables Digit PADSS compatibility mode. |
| CmsOptForceSigningCertificateV2Usage | Enforces use of signing-certificate-v2 attribute. |
| CmsOptIgnoreDERReqInArchiveTimestamps | Switches off DER encoding requirement for archival timestamps. |
| CmsOptImzagerMIMCompatibility | Enables Imzager MIM compatibility mode. |
| CmsOptIncludeCertToAttributes | Regulates whether to include the signing certificate to the signature as the signing-certificate attribute. |
| CmsOptIncludeCertToMessage | Regulates whether to include the signing certificate and its chain to the CMS. |
| CmsOptInsertContentType | Regulates whether the content-type time attribute should be included in the signature structure. |
| CmsOptInsertMessageDigests | Regulates whether the message-digest signed attribute should be included in the signature structure. |
| CmsOptInsertSigningTime | Regulates whether the signing-time attribute should be included in the signature structure. |
| CmsOptSkipEnvContentInfoOnSigArchival | Excludes hashing of enveloped content when calculating an archival timestamp. |
| CmsOptUseATSHashIndexV1 | Enables use of ATSHashIndexV1 attribute. |
| CmsOptUseGeneralizedTimeFormat | Enables or disables encoding of the signing-time attribute using ASN.1 GENERALIZEDTIME type. |
| CmsOptUseGenericSigAlgorithmOIDs | Enables use of generic signature algorithm OIDs in the signature. |
| CmsOptUsePlainContentForTimestampHashes | Makes CAdESSigner ignore ASN.1 content formatting when calculating timestamp hashes. |
| DeepCountersignatureValidation | Whether to validate countersignatures. |
| DeepTimestampValidation | Whether to perform deep validation of all timestamps. |
| DislikeOpenEndedOCSPs | Tells the class to discourage OCSP responses without an explicit NextUpdate parameter. |
| ForceCompleteChainValidation | Whether to check the CA certificates when the signing certificate is invalid. |
| ForceCompleteChainValidationForTrusted | Whether to continue with the full validation up to the root CA certificate for mid-level trust anchors. |
| GracePeriod | Specifies a grace period to apply during revocation information checks. |
| IgnoreChainLoops | Whether chain loops should be ignored. |
| IgnoreChainValidationErrors | Makes the class ignore chain validation issues. |
| IgnoreOCSPNoCheckExtension | Whether the OCSP NoCheck extension should be ignored. |
| IgnoreSystemTrust | Whether trusted Windows Certificate Stores should be treated as trusted. |
| ImplicitlyTrustSelfSignedCertificates | Whether to trust self-signed certificates. |
| PolicyExplicitText | The explicit text of the user notice. |
| PolicyUNNumbers | The noticeNumbers part of the NoticeReference CAdES attribute. |
| PolicyUNOrganization | The organization part of the NoticeReference qualifier. |
| PromoteLongOCSPResponses | Whether long OCSP responses are requested. |
| PSSUsed | Whether RSASSA-PSS mode was used. |
| ReportInvalidTimestamps | Whether to rise errors on invalid timestamps. |
| SkipValidationTimestampedSignatures | Whether to validate signatures with validation timestamps. |
| TempPath | Path for storing temporary files. |
| TolerateMinorChainIssues | Whether to tolerate minor chain issues. |
| UseArchivalTimestampV3 | Whether to apply archival timestamp V3. |
| UseMicrosoftCTL | Enables or disables the automatic use of the Microsoft online certificate trust list. |
| UseSystemCertificates | Enables or disables the use of the system certificates. |
| UseValidationCache | Enables or disable the use of the product-wide certificate chain validation cache. |
| CheckKeyIntegrityBeforeUse | Enables or disable private key integrity check before use. |
| CookieCaching | Specifies whether a cookie cache should be used for HTTP(S) transports. |
| Cookies | Gets or sets local cookies for the class. |
| DefDeriveKeyIterations | Specifies the default key derivation algorithm iteration count. |
| EnableClientSideSSLFFDHE | Enables or disables finite field DHE key exchange support in TLS clients. |
| GlobalCookies | Gets or sets global cookies for all the HTTP transports. |
| HttpUserAgent | Specifies the user agent name to be used by all HTTP clients. |
| LogDestination | Specifies the debug log destination. |
| LogDetails | Specifies the debug log details to dump. |
| LogFile | Specifies the debug log filename. |
| LogFilters | Specifies the debug log filters. |
| LogFlushMode | Specifies the log flush mode. |
| LogLevel | Specifies the debug log level. |
| LogMaxEventCount | Specifies the maximum number of events to cache before further action is taken. |
| LogRotationMode | Specifies the log rotation mode. |
| MaxASN1BufferLength | Specifies the maximal allowed length for ASN.1 primitive tag data. |
| MaxASN1TreeDepth | Specifies the maximal depth for processed ASN.1 trees. |
| OCSPHashAlgorithm | Specifies the hash algorithm to be used to identify certificates in OCSP requests. |
| StaticDNS | Specifies whether static DNS rules should be used. |
| StaticIPAddress[domain] | Gets or sets an IP address for the specified domain name. |
| StaticIPAddresses | Gets or sets all the static DNS rules. |
| Tag | Allows to store any custom data. |
| TLSSessionGroup | Specifies the group name of TLS sessions to be used for session resumption. |
| TLSSessionLifetime | Specifies lifetime in seconds of the cached TLS session. |
| TLSSessionPurgeInterval | Specifies how often the session cache should remove the expired TLS sessions. |
| UseOwnDNSResolver | Specifies whether the client classes should use own DNS resolver. |
| UseSharedSystemStorages | Specifies whether the validation engine should use a global per-process copy of the system certificate stores. |
| UseSystemOAEPAndPSS | Enforces or disables the use of system-driven RSA OAEP and PSS computations. |
| UseSystemRandom | Enables or disables the use of the OS PRNG. |
AllSignaturesValid Property (SecureBlackbox_CAdESVerifier Class)
The cumulative validity of all signatures.
Object Oriented Interface
public function getAllSignaturesValid();
Procedural Interface
secureblackbox_cadesverifier_get($res, 1 );
Default Value
false
Remarks
Use this property to check if all the signatures found in the message or document are valid.
This property is read-only and not available at design time.
Data Type
Boolean
BlockedCertCount Property (SecureBlackbox_CAdESVerifier Class)
The number of records in the BlockedCert arrays.
Object Oriented Interface
public function getBlockedCertCount(); public function setBlockedCertCount($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 2 ); secureblackbox_cadesverifier_set($res, 2, $value );
Default Value
0
Remarks
This property controls the size of the following arrays:
The array indices start at 0 and end at BlockedCertCount - 1.This property is not available at design time.
Data Type
Integer
BlockedCertBytes Property (SecureBlackbox_CAdESVerifier Class)
Returns the raw certificate data in DER format.
Object Oriented Interface
public function getBlockedCertBytes($blockedcertindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 3 , $blockedcertindex);
Remarks
Returns the raw certificate data in DER format.
The $blockedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the BlockedCertCount property.
This property is read-only and not available at design time.
Data Type
Byte Array
BlockedCertHandle Property (SecureBlackbox_CAdESVerifier Class)
Allows to get or set a 'handle', a unique identifier of the underlying property object.
Object Oriented Interface
public function getBlockedCertHandle($blockedcertindex); public function setBlockedCertHandle($blockedcertindex, $value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 10 , $blockedcertindex); secureblackbox_cadesverifier_set($res, 10, $value , $blockedcertindex);
Default Value
0
Remarks
Allows to get or set a 'handle', a unique identifier of the underlying property object. Use this property to assign objects of the same type in a quicker manner, without copying them fieldwise.
When you pass a handle of one object to another, the source object is copied to the destination rather than assigned. It is safe to get rid of the original object
after such operation.
pdfSigner.setSigningCertHandle(certMgr.getCertHandle());
The $blockedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the BlockedCertCount property.
This property is not available at design time.
Data Type
Long64
CertCount Property (SecureBlackbox_CAdESVerifier Class)
The number of records in the Cert arrays.
Object Oriented Interface
public function getCertCount();
Procedural Interface
secureblackbox_cadesverifier_get($res, 37 );
Default Value
0
Remarks
This property controls the size of the following arrays:
- CertBytes
- CertCA
- CertCAKeyID
- CertCRLDistributionPoints
- CertCurve
- CertFingerprint
- CertFriendlyName
- CertHandle
- CertHashAlgorithm
- CertIssuer
- CertIssuerRDN
- CertKeyAlgorithm
- CertKeyBits
- CertKeyFingerprint
- CertKeyUsage
- CertKeyValid
- CertOCSPLocations
- CertPolicyIDs
- CertPublicKeyBytes
- CertSelfSigned
- CertSerialNumber
- CertSigAlgorithm
- CertSubject
- CertSubjectKeyID
- CertSubjectRDN
- CertValidFrom
- CertValidTo
This property is read-only and not available at design time.
Data Type
Integer
CertBytes Property (SecureBlackbox_CAdESVerifier Class)
Returns the raw certificate data in DER format.
Object Oriented Interface
public function getCertBytes($certindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 38 , $certindex);
Remarks
Returns the raw certificate data in DER format.
The $certindex parameter specifies the index of the item in the array. The size of the array is controlled by the CertCount property.
This property is read-only and not available at design time.
Data Type
Byte Array
CertCA Property (SecureBlackbox_CAdESVerifier Class)
Indicates whether the certificate has a CA capability (a setting in the BasicConstraints extension).
Object Oriented Interface
public function getCertCA($certindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 39 , $certindex);
Default Value
false
Remarks
Indicates whether the certificate has a CA capability (a setting in the BasicConstraints extension).
The $certindex parameter specifies the index of the item in the array. The size of the array is controlled by the CertCount property.
This property is read-only and not available at design time.
Data Type
Boolean
CertCAKeyID Property (SecureBlackbox_CAdESVerifier Class)
A unique identifier (fingerprint) of the CA certificate's private key.
Object Oriented Interface
public function getCertCAKeyID($certindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 40 , $certindex);
Remarks
A unique identifier (fingerprint) of the CA certificate's private key.
Authority Key Identifier is a (non-critical) X.509 certificate extension which allows the identification of certificates produced by the same issuer, but with different public keys.
The $certindex parameter specifies the index of the item in the array. The size of the array is controlled by the CertCount property.
This property is read-only and not available at design time.
Data Type
Byte Array
CertCRLDistributionPoints Property (SecureBlackbox_CAdESVerifier Class)
Locations of the CRL (Certificate Revocation List) distribution points used to check this certificate's validity.
Object Oriented Interface
public function getCertCRLDistributionPoints($certindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 41 , $certindex);
Default Value
''
Remarks
Locations of the CRL (Certificate Revocation List) distribution points used to check this certificate's validity.
The $certindex parameter specifies the index of the item in the array. The size of the array is controlled by the CertCount property.
This property is read-only and not available at design time.
Data Type
String
CertCurve Property (SecureBlackbox_CAdESVerifier Class)
Specifies the elliptic curve of the EC public key.
Object Oriented Interface
public function getCertCurve($certindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 42 , $certindex);
Default Value
''
Remarks
Specifies the elliptic curve of the EC public key.
| SB_EC_SECP112R1 | SECP112R1 | |
| SB_EC_SECP112R2 | SECP112R2 | |
| SB_EC_SECP128R1 | SECP128R1 | |
| SB_EC_SECP128R2 | SECP128R2 | |
| SB_EC_SECP160K1 | SECP160K1 | |
| SB_EC_SECP160R1 | SECP160R1 | |
| SB_EC_SECP160R2 | SECP160R2 | |
| SB_EC_SECP192K1 | SECP192K1 | |
| SB_EC_SECP192R1 | SECP192R1 | |
| SB_EC_SECP224K1 | SECP224K1 | |
| SB_EC_SECP224R1 | SECP224R1 | |
| SB_EC_SECP256K1 | SECP256K1 | |
| SB_EC_SECP256R1 | SECP256R1 | |
| SB_EC_SECP384R1 | SECP384R1 | |
| SB_EC_SECP521R1 | SECP521R1 | |
| SB_EC_SECT113R1 | SECT113R1 | |
| SB_EC_SECT113R2 | SECT113R2 | |
| SB_EC_SECT131R1 | SECT131R1 | |
| SB_EC_SECT131R2 | SECT131R2 | |
| SB_EC_SECT163K1 | SECT163K1 | |
| SB_EC_SECT163R1 | SECT163R1 | |
| SB_EC_SECT163R2 | SECT163R2 | |
| SB_EC_SECT193R1 | SECT193R1 | |
| SB_EC_SECT193R2 | SECT193R2 | |
| SB_EC_SECT233K1 | SECT233K1 | |
| SB_EC_SECT233R1 | SECT233R1 | |
| SB_EC_SECT239K1 | SECT239K1 | |
| SB_EC_SECT283K1 | SECT283K1 | |
| SB_EC_SECT283R1 | SECT283R1 | |
| SB_EC_SECT409K1 | SECT409K1 | |
| SB_EC_SECT409R1 | SECT409R1 | |
| SB_EC_SECT571K1 | SECT571K1 | |
| SB_EC_SECT571R1 | SECT571R1 | |
| SB_EC_PRIME192V1 | PRIME192V1 | |
| SB_EC_PRIME192V2 | PRIME192V2 | |
| SB_EC_PRIME192V3 | PRIME192V3 | |
| SB_EC_PRIME239V1 | PRIME239V1 | |
| SB_EC_PRIME239V2 | PRIME239V2 | |
| SB_EC_PRIME239V3 | PRIME239V3 | |
| SB_EC_PRIME256V1 | PRIME256V1 | |
| SB_EC_C2PNB163V1 | C2PNB163V1 | |
| SB_EC_C2PNB163V2 | C2PNB163V2 | |
| SB_EC_C2PNB163V3 | C2PNB163V3 | |
| SB_EC_C2PNB176W1 | C2PNB176W1 | |
| SB_EC_C2TNB191V1 | C2TNB191V1 | |
| SB_EC_C2TNB191V2 | C2TNB191V2 | |
| SB_EC_C2TNB191V3 | C2TNB191V3 | |
| SB_EC_C2ONB191V4 | C2ONB191V4 | |
| SB_EC_C2ONB191V5 | C2ONB191V5 | |
| SB_EC_C2PNB208W1 | C2PNB208W1 | |
| SB_EC_C2TNB239V1 | C2TNB239V1 | |
| SB_EC_C2TNB239V2 | C2TNB239V2 | |
| SB_EC_C2TNB239V3 | C2TNB239V3 | |
| SB_EC_C2ONB239V4 | C2ONB239V4 | |
| SB_EC_C2ONB239V5 | C2ONB239V5 | |
| SB_EC_C2PNB272W1 | C2PNB272W1 | |
| SB_EC_C2PNB304W1 | C2PNB304W1 | |
| SB_EC_C2TNB359V1 | C2TNB359V1 | |
| SB_EC_C2PNB368W1 | C2PNB368W1 | |
| SB_EC_C2TNB431R1 | C2TNB431R1 | |
| SB_EC_NISTP192 | NISTP192 | |
| SB_EC_NISTP224 | NISTP224 | |
| SB_EC_NISTP256 | NISTP256 | |
| SB_EC_NISTP384 | NISTP384 | |
| SB_EC_NISTP521 | NISTP521 | |
| SB_EC_NISTB163 | NISTB163 | |
| SB_EC_NISTB233 | NISTB233 | |
| SB_EC_NISTB283 | NISTB283 | |
| SB_EC_NISTB409 | NISTB409 | |
| SB_EC_NISTB571 | NISTB571 | |
| SB_EC_NISTK163 | NISTK163 | |
| SB_EC_NISTK233 | NISTK233 | |
| SB_EC_NISTK283 | NISTK283 | |
| SB_EC_NISTK409 | NISTK409 | |
| SB_EC_NISTK571 | NISTK571 | |
| SB_EC_GOSTCPTEST | GOSTCPTEST | |
| SB_EC_GOSTCPA | GOSTCPA | |
| SB_EC_GOSTCPB | GOSTCPB | |
| SB_EC_GOSTCPC | GOSTCPC | |
| SB_EC_GOSTCPXCHA | GOSTCPXCHA | |
| SB_EC_GOSTCPXCHB | GOSTCPXCHB | |
| SB_EC_BRAINPOOLP160R1 | BRAINPOOLP160R1 | |
| SB_EC_BRAINPOOLP160T1 | BRAINPOOLP160T1 | |
| SB_EC_BRAINPOOLP192R1 | BRAINPOOLP192R1 | |
| SB_EC_BRAINPOOLP192T1 | BRAINPOOLP192T1 | |
| SB_EC_BRAINPOOLP224R1 | BRAINPOOLP224R1 | |
| SB_EC_BRAINPOOLP224T1 | BRAINPOOLP224T1 | |
| SB_EC_BRAINPOOLP256R1 | BRAINPOOLP256R1 | |
| SB_EC_BRAINPOOLP256T1 | BRAINPOOLP256T1 | |
| SB_EC_BRAINPOOLP320R1 | BRAINPOOLP320R1 | |
| SB_EC_BRAINPOOLP320T1 | BRAINPOOLP320T1 | |
| SB_EC_BRAINPOOLP384R1 | BRAINPOOLP384R1 | |
| SB_EC_BRAINPOOLP384T1 | BRAINPOOLP384T1 | |
| SB_EC_BRAINPOOLP512R1 | BRAINPOOLP512R1 | |
| SB_EC_BRAINPOOLP512T1 | BRAINPOOLP512T1 | |
| SB_EC_CURVE25519 | CURVE25519 | |
| SB_EC_CURVE448 | CURVE448 |
The $certindex parameter specifies the index of the item in the array. The size of the array is controlled by the CertCount property.
This property is read-only and not available at design time.
Data Type
String
CertFingerprint Property (SecureBlackbox_CAdESVerifier Class)
Contains the fingerprint (a hash imprint) of this certificate.
Object Oriented Interface
public function getCertFingerprint($certindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 43 , $certindex);
Remarks
Contains the fingerprint (a hash imprint) of this certificate.
The $certindex parameter specifies the index of the item in the array. The size of the array is controlled by the CertCount property.
This property is read-only and not available at design time.
Data Type
Byte Array
CertFriendlyName Property (SecureBlackbox_CAdESVerifier Class)
Contains an associated alias (friendly name) of the certificate.
Object Oriented Interface
public function getCertFriendlyName($certindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 44 , $certindex);
Default Value
''
Remarks
Contains an associated alias (friendly name) of the certificate.
The $certindex parameter specifies the index of the item in the array. The size of the array is controlled by the CertCount property.
This property is read-only and not available at design time.
Data Type
String
CertHandle Property (SecureBlackbox_CAdESVerifier Class)
Allows to get or set a 'handle', a unique identifier of the underlying property object.
Object Oriented Interface
public function getCertHandle($certindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 45 , $certindex);
Default Value
0
Remarks
Allows to get or set a 'handle', a unique identifier of the underlying property object. Use this property to assign objects of the same type in a quicker manner, without copying them fieldwise.
When you pass a handle of one object to another, the source object is copied to the destination rather than assigned. It is safe to get rid of the original object
after such operation.
pdfSigner.setSigningCertHandle(certMgr.getCertHandle());
The $certindex parameter specifies the index of the item in the array. The size of the array is controlled by the CertCount property.
This property is read-only and not available at design time.
Data Type
Long64
CertHashAlgorithm Property (SecureBlackbox_CAdESVerifier Class)
Specifies the hash algorithm to be used in the operations on the certificate (such as key signing) SB_HASH_ALGORITHM_SHA1 SHA1 SB_HASH_ALGORITHM_SHA224 SHA224 SB_HASH_ALGORITHM_SHA256 SHA256 SB_HASH_ALGORITHM_SHA384 SHA384 SB_HASH_ALGORITHM_SHA512 SHA512 SB_HASH_ALGORITHM_MD2 MD2 SB_HASH_ALGORITHM_MD4 MD4 SB_HASH_ALGORITHM_MD5 MD5 SB_HASH_ALGORITHM_RIPEMD160 RIPEMD160 SB_HASH_ALGORITHM_CRC32 CRC32 SB_HASH_ALGORITHM_SSL3 SSL3 SB_HASH_ALGORITHM_GOST_R3411_1994 GOST1994 SB_HASH_ALGORITHM_WHIRLPOOL WHIRLPOOL SB_HASH_ALGORITHM_POLY1305 POLY1305 SB_HASH_ALGORITHM_SHA3_224 SHA3_224 SB_HASH_ALGORITHM_SHA3_256 SHA3_256 SB_HASH_ALGORITHM_SHA3_384 SHA3_384 SB_HASH_ALGORITHM_SHA3_512 SHA3_512 SB_HASH_ALGORITHM_BLAKE2S_128 BLAKE2S_128 SB_HASH_ALGORITHM_BLAKE2S_160 BLAKE2S_160 SB_HASH_ALGORITHM_BLAKE2S_224 BLAKE2S_224 SB_HASH_ALGORITHM_BLAKE2S_256 BLAKE2S_256 SB_HASH_ALGORITHM_BLAKE2B_160 BLAKE2B_160 SB_HASH_ALGORITHM_BLAKE2B_256 BLAKE2B_256 SB_HASH_ALGORITHM_BLAKE2B_384 BLAKE2B_384 SB_HASH_ALGORITHM_BLAKE2B_512 BLAKE2B_512 SB_HASH_ALGORITHM_SHAKE_128 SHAKE_128 SB_HASH_ALGORITHM_SHAKE_256 SHAKE_256 SB_HASH_ALGORITHM_SHAKE_128_LEN SHAKE_128_LEN SB_HASH_ALGORITHM_SHAKE_256_LEN SHAKE_256_LEN .
Object Oriented Interface
public function getCertHashAlgorithm($certindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 46 , $certindex);
Default Value
''
Remarks
Specifies the hash algorithm to be used in the operations on the certificate (such as key signing)
| SB_HASH_ALGORITHM_SHA1 | SHA1 | |
| SB_HASH_ALGORITHM_SHA224 | SHA224 | |
| SB_HASH_ALGORITHM_SHA256 | SHA256 | |
| SB_HASH_ALGORITHM_SHA384 | SHA384 | |
| SB_HASH_ALGORITHM_SHA512 | SHA512 | |
| SB_HASH_ALGORITHM_MD2 | MD2 | |
| SB_HASH_ALGORITHM_MD4 | MD4 | |
| SB_HASH_ALGORITHM_MD5 | MD5 | |
| SB_HASH_ALGORITHM_RIPEMD160 | RIPEMD160 | |
| SB_HASH_ALGORITHM_CRC32 | CRC32 | |
| SB_HASH_ALGORITHM_SSL3 | SSL3 | |
| SB_HASH_ALGORITHM_GOST_R3411_1994 | GOST1994 | |
| SB_HASH_ALGORITHM_WHIRLPOOL | WHIRLPOOL | |
| SB_HASH_ALGORITHM_POLY1305 | POLY1305 | |
| SB_HASH_ALGORITHM_SHA3_224 | SHA3_224 | |
| SB_HASH_ALGORITHM_SHA3_256 | SHA3_256 | |
| SB_HASH_ALGORITHM_SHA3_384 | SHA3_384 | |
| SB_HASH_ALGORITHM_SHA3_512 | SHA3_512 | |
| SB_HASH_ALGORITHM_BLAKE2S_128 | BLAKE2S_128 | |
| SB_HASH_ALGORITHM_BLAKE2S_160 | BLAKE2S_160 | |
| SB_HASH_ALGORITHM_BLAKE2S_224 | BLAKE2S_224 | |
| SB_HASH_ALGORITHM_BLAKE2S_256 | BLAKE2S_256 | |
| SB_HASH_ALGORITHM_BLAKE2B_160 | BLAKE2B_160 | |
| SB_HASH_ALGORITHM_BLAKE2B_256 | BLAKE2B_256 | |
| SB_HASH_ALGORITHM_BLAKE2B_384 | BLAKE2B_384 | |
| SB_HASH_ALGORITHM_BLAKE2B_512 | BLAKE2B_512 | |
| SB_HASH_ALGORITHM_SHAKE_128 | SHAKE_128 | |
| SB_HASH_ALGORITHM_SHAKE_256 | SHAKE_256 | |
| SB_HASH_ALGORITHM_SHAKE_128_LEN | SHAKE_128_LEN | |
| SB_HASH_ALGORITHM_SHAKE_256_LEN | SHAKE_256_LEN |
The $certindex parameter specifies the index of the item in the array. The size of the array is controlled by the CertCount property.
This property is read-only and not available at design time.
Data Type
String
CertIssuer Property (SecureBlackbox_CAdESVerifier Class)
The common name of the certificate issuer (CA), typically a company name.
Object Oriented Interface
public function getCertIssuer($certindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 47 , $certindex);
Default Value
''
Remarks
The common name of the certificate issuer (CA), typically a company name.
The $certindex parameter specifies the index of the item in the array. The size of the array is controlled by the CertCount property.
This property is read-only and not available at design time.
Data Type
String
CertIssuerRDN Property (SecureBlackbox_CAdESVerifier Class)
A collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate issuer.
Object Oriented Interface
public function getCertIssuerRDN($certindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 48 , $certindex);
Default Value
''
Remarks
A collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate issuer.
The $certindex parameter specifies the index of the item in the array. The size of the array is controlled by the CertCount property.
This property is read-only and not available at design time.
Data Type
String
CertKeyAlgorithm Property (SecureBlackbox_CAdESVerifier Class)
Specifies the public key algorithm of this certificate.
Object Oriented Interface
public function getCertKeyAlgorithm($certindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 49 , $certindex);
Default Value
'0'
Remarks
Specifies the public key algorithm of this certificate.
| SB_CERT_ALGORITHM_ID_RSA_ENCRYPTION | rsaEncryption | |
| SB_CERT_ALGORITHM_MD2_RSA_ENCRYPTION | md2withRSAEncryption | |
| SB_CERT_ALGORITHM_MD5_RSA_ENCRYPTION | md5withRSAEncryption | |
| SB_CERT_ALGORITHM_SHA1_RSA_ENCRYPTION | sha1withRSAEncryption | |
| SB_CERT_ALGORITHM_ID_DSA | id-dsa | |
| SB_CERT_ALGORITHM_ID_DSA_SHA1 | id-dsa-with-sha1 | |
| SB_CERT_ALGORITHM_DH_PUBLIC | dhpublicnumber | |
| SB_CERT_ALGORITHM_SHA224_RSA_ENCRYPTION | sha224WithRSAEncryption | |
| SB_CERT_ALGORITHM_SHA256_RSA_ENCRYPTION | sha256WithRSAEncryption | |
| SB_CERT_ALGORITHM_SHA384_RSA_ENCRYPTION | sha384WithRSAEncryption | |
| SB_CERT_ALGORITHM_SHA512_RSA_ENCRYPTION | sha512WithRSAEncryption | |
| SB_CERT_ALGORITHM_ID_RSAPSS | id-RSASSA-PSS | |
| SB_CERT_ALGORITHM_ID_RSAOAEP | id-RSAES-OAEP | |
| SB_CERT_ALGORITHM_RSASIGNATURE_RIPEMD160 | ripemd160withRSA | |
| SB_CERT_ALGORITHM_ID_ELGAMAL | elGamal | |
| SB_CERT_ALGORITHM_SHA1_ECDSA | ecdsa-with-SHA1 | |
| SB_CERT_ALGORITHM_RECOMMENDED_ECDSA | ecdsa-recommended | |
| SB_CERT_ALGORITHM_SHA224_ECDSA | ecdsa-with-SHA224 | |
| SB_CERT_ALGORITHM_SHA256_ECDSA | ecdsa-with-SHA256 | |
| SB_CERT_ALGORITHM_SHA384_ECDSA | ecdsa-with-SHA384 | |
| SB_CERT_ALGORITHM_SHA512_ECDSA | ecdsa-with-SHA512 | |
| SB_CERT_ALGORITHM_EC | id-ecPublicKey | |
| SB_CERT_ALGORITHM_SPECIFIED_ECDSA | ecdsa-specified | |
| SB_CERT_ALGORITHM_GOST_R3410_1994 | id-GostR3410-94 | |
| SB_CERT_ALGORITHM_GOST_R3410_2001 | id-GostR3410-2001 | |
| SB_CERT_ALGORITHM_GOST_R3411_WITH_R3410_1994 | id-GostR3411-94-with-GostR3410-94 | |
| SB_CERT_ALGORITHM_GOST_R3411_WITH_R3410_2001 | id-GostR3411-94-with-GostR3410-2001 | |
| SB_CERT_ALGORITHM_SHA1_ECDSA_PLAIN | ecdsa-plain-SHA1 | |
| SB_CERT_ALGORITHM_SHA224_ECDSA_PLAIN | ecdsa-plain-SHA224 | |
| SB_CERT_ALGORITHM_SHA256_ECDSA_PLAIN | ecdsa-plain-SHA256 | |
| SB_CERT_ALGORITHM_SHA384_ECDSA_PLAIN | ecdsa-plain-SHA384 | |
| SB_CERT_ALGORITHM_SHA512_ECDSA_PLAIN | ecdsa-plain-SHA512 | |
| SB_CERT_ALGORITHM_RIPEMD160_ECDSA_PLAIN | ecdsa-plain-RIPEMD160 | |
| SB_CERT_ALGORITHM_WHIRLPOOL_RSA_ENCRYPTION | whirlpoolWithRSAEncryption | |
| SB_CERT_ALGORITHM_ID_DSA_SHA224 | id-dsa-with-sha224 | |
| SB_CERT_ALGORITHM_ID_DSA_SHA256 | id-dsa-with-sha256 | |
| SB_CERT_ALGORITHM_SHA3_224_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-sha3-224 | |
| SB_CERT_ALGORITHM_SHA3_256_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-sha3-256 | |
| SB_CERT_ALGORITHM_SHA3_384_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-sha3-384 | |
| SB_CERT_ALGORITHM_SHA3_512_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-sha3-512 | |
| SB_CERT_ALGORITHM_SHA3_224_ECDSA | id-ecdsa-with-sha3-224 | |
| SB_CERT_ALGORITHM_SHA3_256_ECDSA | id-ecdsa-with-sha3-256 | |
| SB_CERT_ALGORITHM_SHA3_384_ECDSA | id-ecdsa-with-sha3-384 | |
| SB_CERT_ALGORITHM_SHA3_512_ECDSA | id-ecdsa-with-sha3-512 | |
| SB_CERT_ALGORITHM_SHA3_224_ECDSA_PLAIN | id-ecdsa-plain-with-sha3-224 | |
| SB_CERT_ALGORITHM_SHA3_256_ECDSA_PLAIN | id-ecdsa-plain-with-sha3-256 | |
| SB_CERT_ALGORITHM_SHA3_384_ECDSA_PLAIN | id-ecdsa-plain-with-sha3-384 | |
| SB_CERT_ALGORITHM_SHA3_512_ECDSA_PLAIN | id-ecdsa-plain-with-sha3-512 | |
| SB_CERT_ALGORITHM_ID_DSA_SHA3_224 | id-dsa-with-sha3-224 | |
| SB_CERT_ALGORITHM_ID_DSA_SHA3_256 | id-dsa-with-sha3-256 | |
| SB_CERT_ALGORITHM_BLAKE2S_128_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2s128 | |
| SB_CERT_ALGORITHM_BLAKE2S_160_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2s160 | |
| SB_CERT_ALGORITHM_BLAKE2S_224_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2s224 | |
| SB_CERT_ALGORITHM_BLAKE2S_256_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2s256 | |
| SB_CERT_ALGORITHM_BLAKE2B_160_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2b160 | |
| SB_CERT_ALGORITHM_BLAKE2B_256_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2b256 | |
| SB_CERT_ALGORITHM_BLAKE2B_384_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2b384 | |
| SB_CERT_ALGORITHM_BLAKE2B_512_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2b512 | |
| SB_CERT_ALGORITHM_BLAKE2S_128_ECDSA | id-ecdsa-with-blake2s128 | |
| SB_CERT_ALGORITHM_BLAKE2S_160_ECDSA | id-ecdsa-with-blake2s160 | |
| SB_CERT_ALGORITHM_BLAKE2S_224_ECDSA | id-ecdsa-with-blake2s224 | |
| SB_CERT_ALGORITHM_BLAKE2S_256_ECDSA | id-ecdsa-with-blake2s256 | |
| SB_CERT_ALGORITHM_BLAKE2B_160_ECDSA | id-ecdsa-with-blake2b160 | |
| SB_CERT_ALGORITHM_BLAKE2B_256_ECDSA | id-ecdsa-with-blake2b256 | |
| SB_CERT_ALGORITHM_BLAKE2B_384_ECDSA | id-ecdsa-with-blake2b384 | |
| SB_CERT_ALGORITHM_BLAKE2B_512_ECDSA | id-ecdsa-with-blake2b512 | |
| SB_CERT_ALGORITHM_BLAKE2S_128_ECDSA_PLAIN | id-ecdsa-plain-with-blake2s128 | |
| SB_CERT_ALGORITHM_BLAKE2S_160_ECDSA_PLAIN | id-ecdsa-plain-with-blake2s160 | |
| SB_CERT_ALGORITHM_BLAKE2S_224_ECDSA_PLAIN | id-ecdsa-plain-with-blake2s224 | |
| SB_CERT_ALGORITHM_BLAKE2S_256_ECDSA_PLAIN | id-ecdsa-plain-with-blake2s256 | |
| SB_CERT_ALGORITHM_BLAKE2B_160_ECDSA_PLAIN | id-ecdsa-plain-with-blake2b160 | |
| SB_CERT_ALGORITHM_BLAKE2B_256_ECDSA_PLAIN | id-ecdsa-plain-with-blake2b256 | |
| SB_CERT_ALGORITHM_BLAKE2B_384_ECDSA_PLAIN | id-ecdsa-plain-with-blake2b384 | |
| SB_CERT_ALGORITHM_BLAKE2B_512_ECDSA_PLAIN | id-ecdsa-plain-with-blake2b512 | |
| SB_CERT_ALGORITHM_ID_DSA_BLAKE2S_224 | id-dsa-with-blake2s224 | |
| SB_CERT_ALGORITHM_ID_DSA_BLAKE2S_256 | id-dsa-with-blake2s256 | |
| SB_CERT_ALGORITHM_EDDSA_ED25519 | id-Ed25519 | |
| SB_CERT_ALGORITHM_EDDSA_ED448 | id-Ed448 | |
| SB_CERT_ALGORITHM_EDDSA_ED25519_PH | id-Ed25519ph | |
| SB_CERT_ALGORITHM_EDDSA_ED448_PH | id-Ed448ph | |
| SB_CERT_ALGORITHM_EDDSA | id-EdDSA | |
| SB_CERT_ALGORITHM_EDDSA_SIGNATURE | id-EdDSA-sig |
The $certindex parameter specifies the index of the item in the array. The size of the array is controlled by the CertCount property.
This property is read-only and not available at design time.
Data Type
String
CertKeyBits Property (SecureBlackbox_CAdESVerifier Class)
Returns the length of the public key.
Object Oriented Interface
public function getCertKeyBits($certindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 50 , $certindex);
Default Value
0
Remarks
Returns the length of the public key.
The $certindex parameter specifies the index of the item in the array. The size of the array is controlled by the CertCount property.
This property is read-only and not available at design time.
Data Type
Integer
CertKeyFingerprint Property (SecureBlackbox_CAdESVerifier Class)
Returns a fingerprint of the public key contained in the certificate.
Object Oriented Interface
public function getCertKeyFingerprint($certindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 51 , $certindex);
Remarks
Returns a fingerprint of the public key contained in the certificate.
The $certindex parameter specifies the index of the item in the array. The size of the array is controlled by the CertCount property.
This property is read-only and not available at design time.
Data Type
Byte Array
CertKeyUsage Property (SecureBlackbox_CAdESVerifier Class)
Indicates the purposes of the key contained in the certificate, in the form of an OR'ed flag set.
Object Oriented Interface
public function getCertKeyUsage($certindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 52 , $certindex);
Default Value
0
Remarks
Indicates the purposes of the key contained in the certificate, in the form of an OR'ed flag set.
This value is a bit mask of the following values:
| ckuUnknown | 0x00000 | Unknown key usage |
| ckuDigitalSignature | 0x00001 | Digital signature |
| ckuNonRepudiation | 0x00002 | Non-repudiation |
| ckuKeyEncipherment | 0x00004 | Key encipherment |
| ckuDataEncipherment | 0x00008 | Data encipherment |
| ckuKeyAgreement | 0x00010 | Key agreement |
| ckuKeyCertSign | 0x00020 | Certificate signing |
| ckuCRLSign | 0x00040 | Revocation signing |
| ckuEncipherOnly | 0x00080 | Encipher only |
| ckuDecipherOnly | 0x00100 | Decipher only |
| ckuServerAuthentication | 0x00200 | Server authentication |
| ckuClientAuthentication | 0x00400 | Client authentication |
| ckuCodeSigning | 0x00800 | Code signing |
| ckuEmailProtection | 0x01000 | Email protection |
| ckuTimeStamping | 0x02000 | Timestamping |
| ckuOCSPSigning | 0x04000 | OCSP signing |
| ckuSmartCardLogon | 0x08000 | Smartcard logon |
| ckuKeyPurposeClientAuth | 0x10000 | Kerberos - client authentication |
| ckuKeyPurposeKDC | 0x20000 | Kerberos - KDC |
The $certindex parameter specifies the index of the item in the array. The size of the array is controlled by the CertCount property.
This property is read-only and not available at design time.
Data Type
Integer
CertKeyValid Property (SecureBlackbox_CAdESVerifier Class)
Returns True if the certificate's key is cryptographically valid, and False otherwise.
Object Oriented Interface
public function getCertKeyValid($certindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 53 , $certindex);
Default Value
false
Remarks
Returns True if the certificate's key is cryptographically valid, and False otherwise.
The $certindex parameter specifies the index of the item in the array. The size of the array is controlled by the CertCount property.
This property is read-only and not available at design time.
Data Type
Boolean
CertOCSPLocations Property (SecureBlackbox_CAdESVerifier Class)
Locations of OCSP (Online Certificate Status Protocol) services that can be used to check this certificate's validity, as recorded by the CA.
Object Oriented Interface
public function getCertOCSPLocations($certindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 54 , $certindex);
Default Value
''
Remarks
Locations of OCSP (Online Certificate Status Protocol) services that can be used to check this certificate's validity, as recorded by the CA.
The $certindex parameter specifies the index of the item in the array. The size of the array is controlled by the CertCount property.
This property is read-only and not available at design time.
Data Type
String
CertPolicyIDs Property (SecureBlackbox_CAdESVerifier Class)
Contains identifiers (OIDs) of the applicable certificate policies.
Object Oriented Interface
public function getCertPolicyIDs($certindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 57 , $certindex);
Default Value
''
Remarks
Contains identifiers (OIDs) of the applicable certificate policies.
The Certificate Policies extension identifies a sequence of policies under which the certificate has been issued, and which regulate its usage.
The $certindex parameter specifies the index of the item in the array. The size of the array is controlled by the CertCount property.
This property is read-only and not available at design time.
Data Type
String
CertPublicKeyBytes Property (SecureBlackbox_CAdESVerifier Class)
Contains the certificate's public key in DER format.
Object Oriented Interface
public function getCertPublicKeyBytes($certindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 61 , $certindex);
Remarks
Contains the certificate's public key in DER format.
The $certindex parameter specifies the index of the item in the array. The size of the array is controlled by the CertCount property.
This property is read-only and not available at design time.
Data Type
Byte Array
CertSelfSigned Property (SecureBlackbox_CAdESVerifier Class)
Indicates whether the certificate is self-signed (root) or signed by an external CA.
Object Oriented Interface
public function getCertSelfSigned($certindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 63 , $certindex);
Default Value
false
Remarks
Indicates whether the certificate is self-signed (root) or signed by an external CA.
The $certindex parameter specifies the index of the item in the array. The size of the array is controlled by the CertCount property.
This property is read-only and not available at design time.
Data Type
Boolean
CertSerialNumber Property (SecureBlackbox_CAdESVerifier Class)
Returns the certificate's serial number.
Object Oriented Interface
public function getCertSerialNumber($certindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 64 , $certindex);
Remarks
Returns the certificate's serial number.
The $certindex parameter specifies the index of the item in the array. The size of the array is controlled by the CertCount property.
This property is read-only and not available at design time.
Data Type
Byte Array
CertSigAlgorithm Property (SecureBlackbox_CAdESVerifier Class)
Indicates the algorithm that was used by the CA to sign this certificate.
Object Oriented Interface
public function getCertSigAlgorithm($certindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 65 , $certindex);
Default Value
''
Remarks
Indicates the algorithm that was used by the CA to sign this certificate.
The $certindex parameter specifies the index of the item in the array. The size of the array is controlled by the CertCount property.
This property is read-only and not available at design time.
Data Type
String
CertSubject Property (SecureBlackbox_CAdESVerifier Class)
The common name of the certificate holder, typically an individual's name, a URL, an e-mail address, or a company name.
Object Oriented Interface
public function getCertSubject($certindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 66 , $certindex);
Default Value
''
Remarks
The common name of the certificate holder, typically an individual's name, a URL, an e-mail address, or a company name.
The $certindex parameter specifies the index of the item in the array. The size of the array is controlled by the CertCount property.
This property is read-only and not available at design time.
Data Type
String
CertSubjectKeyID Property (SecureBlackbox_CAdESVerifier Class)
Contains a unique identifier (fingerprint) of the certificate's private key.
Object Oriented Interface
public function getCertSubjectKeyID($certindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 68 , $certindex);
Remarks
Contains a unique identifier (fingerprint) of the certificate's private key.
Subject Key Identifier is a (non-critical) X.509 certificate extension which allows the identification of certificates containing a particular public key. In SecureBlackbox, the unique identifier is represented with a SHA1 hash of the bit string of the subject public key.
The $certindex parameter specifies the index of the item in the array. The size of the array is controlled by the CertCount property.
This property is read-only and not available at design time.
Data Type
Byte Array
CertSubjectRDN Property (SecureBlackbox_CAdESVerifier Class)
A collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate holder (subject).
Object Oriented Interface
public function getCertSubjectRDN($certindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 69 , $certindex);
Default Value
''
Remarks
A collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate holder (subject).
The $certindex parameter specifies the index of the item in the array. The size of the array is controlled by the CertCount property.
This property is read-only and not available at design time.
Data Type
String
CertValidFrom Property (SecureBlackbox_CAdESVerifier Class)
The time point at which the certificate becomes valid, in UTC.
Object Oriented Interface
public function getCertValidFrom($certindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 70 , $certindex);
Default Value
''
Remarks
The time point at which the certificate becomes valid, in UTC.
The $certindex parameter specifies the index of the item in the array. The size of the array is controlled by the CertCount property.
This property is read-only and not available at design time.
Data Type
String
CertValidTo Property (SecureBlackbox_CAdESVerifier Class)
The time point at which the certificate expires, in UTC.
Object Oriented Interface
public function getCertValidTo($certindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 71 , $certindex);
Default Value
''
Remarks
The time point at which the certificate expires, in UTC.
The $certindex parameter specifies the index of the item in the array. The size of the array is controlled by the CertCount property.
This property is read-only and not available at design time.
Data Type
String
CRLCount Property (SecureBlackbox_CAdESVerifier Class)
The number of records in the CRL arrays.
Object Oriented Interface
public function getCRLCount();
Procedural Interface
secureblackbox_cadesverifier_get($res, 72 );
Default Value
0
Remarks
This property controls the size of the following arrays:
The array indices start at 0 and end at CRLCount - 1.This property is read-only and not available at design time.
Data Type
Integer
CRLBytes Property (SecureBlackbox_CAdESVerifier Class)
Returns the raw CRL data in DER format.
Object Oriented Interface
public function getCRLBytes($crlindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 73 , $crlindex);
Remarks
Returns the raw CRL data in DER format.
The $crlindex parameter specifies the index of the item in the array. The size of the array is controlled by the CRLCount property.
This property is read-only and not available at design time.
Data Type
Byte Array
CRLHandle Property (SecureBlackbox_CAdESVerifier Class)
Allows to get or set a 'handle', a unique identifier of the underlying property object.
Object Oriented Interface
public function getCRLHandle($crlindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 76 , $crlindex);
Default Value
0
Remarks
Allows to get or set a 'handle', a unique identifier of the underlying property object. Use this property to assign objects of the same type in a quicker manner, without copying them fieldwise.
When you pass a handle of one object to another, the source object is copied to the destination rather than assigned. It is safe to get rid of the original object
after such operation.
pdfSigner.setSigningCertHandle(certMgr.getCertHandle());
The $crlindex parameter specifies the index of the item in the array. The size of the array is controlled by the CRLCount property.
This property is read-only and not available at design time.
Data Type
Long64
CRLIssuer Property (SecureBlackbox_CAdESVerifier Class)
The common name of the CRL issuer (CA), typically a company name.
Object Oriented Interface
public function getCRLIssuer($crlindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 77 , $crlindex);
Default Value
''
Remarks
The common name of the CRL issuer (CA), typically a company name.
The $crlindex parameter specifies the index of the item in the array. The size of the array is controlled by the CRLCount property.
This property is read-only and not available at design time.
Data Type
String
CRLIssuerRDN Property (SecureBlackbox_CAdESVerifier Class)
A collection of information, in the form of [OID, Value] pairs, uniquely identifying the CRL issuer.
Object Oriented Interface
public function getCRLIssuerRDN($crlindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 78 , $crlindex);
Default Value
''
Remarks
A collection of information, in the form of [OID, Value] pairs, uniquely identifying the CRL issuer.
The $crlindex parameter specifies the index of the item in the array. The size of the array is controlled by the CRLCount property.
This property is read-only and not available at design time.
Data Type
String
CRLLocation Property (SecureBlackbox_CAdESVerifier Class)
The URL that the CRL was downloaded from.
Object Oriented Interface
public function getCRLLocation($crlindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 79 , $crlindex);
Default Value
''
Remarks
The URL that the CRL was downloaded from.
The $crlindex parameter specifies the index of the item in the array. The size of the array is controlled by the CRLCount property.
This property is read-only and not available at design time.
Data Type
String
CRLNextUpdate Property (SecureBlackbox_CAdESVerifier Class)
The planned time and date of the next version of this CRL to be published.
Object Oriented Interface
public function getCRLNextUpdate($crlindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 80 , $crlindex);
Default Value
''
Remarks
The planned time and date of the next version of this CRL to be published.
The $crlindex parameter specifies the index of the item in the array. The size of the array is controlled by the CRLCount property.
This property is read-only and not available at design time.
Data Type
String
CRLThisUpdate Property (SecureBlackbox_CAdESVerifier Class)
The date and time at which this version of the CRL was published.
Object Oriented Interface
public function getCRLThisUpdate($crlindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 83 , $crlindex);
Default Value
''
Remarks
The date and time at which this version of the CRL was published.
The $crlindex parameter specifies the index of the item in the array. The size of the array is controlled by the CRLCount property.
This property is read-only and not available at design time.
Data Type
String
DataBytes Property (SecureBlackbox_CAdESVerifier Class)
Use this property to pass the signed data to class in the byte array form.
Object Oriented Interface
public function getDataBytes(); public function setDataBytes($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 84 ); secureblackbox_cadesverifier_set($res, 84, $value );
Remarks
Assign a byte array containing the original signed data to this property.
This property is not available at design time.
Data Type
Byte Array
DataFile Property (SecureBlackbox_CAdESVerifier Class)
A path to the file containing the originally signed data.
Object Oriented Interface
public function getDataFile(); public function setDataFile($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 85 ); secureblackbox_cadesverifier_set($res, 85, $value );
Default Value
''
Remarks
Use this property when working with detached signatures to provide the original signed input. Alternatively, use DataStream to provide in-memory data.
Data Type
String
FIPSMode Property (SecureBlackbox_CAdESVerifier Class)
Reserved.
Object Oriented Interface
public function getFIPSMode(); public function setFIPSMode($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 86 ); secureblackbox_cadesverifier_set($res, 86, $value );
Default Value
false
Remarks
This property is reserved for future use.
Data Type
Boolean
IgnoreChainValidationErrors Property (SecureBlackbox_CAdESVerifier Class)
Makes the class tolerant to chain validation errors.
Object Oriented Interface
public function getIgnoreChainValidationErrors(); public function setIgnoreChainValidationErrors($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 87 ); secureblackbox_cadesverifier_set($res, 87, $value );
Default Value
false
Remarks
If this property is set to True, any errors emerging during certificate chain validation will be ignored. This setting may be handy if the purpose of validation is the creation of an LTV signature, and the validation is performed in an environment that doesn't trust the signer's certificate chain.
Data Type
Boolean
InputBytes Property (SecureBlackbox_CAdESVerifier Class)
Use this property to pass the input to class in byte array form.
Object Oriented Interface
public function getInputBytes(); public function setInputBytes($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 88 ); secureblackbox_cadesverifier_set($res, 88, $value );
Remarks
Assign a byte array containing the data to be processed to this property.
This property is not available at design time.
Data Type
Byte Array
InputFile Property (SecureBlackbox_CAdESVerifier Class)
A path to the file containing the signature blob.
Object Oriented Interface
public function getInputFile(); public function setInputFile($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 89 ); secureblackbox_cadesverifier_set($res, 89, $value );
Default Value
''
Remarks
Use this property to provide a path to the file containing the CAdES signature blob. If verifying detached signatures, use DataStream or DataFile to also supply the original data that was signed.
Data Type
String
InputIsHash Property (SecureBlackbox_CAdESVerifier Class)
Specifies whether the input source contains the hash of the data or the actual data.
Object Oriented Interface
public function getInputIsHash(); public function setInputIsHash($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 90 ); secureblackbox_cadesverifier_set($res, 90, $value );
Default Value
false
Remarks
Use this property to tell the component whether the input source contains the actual data or its hash.
This property is not available at design time.
Data Type
Boolean
KnownCertCount Property (SecureBlackbox_CAdESVerifier Class)
The number of records in the KnownCert arrays.
Object Oriented Interface
public function getKnownCertCount(); public function setKnownCertCount($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 91 ); secureblackbox_cadesverifier_set($res, 91, $value );
Default Value
0
Remarks
This property controls the size of the following arrays:
The array indices start at 0 and end at KnownCertCount - 1.This property is not available at design time.
Data Type
Integer
KnownCertBytes Property (SecureBlackbox_CAdESVerifier Class)
Returns the raw certificate data in DER format.
Object Oriented Interface
public function getKnownCertBytes($knowncertindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 92 , $knowncertindex);
Remarks
Returns the raw certificate data in DER format.
The $knowncertindex parameter specifies the index of the item in the array. The size of the array is controlled by the KnownCertCount property.
This property is read-only and not available at design time.
Data Type
Byte Array
KnownCertHandle Property (SecureBlackbox_CAdESVerifier Class)
Allows to get or set a 'handle', a unique identifier of the underlying property object.
Object Oriented Interface
public function getKnownCertHandle($knowncertindex); public function setKnownCertHandle($knowncertindex, $value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 99 , $knowncertindex); secureblackbox_cadesverifier_set($res, 99, $value , $knowncertindex);
Default Value
0
Remarks
Allows to get or set a 'handle', a unique identifier of the underlying property object. Use this property to assign objects of the same type in a quicker manner, without copying them fieldwise.
When you pass a handle of one object to another, the source object is copied to the destination rather than assigned. It is safe to get rid of the original object
after such operation.
pdfSigner.setSigningCertHandle(certMgr.getCertHandle());
The $knowncertindex parameter specifies the index of the item in the array. The size of the array is controlled by the KnownCertCount property.
This property is not available at design time.
Data Type
Long64
KnownCRLCount Property (SecureBlackbox_CAdESVerifier Class)
The number of records in the KnownCRL arrays.
Object Oriented Interface
public function getKnownCRLCount(); public function setKnownCRLCount($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 126 ); secureblackbox_cadesverifier_set($res, 126, $value );
Default Value
0
Remarks
This property controls the size of the following arrays:
The array indices start at 0 and end at KnownCRLCount - 1.This property is not available at design time.
Data Type
Integer
KnownCRLBytes Property (SecureBlackbox_CAdESVerifier Class)
Returns the raw CRL data in DER format.
Object Oriented Interface
public function getKnownCRLBytes($knowncrlindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 127 , $knowncrlindex);
Remarks
Returns the raw CRL data in DER format.
The $knowncrlindex parameter specifies the index of the item in the array. The size of the array is controlled by the KnownCRLCount property.
This property is read-only and not available at design time.
Data Type
Byte Array
KnownCRLHandle Property (SecureBlackbox_CAdESVerifier Class)
Allows to get or set a 'handle', a unique identifier of the underlying property object.
Object Oriented Interface
public function getKnownCRLHandle($knowncrlindex); public function setKnownCRLHandle($knowncrlindex, $value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 130 , $knowncrlindex); secureblackbox_cadesverifier_set($res, 130, $value , $knowncrlindex);
Default Value
0
Remarks
Allows to get or set a 'handle', a unique identifier of the underlying property object. Use this property to assign objects of the same type in a quicker manner, without copying them fieldwise.
When you pass a handle of one object to another, the source object is copied to the destination rather than assigned. It is safe to get rid of the original object
after such operation.
pdfSigner.setSigningCertHandle(certMgr.getCertHandle());
The $knowncrlindex parameter specifies the index of the item in the array. The size of the array is controlled by the KnownCRLCount property.
This property is not available at design time.
Data Type
Long64
KnownOCSPCount Property (SecureBlackbox_CAdESVerifier Class)
The number of records in the KnownOCSP arrays.
Object Oriented Interface
public function getKnownOCSPCount(); public function setKnownOCSPCount($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 138 ); secureblackbox_cadesverifier_set($res, 138, $value );
Default Value
0
Remarks
This property controls the size of the following arrays:
The array indices start at 0 and end at KnownOCSPCount - 1.This property is not available at design time.
Data Type
Integer
KnownOCSPBytes Property (SecureBlackbox_CAdESVerifier Class)
A buffer containing the raw OCSP response data.
Object Oriented Interface
public function getKnownOCSPBytes($knownocspindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 139 , $knownocspindex);
Remarks
A buffer containing the raw OCSP response data.
The $knownocspindex parameter specifies the index of the item in the array. The size of the array is controlled by the KnownOCSPCount property.
This property is read-only and not available at design time.
Data Type
Byte Array
KnownOCSPHandle Property (SecureBlackbox_CAdESVerifier Class)
Allows to get or set a 'handle', a unique identifier of the underlying property object.
Object Oriented Interface
public function getKnownOCSPHandle($knownocspindex); public function setKnownOCSPHandle($knownocspindex, $value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 141 , $knownocspindex); secureblackbox_cadesverifier_set($res, 141, $value , $knownocspindex);
Default Value
0
Remarks
Allows to get or set a 'handle', a unique identifier of the underlying property object. Use this property to assign objects of the same type in a quicker manner, without copying them fieldwise.
When you pass a handle of one object to another, the source object is copied to the destination rather than assigned. It is safe to get rid of the original object
after such operation.
pdfSigner.setSigningCertHandle(certMgr.getCertHandle());
The $knownocspindex parameter specifies the index of the item in the array. The size of the array is controlled by the KnownOCSPCount property.
This property is not available at design time.
Data Type
Long64
OCSPCount Property (SecureBlackbox_CAdESVerifier Class)
The number of records in the OCSP arrays.
Object Oriented Interface
public function getOCSPCount();
Procedural Interface
secureblackbox_cadesverifier_get($res, 146 );
Default Value
0
Remarks
This property controls the size of the following arrays:
The array indices start at 0 and end at OCSPCount - 1.This property is read-only and not available at design time.
Data Type
Integer
OCSPBytes Property (SecureBlackbox_CAdESVerifier Class)
A buffer containing the raw OCSP response data.
Object Oriented Interface
public function getOCSPBytes($ocspindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 147 , $ocspindex);
Remarks
A buffer containing the raw OCSP response data.
The $ocspindex parameter specifies the index of the item in the array. The size of the array is controlled by the OCSPCount property.
This property is read-only and not available at design time.
Data Type
Byte Array
OCSPHandle Property (SecureBlackbox_CAdESVerifier Class)
Allows to get or set a 'handle', a unique identifier of the underlying property object.
Object Oriented Interface
public function getOCSPHandle($ocspindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 149 , $ocspindex);
Default Value
0
Remarks
Allows to get or set a 'handle', a unique identifier of the underlying property object. Use this property to assign objects of the same type in a quicker manner, without copying them fieldwise.
When you pass a handle of one object to another, the source object is copied to the destination rather than assigned. It is safe to get rid of the original object
after such operation.
pdfSigner.setSigningCertHandle(certMgr.getCertHandle());
The $ocspindex parameter specifies the index of the item in the array. The size of the array is controlled by the OCSPCount property.
This property is read-only and not available at design time.
Data Type
Long64
OCSPIssuer Property (SecureBlackbox_CAdESVerifier Class)
Indicates the issuer of this response (a CA or its authorized representative).
Object Oriented Interface
public function getOCSPIssuer($ocspindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 150 , $ocspindex);
Default Value
''
Remarks
Indicates the issuer of this response (a CA or its authorized representative).
The $ocspindex parameter specifies the index of the item in the array. The size of the array is controlled by the OCSPCount property.
This property is read-only and not available at design time.
Data Type
String
OCSPIssuerRDN Property (SecureBlackbox_CAdESVerifier Class)
Indicates the RDN of the issuer of this response (a CA or its authorized representative).
Object Oriented Interface
public function getOCSPIssuerRDN($ocspindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 151 , $ocspindex);
Default Value
''
Remarks
Indicates the RDN of the issuer of this response (a CA or its authorized representative).
The $ocspindex parameter specifies the index of the item in the array. The size of the array is controlled by the OCSPCount property.
This property is read-only and not available at design time.
Data Type
String
OCSPLocation Property (SecureBlackbox_CAdESVerifier Class)
The location of the OCSP responder.
Object Oriented Interface
public function getOCSPLocation($ocspindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 152 , $ocspindex);
Default Value
''
Remarks
The location of the OCSP responder.
The $ocspindex parameter specifies the index of the item in the array. The size of the array is controlled by the OCSPCount property.
This property is read-only and not available at design time.
Data Type
String
OCSPProducedAt Property (SecureBlackbox_CAdESVerifier Class)
Specifies the time when the response was produced, in UTC.
Object Oriented Interface
public function getOCSPProducedAt($ocspindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 153 , $ocspindex);
Default Value
''
Remarks
Specifies the time when the response was produced, in UTC.
The $ocspindex parameter specifies the index of the item in the array. The size of the array is controlled by the OCSPCount property.
This property is read-only and not available at design time.
Data Type
String
OfflineMode Property (SecureBlackbox_CAdESVerifier Class)
Switches the class to offline mode.
Object Oriented Interface
public function getOfflineMode(); public function setOfflineMode($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 154 ); secureblackbox_cadesverifier_set($res, 154, $value );
Default Value
false
Remarks
When working in offline mode, the class restricts itself from using any online revocation information sources, such as CRL or OCSP responders.
Offline mode may be useful if there is a need to verify the completeness of the validation information included within the signature or provided via KnownCertificates, KnownCRLs, and other related properties.
Data Type
Boolean
OutputBytes Property (SecureBlackbox_CAdESVerifier Class)
Use this property to read the output the class object has produced.
Object Oriented Interface
public function getOutputBytes();
Procedural Interface
secureblackbox_cadesverifier_get($res, 155 );
Remarks
Read the contents of this property after the operation has completed to read the produced output. This property will only be set if the OutputFile and OutputStream properties had not been assigned.
This property is read-only and not available at design time.
Data Type
Byte Array
OutputFile Property (SecureBlackbox_CAdESVerifier Class)
A path to the file to write the extracted data to.
Object Oriented Interface
public function getOutputFile(); public function setOutputFile($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 156 ); secureblackbox_cadesverifier_set($res, 156, $value );
Default Value
''
Remarks
Use this property to provide a file name to save the data extracted from the enveloping signature.
Data Type
String
Profile Property (SecureBlackbox_CAdESVerifier Class)
Specifies a pre-defined profile to apply when creating the signature.
Object Oriented Interface
public function getProfile(); public function setProfile($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 157 ); secureblackbox_cadesverifier_set($res, 157, $value );
Default Value
''
Remarks
Advanced signatures come in many variants, which are often defined by parties that needs to process them or by local standards. SecureBlackbox profiles are sets of pre-defined configurations which correspond to particular signature variants. By specifying a profile, you are pre-configuring the component to make it produce the signature that matches the configuration corresponding to that profile.
Data Type
String
ProxyAddress Property (SecureBlackbox_CAdESVerifier Class)
The IP address of the proxy server.
Object Oriented Interface
public function getProxyAddress(); public function setProxyAddress($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 158 ); secureblackbox_cadesverifier_set($res, 158, $value );
Default Value
''
Remarks
The IP address of the proxy server.
Data Type
String
ProxyAuthentication Property (SecureBlackbox_CAdESVerifier Class)
The authentication type used by the proxy server.
Object Oriented Interface
public function getProxyAuthentication(); public function setProxyAuthentication($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 159 ); secureblackbox_cadesverifier_set($res, 159, $value );
Default Value
0
Remarks
The authentication type used by the proxy server.
| patNoAuthentication | 0 |
| patBasic | 1 |
| patDigest | 2 |
| patNTLM | 3 |
Data Type
Integer
ProxyPassword Property (SecureBlackbox_CAdESVerifier Class)
The password to authenticate to the proxy server.
Object Oriented Interface
public function getProxyPassword(); public function setProxyPassword($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 160 ); secureblackbox_cadesverifier_set($res, 160, $value );
Default Value
''
Remarks
The password to authenticate to the proxy server.
Data Type
String
ProxyPort Property (SecureBlackbox_CAdESVerifier Class)
The port on the proxy server to connect to.
Object Oriented Interface
public function getProxyPort(); public function setProxyPort($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 161 ); secureblackbox_cadesverifier_set($res, 161, $value );
Default Value
0
Remarks
The port on the proxy server to connect to.
Data Type
Integer
ProxyProxyType Property (SecureBlackbox_CAdESVerifier Class)
The type of the proxy server.
Object Oriented Interface
public function getProxyProxyType(); public function setProxyProxyType($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 162 ); secureblackbox_cadesverifier_set($res, 162, $value );
Default Value
0
Remarks
The type of the proxy server.
The WebTunnel proxy is also known as HTTPS proxy. Unlike HTTP proxy, HTTPS proxy (WebTunnel) provides end-to-end security.
| cptNone | 0 |
| cptSocks4 | 1 |
| cptSocks5 | 2 |
| cptWebTunnel | 3 |
| cptHTTP | 4 |
Data Type
Integer
ProxyRequestHeaders Property (SecureBlackbox_CAdESVerifier Class)
Contains HTTP request headers for WebTunnel and HTTP proxy.
Object Oriented Interface
public function getProxyRequestHeaders(); public function setProxyRequestHeaders($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 163 ); secureblackbox_cadesverifier_set($res, 163, $value );
Default Value
''
Remarks
Contains HTTP request headers for WebTunnel and HTTP proxy.
Data Type
String
ProxyResponseBody Property (SecureBlackbox_CAdESVerifier Class)
Contains the HTTP or HTTPS (WebTunnel) proxy response body.
Object Oriented Interface
public function getProxyResponseBody(); public function setProxyResponseBody($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 164 ); secureblackbox_cadesverifier_set($res, 164, $value );
Default Value
''
Remarks
Contains the HTTP or HTTPS (WebTunnel) proxy response body.
Data Type
String
ProxyResponseHeaders Property (SecureBlackbox_CAdESVerifier Class)
Contains response headers received from an HTTP or HTTPS (WebTunnel) proxy server.
Object Oriented Interface
public function getProxyResponseHeaders(); public function setProxyResponseHeaders($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 165 ); secureblackbox_cadesverifier_set($res, 165, $value );
Default Value
''
Remarks
Contains response headers received from an HTTP or HTTPS (WebTunnel) proxy server.
Data Type
String
ProxyUseIPv6 Property (SecureBlackbox_CAdESVerifier Class)
Specifies whether IPv6 should be used when connecting through the proxy.
Object Oriented Interface
public function getProxyUseIPv6(); public function setProxyUseIPv6($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 166 ); secureblackbox_cadesverifier_set($res, 166, $value );
Default Value
false
Remarks
Specifies whether IPv6 should be used when connecting through the proxy.
Data Type
Boolean
ProxyUseProxy Property (SecureBlackbox_CAdESVerifier Class)
Enables or disables proxy-driven connection.
Object Oriented Interface
public function getProxyUseProxy(); public function setProxyUseProxy($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 167 ); secureblackbox_cadesverifier_set($res, 167, $value );
Default Value
false
Remarks
Enables or disables proxy-driven connection.
Data Type
Boolean
ProxyUsername Property (SecureBlackbox_CAdESVerifier Class)
Specifies the username credential for proxy authentication.
Object Oriented Interface
public function getProxyUsername(); public function setProxyUsername($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 168 ); secureblackbox_cadesverifier_set($res, 168, $value );
Default Value
''
Remarks
Specifies the username credential for proxy authentication.
Data Type
String
RevocationCheck Property (SecureBlackbox_CAdESVerifier Class)
Specifies the kind(s) of revocation check to perform for all chain certificates.
Object Oriented Interface
public function getRevocationCheck(); public function setRevocationCheck($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 169 ); secureblackbox_cadesverifier_set($res, 169, $value );
Default Value
1
Remarks
Revocation checking is necessary to ensure the integrity of the chain and obtain up-to-date certificate validity and trustworthiness information.
Certificate Revocation Lists (CRLs) and Online Certificate Status Protocol (OCSP) responses serve the same purpose of ensuring that the certificate had not been revoked by the Certificate Authority (CA) at the time of use. Depending on your circumstances and security policy requirements, you may want to use either one or both of the revocation information source types.
| crcNone | 0 | No revocation checking. |
| crcAuto | 1 | Automatic mode selection. Currently this maps to crcAnyOCSPOrCRL, but it may change in the future. |
| crcAllCRL | 2 | All provided CRL endpoints will be checked, and all checks must succeed. |
| crcAllOCSP | 3 | All provided OCSP endpoints will be checked, and all checks must succeed. |
| crcAllCRLAndOCSP | 4 | All provided CRL and OCSP endpoints will be checked, and all checks must succeed. |
| crcAnyCRL | 5 | All provided CRL endpoints will be checked, and at least one check must succeed. |
| crcAnyOCSP | 6 | All provided OCSP endpoints will be checked, and at least one check must succeed. |
| crcAnyCRLOrOCSP | 7 | All provided CRL and OCSP endpoints will be checked, and at least one check must succeed. CRL endpoints are checked first. |
| crcAnyOCSPOrCRL | 8 | All provided CRL and OCSP endpoints will be checked, and at least one check must succeed. OCSP endpoints are checked first. |
This setting controls the way the revocation checks are performed for every certificate in the chain. Typically certificates come with two types of revocation information sources: CRL (certificate revocation lists) and OCSP responders. CRLs are static objects periodically published by the CA at some online location. OCSP responders are active online services maintained by the CA that can provide up-to-date information on certificate statuses in near real time.
There are some conceptual differences between the two. CRLs are normally larger in size. Their use involves some latency because there is normally some delay between the time when a certificate was revoked and the time the subsequent CRL mentioning that is published. The benefits of CRL is that the same object can provide statuses for all certificates issued by a particular CA, and that the whole technology is much simpler than OCSP (and thus is supported by more CAs).
This setting lets you adjust the validation course by including or excluding certain types of revocation sources from the validation process. The crcAnyOCSPOrCRL setting (give preference to the faster OCSP route and only demand one source to succeed) is a good choice for most typical validation environments. The "crcAll*" modes are much stricter, and may be used in scenarios where bulletproof validity information is essential.
Note: If no CRL or OCSP endpoints are provided by the CA, the revocation check will be considered successful. This is because the CA chose not to supply revocation information for its certificates, meaning they are considered irrevocable.
Note: Within each of the above settings, if any retrieved CRL or OCSP response indicates that the certificate has been revoked, the revocation check fails.
Data Type
Integer
SignatureChainValidationDetails Property (SecureBlackbox_CAdESVerifier Class)
The details of a certificate chain validation outcome.
Object Oriented Interface
public function getSignatureChainValidationDetails();
Procedural Interface
secureblackbox_cadesverifier_get($res, 170 );
Default Value
0
Remarks
The details of a certificate chain validation outcome. They may often suggest the reasons that contributed to the overall validation result.
Returns a bit mask of the following options:
| cvrBadData | 0x0001 | One or more certificates in the validation path are malformed |
| cvrRevoked | 0x0002 | One or more certificates are revoked |
| cvrNotYetValid | 0x0004 | One or more certificates are not yet valid |
| cvrExpired | 0x0008 | One or more certificates are expired |
| cvrInvalidSignature | 0x0010 | A certificate contains a non-valid digital signature |
| cvrUnknownCA | 0x0020 | A CA certificate for one or more certificates has not been found (chain incomplete) |
| cvrCAUnauthorized | 0x0040 | One of the CA certificates are not authorized to act as CA |
| cvrCRLNotVerified | 0x0080 | One or more CRLs could not be verified |
| cvrOCSPNotVerified | 0x0100 | One or more OCSP responses could not be verified |
| cvrIdentityMismatch | 0x0200 | The identity protected by the certificate (a TLS endpoint or an e-mail addressee) does not match what is recorded in the certificate |
| cvrNoKeyUsage | 0x0400 | A mandatory key usage is not enabled in one of the chain certificates |
| cvrBlocked | 0x0800 | One or more certificates are blocked |
| cvrFailure | 0x1000 | General validation failure |
| cvrChainLoop | 0x2000 | Chain loop: one of the CA certificates recursively signs itself |
| cvrWeakAlgorithm | 0x4000 | A weak algorithm is used in one of certificates or revocation elements |
| cvrUserEnforced | 0x8000 | The chain was considered invalid following intervention from a user code |
This property is read-only and not available at design time.
Data Type
Integer
SignatureChainValidationResult Property (SecureBlackbox_CAdESVerifier Class)
The outcome of a certificate chain validation routine.
Object Oriented Interface
public function getSignatureChainValidationResult();
Procedural Interface
secureblackbox_cadesverifier_get($res, 171 );
Default Value
0
Remarks
The outcome of a certificate chain validation routine.
Available options:
| cvtValid | 0 | The chain is valid |
| cvtValidButUntrusted | 1 | The chain is valid, but the root certificate is not trusted |
| cvtInvalid | 2 | The chain is not valid (some of certificates are revoked, expired, or contain an invalid signature) |
| cvtCantBeEstablished | 3 | The validity of the chain cannot be established because of missing or unavailable validation information (certificates, CRLs, or OCSP responses) |
Use the ValidationLog property to access the detailed validation log.
This property is read-only and not available at design time.
Data Type
Integer
SignatureClaimedSigningTime Property (SecureBlackbox_CAdESVerifier Class)
Returns or sets signature's creation time.
Object Oriented Interface
public function getSignatureClaimedSigningTime();
Procedural Interface
secureblackbox_cadesverifier_get($res, 172 );
Default Value
''
Remarks
Returns or sets signature's creation time.
Use this property to get or set the signature creation time from the signer's computer. The claimed time, unlike SignatureValidatedSigningTime does not originate from a trusted TSA and may be forfeited or wrong.
The time is provided in UTC.
This property is read-only and not available at design time.
Data Type
String
SignatureCompatibilityErrors Property (SecureBlackbox_CAdESVerifier Class)
Returns compatibility errors encountered during validation.
Object Oriented Interface
public function getSignatureCompatibilityErrors();
Procedural Interface
secureblackbox_cadesverifier_get($res, 173 );
Default Value
0
Remarks
Returns compatibility errors encountered during validation.
Use this property to get specific compatibility errors encountered within the course of certificate chain validation. Unlike chain validation details, compatibility errors indicate violation by the signature of the assumed signature level/profile. For example, BES signatures are required to contain the signing time attribute. A prospective BES signature without such attribute will invoke a compatibility error.
Supported values:
| cerrUnknown | 0x00001 | Unknown validation error |
| cerrNoMessageDigest | 0x00002 | No message digest attribute included in the signature |
| cerrNoContentType | 0x00004 | No mandatory content-type attribute is included in the signature |
| cerrNoSigningCertificate | 0x00008 | No mandatory signing-certificate (-v2) attribute is included in the signature |
| cerrNoSignaturePolicy | 0x00010 | No signature policy information is included in the signature |
| cerrNoSignatureTimestamp | 0x00020 | The signature is not timestamped |
| cerrNoCertificateReferences | 0x00040 | No certificate-references attribute was found in the signature |
| cerrNoRevocationReferences | 0x00080 | No revocation-references attribute was found in the signature |
| cerrNoCertificateValues | 0x00100 | No certificate-values attribute was found in the signature |
| cerrNoRevocationValues | 0x00200 | No revocation-values attribute was found in the signature |
| cerrNoTimestampedValidationData | 0x00400 | No timestamped validation data was found in the signature |
| cerrNoArchivalTimestamp | 0x00800 | No archival timestamp was found in the signature |
| cerrUnexpectedValidationElements | 0x01000 | Unexpected validation elements were found in the signature |
| cerrMissingValidationElements | 0x02000 | Some mandatory validation elements are missing from the signature |
| cerrInvalidATSHashIndex | 0x04000 | ATS Hash Index attribute is invalid |
| cerrNoSigningTime | 0x08000 | No mandatory signing-time attribute was found in the signature |
| cerrMisplacedSigPolicyStore | 0x10000 | Signature policy store attribute is misplaced |
This property is read-only and not available at design time.
Data Type
Integer
SignatureContentType Property (SecureBlackbox_CAdESVerifier Class)
The signature content type.
Object Oriented Interface
public function getSignatureContentType();
Procedural Interface
secureblackbox_cadesverifier_get($res, 174 );
Default Value
''
Remarks
The signature content type.
Use this property to check the content type attribute of the message record in it by the signer.
This property is read-only and not available at design time.
Data Type
String
SignatureCountersigned Property (SecureBlackbox_CAdESVerifier Class)
Indicates if the signature is countersigned.
Object Oriented Interface
public function getSignatureCountersigned();
Procedural Interface
secureblackbox_cadesverifier_get($res, 175 );
Default Value
false
Remarks
Indicates if the signature is countersigned.
Use this property to find out whether the signed message contains any countersignatures over the main signature(s).
You can track countersignatures during the validating by subscribing to SignatureValidated event.
This property is read-only and not available at design time.
Data Type
Boolean
SignatureHandle Property (SecureBlackbox_CAdESVerifier Class)
Allows to get or set a 'handle', a unique identifier of the underlying property object.
Object Oriented Interface
public function getSignatureHandle();
Procedural Interface
secureblackbox_cadesverifier_get($res, 176 );
Default Value
0
Remarks
Allows to get or set a 'handle', a unique identifier of the underlying property object. Use this property to assign objects of the same type in a quicker manner, without copying them fieldwise.
When you pass a handle of one object to another, the source object is copied to the destination rather than assigned. It is safe to get rid of the original object
after such operation.
pdfSigner.setSigningCertHandle(certMgr.getCertHandle());
This property is read-only and not available at design time.
Data Type
Long64
SignatureHashAlgorithm Property (SecureBlackbox_CAdESVerifier Class)
Set or returns the hash algorithm used to generate the signature.
Object Oriented Interface
public function getSignatureHashAlgorithm();
Procedural Interface
secureblackbox_cadesverifier_get($res, 177 );
Default Value
''
Remarks
Set or returns the hash algorithm used to generate the signature.
Check this property after verifying the signature to get the hash algorithm which was used to calculate it. When creating a signed file, use this property to specify the hash algorithm to use.
| SB_HASH_ALGORITHM_SHA1 | SHA1 | |
| SB_HASH_ALGORITHM_SHA224 | SHA224 | |
| SB_HASH_ALGORITHM_SHA256 | SHA256 | |
| SB_HASH_ALGORITHM_SHA384 | SHA384 | |
| SB_HASH_ALGORITHM_SHA512 | SHA512 | |
| SB_HASH_ALGORITHM_MD2 | MD2 | |
| SB_HASH_ALGORITHM_MD4 | MD4 | |
| SB_HASH_ALGORITHM_MD5 | MD5 | |
| SB_HASH_ALGORITHM_RIPEMD160 | RIPEMD160 | |
| SB_HASH_ALGORITHM_CRC32 | CRC32 | |
| SB_HASH_ALGORITHM_SSL3 | SSL3 | |
| SB_HASH_ALGORITHM_GOST_R3411_1994 | GOST1994 | |
| SB_HASH_ALGORITHM_WHIRLPOOL | WHIRLPOOL | |
| SB_HASH_ALGORITHM_POLY1305 | POLY1305 | |
| SB_HASH_ALGORITHM_SHA3_224 | SHA3_224 | |
| SB_HASH_ALGORITHM_SHA3_256 | SHA3_256 | |
| SB_HASH_ALGORITHM_SHA3_384 | SHA3_384 | |
| SB_HASH_ALGORITHM_SHA3_512 | SHA3_512 | |
| SB_HASH_ALGORITHM_BLAKE2S_128 | BLAKE2S_128 | |
| SB_HASH_ALGORITHM_BLAKE2S_160 | BLAKE2S_160 | |
| SB_HASH_ALGORITHM_BLAKE2S_224 | BLAKE2S_224 | |
| SB_HASH_ALGORITHM_BLAKE2S_256 | BLAKE2S_256 | |
| SB_HASH_ALGORITHM_BLAKE2B_160 | BLAKE2B_160 | |
| SB_HASH_ALGORITHM_BLAKE2B_256 | BLAKE2B_256 | |
| SB_HASH_ALGORITHM_BLAKE2B_384 | BLAKE2B_384 | |
| SB_HASH_ALGORITHM_BLAKE2B_512 | BLAKE2B_512 | |
| SB_HASH_ALGORITHM_SHAKE_128 | SHAKE_128 | |
| SB_HASH_ALGORITHM_SHAKE_256 | SHAKE_256 | |
| SB_HASH_ALGORITHM_SHAKE_128_LEN | SHAKE_128_LEN | |
| SB_HASH_ALGORITHM_SHAKE_256_LEN | SHAKE_256_LEN |
This property is read-only and not available at design time.
Data Type
String
SignatureIssuerRDN Property (SecureBlackbox_CAdESVerifier Class)
The Relative Distinguished Name of the signing certificate's issuer.
Object Oriented Interface
public function getSignatureIssuerRDN();
Procedural Interface
secureblackbox_cadesverifier_get($res, 178 );
Default Value
''
Remarks
The Relative Distinguished Name of the signing certificate's issuer.
A collection of information, in the form of [OID, Value] pairs, about the company that issued the signing certificate.
This property is read-only and not available at design time.
Data Type
String
SignatureLastArchivalTime Property (SecureBlackbox_CAdESVerifier Class)
Indicates the most recent archival time of an archived signature This property returns the time of the most recent archival timestamp applied to the signature.
Object Oriented Interface
public function getSignatureLastArchivalTime();
Procedural Interface
secureblackbox_cadesverifier_get($res, 179 );
Default Value
''
Remarks
Indicates the most recent archival time of an archived signature
This property returns the time of the most recent archival timestamp applied to the signature. This property only makes sense for 'archived' (CAdES-A) signatures.
This property is read-only and not available at design time.
Data Type
String
SignatureLevel Property (SecureBlackbox_CAdESVerifier Class)
Returns the CAdES signature level.
Object Oriented Interface
public function getSignatureLevel();
Procedural Interface
secureblackbox_cadesverifier_get($res, 180 );
Default Value
0
Remarks
Returns the CAdES signature level.
CMS Advanced Electronic Signatures (CAdES) standard defines a number of different 'levels' of signatures which can be used for different purposes. The supported values are:
| cslUnknown | 0 | Unknown signature level |
| cslBES | 1 | BES (Basic Electronic Signature) |
| cslEPES | 2 | EPES (Electronic Signature with an Explicit Policy) |
| cslT | 3 | T (Timestamped) |
| cslC | 4 | C (T with revocation references) |
| cslXType1 | 5 | X Type 1 (C with an ES-C timestamp) |
| cslXType2 | 6 | X Type 2 (C with a CertsAndCRLs timestamp) |
| cslXLType1 | 7 | XL Type 1 (C with revocation values and an ES-C timestamp) |
| cslXLType2 | 8 | XL Type 2 (C with revocation values and a CertsAndCRLs timestamp) |
| cslBaselineB | 9 | Baseline B (B-B, basic) |
| cslBaselineT | 10 | Baseline T (B-T, timestamped) |
| cslBaselineLT | 11 | Baseline LT (B-LT, long-term) |
| cslBaselineLTA | 12 | Baseline LTA (B-LTA, long-term with archived timestamp) |
| cslExtendedBES | 13 | Extended BES |
| cslExtendedEPES | 14 | Extended EPES |
| cslExtendedT | 15 | Extended T |
| cslExtendedC | 16 | Extended C |
| cslExtendedXType1 | 17 | Extended X Type 1 |
| cslExtendedXType2 | 18 | Extended X Type 2 |
| cslExtendedXLType1 | 19 | Extended XL Type 1 |
| cslExtendedXLType2 | 20 | Extended XL Type 2 |
| cslExtendedA | 21 | Extended A |
| cslA | 22 | A (archived) |
This property is read-only and not available at design time.
Data Type
Integer
SignatureMessageDigest Property (SecureBlackbox_CAdESVerifier Class)
The binary of the signature's message digest.
Object Oriented Interface
public function getSignatureMessageDigest();
Procedural Interface
secureblackbox_cadesverifier_get($res, 181 );
Default Value
''
Remarks
The binary of the signature's message digest.
Use this property to access the 'main' message digest of the CMS blob (the digest included as a message-digest signed attribute).
This property is read-only and not available at design time.
Data Type
String
SignaturePolicyHash Property (SecureBlackbox_CAdESVerifier Class)
The signature policy hash value.
Object Oriented Interface
public function getSignaturePolicyHash();
Procedural Interface
secureblackbox_cadesverifier_get($res, 182 );
Default Value
''
Remarks
The signature policy hash value.
Use this property to get the signature policy hash from EPES signatures
This property is read-only and not available at design time.
Data Type
String
SignaturePolicyHashAlgorithm Property (SecureBlackbox_CAdESVerifier Class)
The algorithm that was used to calculate the signature policy hash Use this property to get or set the hash algorithm used to calculate the signature policy hash.
Object Oriented Interface
public function getSignaturePolicyHashAlgorithm();
Procedural Interface
secureblackbox_cadesverifier_get($res, 183 );
Default Value
''
Remarks
The algorithm that was used to calculate the signature policy hash
Use this property to get or set the hash algorithm used to calculate the signature policy hash. Read the actual hash value from SignaturePolicyHash.
| SB_HASH_ALGORITHM_SHA1 | SHA1 | |
| SB_HASH_ALGORITHM_SHA224 | SHA224 | |
| SB_HASH_ALGORITHM_SHA256 | SHA256 | |
| SB_HASH_ALGORITHM_SHA384 | SHA384 | |
| SB_HASH_ALGORITHM_SHA512 | SHA512 | |
| SB_HASH_ALGORITHM_MD2 | MD2 | |
| SB_HASH_ALGORITHM_MD4 | MD4 | |
| SB_HASH_ALGORITHM_MD5 | MD5 | |
| SB_HASH_ALGORITHM_RIPEMD160 | RIPEMD160 | |
| SB_HASH_ALGORITHM_CRC32 | CRC32 | |
| SB_HASH_ALGORITHM_SSL3 | SSL3 | |
| SB_HASH_ALGORITHM_GOST_R3411_1994 | GOST1994 | |
| SB_HASH_ALGORITHM_WHIRLPOOL | WHIRLPOOL | |
| SB_HASH_ALGORITHM_POLY1305 | POLY1305 | |
| SB_HASH_ALGORITHM_SHA3_224 | SHA3_224 | |
| SB_HASH_ALGORITHM_SHA3_256 | SHA3_256 | |
| SB_HASH_ALGORITHM_SHA3_384 | SHA3_384 | |
| SB_HASH_ALGORITHM_SHA3_512 | SHA3_512 | |
| SB_HASH_ALGORITHM_BLAKE2S_128 | BLAKE2S_128 | |
| SB_HASH_ALGORITHM_BLAKE2S_160 | BLAKE2S_160 | |
| SB_HASH_ALGORITHM_BLAKE2S_224 | BLAKE2S_224 | |
| SB_HASH_ALGORITHM_BLAKE2S_256 | BLAKE2S_256 | |
| SB_HASH_ALGORITHM_BLAKE2B_160 | BLAKE2B_160 | |
| SB_HASH_ALGORITHM_BLAKE2B_256 | BLAKE2B_256 | |
| SB_HASH_ALGORITHM_BLAKE2B_384 | BLAKE2B_384 | |
| SB_HASH_ALGORITHM_BLAKE2B_512 | BLAKE2B_512 | |
| SB_HASH_ALGORITHM_SHAKE_128 | SHAKE_128 | |
| SB_HASH_ALGORITHM_SHAKE_256 | SHAKE_256 | |
| SB_HASH_ALGORITHM_SHAKE_128_LEN | SHAKE_128_LEN | |
| SB_HASH_ALGORITHM_SHAKE_256_LEN | SHAKE_256_LEN |
This property is read-only and not available at design time.
Data Type
String
SignaturePolicyID Property (SecureBlackbox_CAdESVerifier Class)
The policy ID that was included or to be included into the signature.
Object Oriented Interface
public function getSignaturePolicyID();
Procedural Interface
secureblackbox_cadesverifier_get($res, 184 );
Default Value
''
Remarks
The policy ID that was included or to be included into the signature.
Use this property to retrieve the signature policy identifier from EPES signatures.
This property is read-only and not available at design time.
Data Type
String
SignaturePolicyURI Property (SecureBlackbox_CAdESVerifier Class)
The signature policy URI that was included in the signature.
Object Oriented Interface
public function getSignaturePolicyURI();
Procedural Interface
secureblackbox_cadesverifier_get($res, 185 );
Default Value
''
Remarks
The signature policy URI that was included in the signature.
Use this property to set or retrieve the URI of the signature policy from EPES signatures.
This property is read-only and not available at design time.
Data Type
String
SignaturePublicKeyAlgorithm Property (SecureBlackbox_CAdESVerifier Class)
Returns the public key algorithm that was used to create the signature.
Object Oriented Interface
public function getSignaturePublicKeyAlgorithm();
Procedural Interface
secureblackbox_cadesverifier_get($res, 186 );
Default Value
''
Remarks
Returns the public key algorithm that was used to create the signature.
This property specifies the public key algorithm that was used to create the signature. This typically matches the algorithm of the signing certificate.
| SB_CERT_ALGORITHM_ID_RSA_ENCRYPTION | rsaEncryption | |
| SB_CERT_ALGORITHM_MD2_RSA_ENCRYPTION | md2withRSAEncryption | |
| SB_CERT_ALGORITHM_MD5_RSA_ENCRYPTION | md5withRSAEncryption | |
| SB_CERT_ALGORITHM_SHA1_RSA_ENCRYPTION | sha1withRSAEncryption | |
| SB_CERT_ALGORITHM_ID_DSA | id-dsa | |
| SB_CERT_ALGORITHM_ID_DSA_SHA1 | id-dsa-with-sha1 | |
| SB_CERT_ALGORITHM_DH_PUBLIC | dhpublicnumber | |
| SB_CERT_ALGORITHM_SHA224_RSA_ENCRYPTION | sha224WithRSAEncryption | |
| SB_CERT_ALGORITHM_SHA256_RSA_ENCRYPTION | sha256WithRSAEncryption | |
| SB_CERT_ALGORITHM_SHA384_RSA_ENCRYPTION | sha384WithRSAEncryption | |
| SB_CERT_ALGORITHM_SHA512_RSA_ENCRYPTION | sha512WithRSAEncryption | |
| SB_CERT_ALGORITHM_ID_RSAPSS | id-RSASSA-PSS | |
| SB_CERT_ALGORITHM_ID_RSAOAEP | id-RSAES-OAEP | |
| SB_CERT_ALGORITHM_RSASIGNATURE_RIPEMD160 | ripemd160withRSA | |
| SB_CERT_ALGORITHM_ID_ELGAMAL | elGamal | |
| SB_CERT_ALGORITHM_SHA1_ECDSA | ecdsa-with-SHA1 | |
| SB_CERT_ALGORITHM_RECOMMENDED_ECDSA | ecdsa-recommended | |
| SB_CERT_ALGORITHM_SHA224_ECDSA | ecdsa-with-SHA224 | |
| SB_CERT_ALGORITHM_SHA256_ECDSA | ecdsa-with-SHA256 | |
| SB_CERT_ALGORITHM_SHA384_ECDSA | ecdsa-with-SHA384 | |
| SB_CERT_ALGORITHM_SHA512_ECDSA | ecdsa-with-SHA512 | |
| SB_CERT_ALGORITHM_EC | id-ecPublicKey | |
| SB_CERT_ALGORITHM_SPECIFIED_ECDSA | ecdsa-specified | |
| SB_CERT_ALGORITHM_GOST_R3410_1994 | id-GostR3410-94 | |
| SB_CERT_ALGORITHM_GOST_R3410_2001 | id-GostR3410-2001 | |
| SB_CERT_ALGORITHM_GOST_R3411_WITH_R3410_1994 | id-GostR3411-94-with-GostR3410-94 | |
| SB_CERT_ALGORITHM_GOST_R3411_WITH_R3410_2001 | id-GostR3411-94-with-GostR3410-2001 | |
| SB_CERT_ALGORITHM_SHA1_ECDSA_PLAIN | ecdsa-plain-SHA1 | |
| SB_CERT_ALGORITHM_SHA224_ECDSA_PLAIN | ecdsa-plain-SHA224 | |
| SB_CERT_ALGORITHM_SHA256_ECDSA_PLAIN | ecdsa-plain-SHA256 | |
| SB_CERT_ALGORITHM_SHA384_ECDSA_PLAIN | ecdsa-plain-SHA384 | |
| SB_CERT_ALGORITHM_SHA512_ECDSA_PLAIN | ecdsa-plain-SHA512 | |
| SB_CERT_ALGORITHM_RIPEMD160_ECDSA_PLAIN | ecdsa-plain-RIPEMD160 | |
| SB_CERT_ALGORITHM_WHIRLPOOL_RSA_ENCRYPTION | whirlpoolWithRSAEncryption | |
| SB_CERT_ALGORITHM_ID_DSA_SHA224 | id-dsa-with-sha224 | |
| SB_CERT_ALGORITHM_ID_DSA_SHA256 | id-dsa-with-sha256 | |
| SB_CERT_ALGORITHM_SHA3_224_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-sha3-224 | |
| SB_CERT_ALGORITHM_SHA3_256_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-sha3-256 | |
| SB_CERT_ALGORITHM_SHA3_384_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-sha3-384 | |
| SB_CERT_ALGORITHM_SHA3_512_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-sha3-512 | |
| SB_CERT_ALGORITHM_SHA3_224_ECDSA | id-ecdsa-with-sha3-224 | |
| SB_CERT_ALGORITHM_SHA3_256_ECDSA | id-ecdsa-with-sha3-256 | |
| SB_CERT_ALGORITHM_SHA3_384_ECDSA | id-ecdsa-with-sha3-384 | |
| SB_CERT_ALGORITHM_SHA3_512_ECDSA | id-ecdsa-with-sha3-512 | |
| SB_CERT_ALGORITHM_SHA3_224_ECDSA_PLAIN | id-ecdsa-plain-with-sha3-224 | |
| SB_CERT_ALGORITHM_SHA3_256_ECDSA_PLAIN | id-ecdsa-plain-with-sha3-256 | |
| SB_CERT_ALGORITHM_SHA3_384_ECDSA_PLAIN | id-ecdsa-plain-with-sha3-384 | |
| SB_CERT_ALGORITHM_SHA3_512_ECDSA_PLAIN | id-ecdsa-plain-with-sha3-512 | |
| SB_CERT_ALGORITHM_ID_DSA_SHA3_224 | id-dsa-with-sha3-224 | |
| SB_CERT_ALGORITHM_ID_DSA_SHA3_256 | id-dsa-with-sha3-256 | |
| SB_CERT_ALGORITHM_BLAKE2S_128_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2s128 | |
| SB_CERT_ALGORITHM_BLAKE2S_160_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2s160 | |
| SB_CERT_ALGORITHM_BLAKE2S_224_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2s224 | |
| SB_CERT_ALGORITHM_BLAKE2S_256_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2s256 | |
| SB_CERT_ALGORITHM_BLAKE2B_160_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2b160 | |
| SB_CERT_ALGORITHM_BLAKE2B_256_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2b256 | |
| SB_CERT_ALGORITHM_BLAKE2B_384_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2b384 | |
| SB_CERT_ALGORITHM_BLAKE2B_512_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2b512 | |
| SB_CERT_ALGORITHM_BLAKE2S_128_ECDSA | id-ecdsa-with-blake2s128 | |
| SB_CERT_ALGORITHM_BLAKE2S_160_ECDSA | id-ecdsa-with-blake2s160 | |
| SB_CERT_ALGORITHM_BLAKE2S_224_ECDSA | id-ecdsa-with-blake2s224 | |
| SB_CERT_ALGORITHM_BLAKE2S_256_ECDSA | id-ecdsa-with-blake2s256 | |
| SB_CERT_ALGORITHM_BLAKE2B_160_ECDSA | id-ecdsa-with-blake2b160 | |
| SB_CERT_ALGORITHM_BLAKE2B_256_ECDSA | id-ecdsa-with-blake2b256 | |
| SB_CERT_ALGORITHM_BLAKE2B_384_ECDSA | id-ecdsa-with-blake2b384 | |
| SB_CERT_ALGORITHM_BLAKE2B_512_ECDSA | id-ecdsa-with-blake2b512 | |
| SB_CERT_ALGORITHM_BLAKE2S_128_ECDSA_PLAIN | id-ecdsa-plain-with-blake2s128 | |
| SB_CERT_ALGORITHM_BLAKE2S_160_ECDSA_PLAIN | id-ecdsa-plain-with-blake2s160 | |
| SB_CERT_ALGORITHM_BLAKE2S_224_ECDSA_PLAIN | id-ecdsa-plain-with-blake2s224 | |
| SB_CERT_ALGORITHM_BLAKE2S_256_ECDSA_PLAIN | id-ecdsa-plain-with-blake2s256 | |
| SB_CERT_ALGORITHM_BLAKE2B_160_ECDSA_PLAIN | id-ecdsa-plain-with-blake2b160 | |
| SB_CERT_ALGORITHM_BLAKE2B_256_ECDSA_PLAIN | id-ecdsa-plain-with-blake2b256 | |
| SB_CERT_ALGORITHM_BLAKE2B_384_ECDSA_PLAIN | id-ecdsa-plain-with-blake2b384 | |
| SB_CERT_ALGORITHM_BLAKE2B_512_ECDSA_PLAIN | id-ecdsa-plain-with-blake2b512 | |
| SB_CERT_ALGORITHM_ID_DSA_BLAKE2S_224 | id-dsa-with-blake2s224 | |
| SB_CERT_ALGORITHM_ID_DSA_BLAKE2S_256 | id-dsa-with-blake2s256 | |
| SB_CERT_ALGORITHM_EDDSA_ED25519 | id-Ed25519 | |
| SB_CERT_ALGORITHM_EDDSA_ED448 | id-Ed448 | |
| SB_CERT_ALGORITHM_EDDSA_ED25519_PH | id-Ed25519ph | |
| SB_CERT_ALGORITHM_EDDSA_ED448_PH | id-Ed448ph | |
| SB_CERT_ALGORITHM_EDDSA | id-EdDSA | |
| SB_CERT_ALGORITHM_EDDSA_SIGNATURE | id-EdDSA-sig |
This property is read-only and not available at design time.
Data Type
String
SignatureScope Property (SecureBlackbox_CAdESVerifier Class)
Returns the type of the entity that this signature corresponds to.
Object Oriented Interface
public function getSignatureScope();
Procedural Interface
secureblackbox_cadesverifier_get($res, 187 );
Default Value
0
Remarks
Returns the type of the entity that this signature corresponds to.
A CAdES signature may cover several kinds of entities: the signed data itself (a top-level signature - something you create when you sign documents), a timestamp, or a countersignature.
| cssUnknown | 0 | The scope of signature is unknown |
| cssData | 1 | The signature is a top-level signature over the data |
| cssSignature | 2 | The signature is a countersignature, and is made over another signature |
| cssTimestamp | 3 | The signature is made over a timestamp |
This property is read-only and not available at design time.
Data Type
Integer
SignatureSerialNumber Property (SecureBlackbox_CAdESVerifier Class)
The serial number of the timestamp.
Object Oriented Interface
public function getSignatureSerialNumber();
Procedural Interface
secureblackbox_cadesverifier_get($res, 188 );
Remarks
The serial number of the timestamp.
This property is read-only and not available at design time.
Data Type
Byte Array
SignatureSignatureBytes Property (SecureBlackbox_CAdESVerifier Class)
Returns the binary representation of the ASiC signature.
Object Oriented Interface
public function getSignatureSignatureBytes();
Procedural Interface
secureblackbox_cadesverifier_get($res, 189 );
Remarks
Returns the binary representation of the ASiC signature.
This property is read-only and not available at design time.
Data Type
Byte Array
SignatureSignatureValidationResult Property (SecureBlackbox_CAdESVerifier Class)
The outcome of the cryptographic signature validation.
Object Oriented Interface
public function getSignatureSignatureValidationResult();
Procedural Interface
secureblackbox_cadesverifier_get($res, 190 );
Default Value
0
Remarks
The outcome of the cryptographic signature validation.
The following signature validity values are supported:
| svtValid | 0 | The signature is valid |
| svtUnknown | 1 | Signature validity is unknown |
| svtCorrupted | 2 | The signature is corrupted |
| svtSignerNotFound | 3 | Failed to acquire the signing certificate. The signature cannot be validated. |
| svtFailure | 4 | General failure |
This property is read-only and not available at design time.
Data Type
Integer
SignatureSubjectKeyID Property (SecureBlackbox_CAdESVerifier Class)
Contains the subject key identifier of the signing certificate.
Object Oriented Interface
public function getSignatureSubjectKeyID();
Procedural Interface
secureblackbox_cadesverifier_get($res, 191 );
Remarks
Contains the subject key identifier of the signing certificate.
Subject Key Identifier is a (non-critical) X.509 certificate extension which allows the identification of certificates containing a particular public key. In SecureBlackbox, the unique identifier is represented by a SHA-1 hash of the bit string of the subject public key.
This property is read-only and not available at design time.
Data Type
Byte Array
SignatureSubjectRDN Property (SecureBlackbox_CAdESVerifier Class)
Contains the RDN of the owner of the signing certificate.
Object Oriented Interface
public function getSignatureSubjectRDN();
Procedural Interface
secureblackbox_cadesverifier_get($res, 192 );
Default Value
''
Remarks
Contains the RDN of the owner of the signing certificate.
RDN is a number of OID=Value pairs declared in the certificate and providing the owner's details.
This property is read-only and not available at design time.
Data Type
String
SignatureTimestamped Property (SecureBlackbox_CAdESVerifier Class)
Use this property to establish whether the signature contains an embedded timestamp.
Object Oriented Interface
public function getSignatureTimestamped();
Procedural Interface
secureblackbox_cadesverifier_get($res, 193 );
Default Value
false
Remarks
Use this property to establish whether the signature contains an embedded timestamp.
This property is read-only and not available at design time.
Data Type
Boolean
SignatureValidatedSigningTime Property (SecureBlackbox_CAdESVerifier Class)
Contains the certified signing time.
Object Oriented Interface
public function getSignatureValidatedSigningTime();
Procedural Interface
secureblackbox_cadesverifier_get($res, 194 );
Default Value
''
Remarks
Contains the certified signing time.
Use this property to obtain the signing time as certified by a timestamp from a trusted timestamping authority. This property is only non-empty if there was a valid timestamp included in the signature.
SignatureClaimedSigningTime returns a non-trusted signing time from the signer's computer.
Both times are in UTC.
This property is read-only and not available at design time.
Data Type
String
SignatureValidationLog Property (SecureBlackbox_CAdESVerifier Class)
Contains the signing certificate's chain validation log.
Object Oriented Interface
public function getSignatureValidationLog();
Procedural Interface
secureblackbox_cadesverifier_get($res, 195 );
Default Value
''
Remarks
Contains the signing certificate's chain validation log. This information may be very useful in investigating chain validation failures.
This property is read-only and not available at design time.
Data Type
String
SignedAttributeCount Property (SecureBlackbox_CAdESVerifier Class)
The number of records in the SignedAttribute arrays.
Object Oriented Interface
public function getSignedAttributeCount();
Procedural Interface
secureblackbox_cadesverifier_get($res, 196 );
Default Value
0
Remarks
This property controls the size of the following arrays:
The array indices start at 0 and end at SignedAttributeCount - 1.This property is read-only and not available at design time.
Data Type
Integer
SignedAttributeOID Property (SecureBlackbox_CAdESVerifier Class)
The object identifier of the attribute.
Object Oriented Interface
public function getSignedAttributeOID($signedattributeindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 197 , $signedattributeindex);
Default Value
''
Remarks
The object identifier of the attribute.
The $signedattributeindex parameter specifies the index of the item in the array. The size of the array is controlled by the SignedAttributeCount property.
This property is read-only and not available at design time.
Data Type
String
SignedAttributeValue Property (SecureBlackbox_CAdESVerifier Class)
The value of the attribute.
Object Oriented Interface
public function getSignedAttributeValue($signedattributeindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 198 , $signedattributeindex);
Remarks
The value of the attribute.
The $signedattributeindex parameter specifies the index of the item in the array. The size of the array is controlled by the SignedAttributeCount property.
This property is read-only and not available at design time.
Data Type
Byte Array
SigningCertBytes Property (SecureBlackbox_CAdESVerifier Class)
Returns the raw certificate data in DER format.
Object Oriented Interface
public function getSigningCertBytes();
Procedural Interface
secureblackbox_cadesverifier_get($res, 199 );
Remarks
Returns the raw certificate data in DER format.
This property is read-only and not available at design time.
Data Type
Byte Array
SigningCertCA Property (SecureBlackbox_CAdESVerifier Class)
Indicates whether the certificate has a CA capability (a setting in the BasicConstraints extension).
Object Oriented Interface
public function getSigningCertCA();
Procedural Interface
secureblackbox_cadesverifier_get($res, 200 );
Default Value
false
Remarks
Indicates whether the certificate has a CA capability (a setting in the BasicConstraints extension).
This property is read-only and not available at design time.
Data Type
Boolean
SigningCertCAKeyID Property (SecureBlackbox_CAdESVerifier Class)
A unique identifier (fingerprint) of the CA certificate's private key.
Object Oriented Interface
public function getSigningCertCAKeyID();
Procedural Interface
secureblackbox_cadesverifier_get($res, 201 );
Remarks
A unique identifier (fingerprint) of the CA certificate's private key.
Authority Key Identifier is a (non-critical) X.509 certificate extension which allows the identification of certificates produced by the same issuer, but with different public keys.
This property is read-only and not available at design time.
Data Type
Byte Array
SigningCertCRLDistributionPoints Property (SecureBlackbox_CAdESVerifier Class)
Locations of the CRL (Certificate Revocation List) distribution points used to check this certificate's validity.
Object Oriented Interface
public function getSigningCertCRLDistributionPoints();
Procedural Interface
secureblackbox_cadesverifier_get($res, 202 );
Default Value
''
Remarks
Locations of the CRL (Certificate Revocation List) distribution points used to check this certificate's validity.
This property is read-only and not available at design time.
Data Type
String
SigningCertCurve Property (SecureBlackbox_CAdESVerifier Class)
Specifies the elliptic curve of the EC public key.
Object Oriented Interface
public function getSigningCertCurve();
Procedural Interface
secureblackbox_cadesverifier_get($res, 203 );
Default Value
''
Remarks
Specifies the elliptic curve of the EC public key.
| SB_EC_SECP112R1 | SECP112R1 | |
| SB_EC_SECP112R2 | SECP112R2 | |
| SB_EC_SECP128R1 | SECP128R1 | |
| SB_EC_SECP128R2 | SECP128R2 | |
| SB_EC_SECP160K1 | SECP160K1 | |
| SB_EC_SECP160R1 | SECP160R1 | |
| SB_EC_SECP160R2 | SECP160R2 | |
| SB_EC_SECP192K1 | SECP192K1 | |
| SB_EC_SECP192R1 | SECP192R1 | |
| SB_EC_SECP224K1 | SECP224K1 | |
| SB_EC_SECP224R1 | SECP224R1 | |
| SB_EC_SECP256K1 | SECP256K1 | |
| SB_EC_SECP256R1 | SECP256R1 | |
| SB_EC_SECP384R1 | SECP384R1 | |
| SB_EC_SECP521R1 | SECP521R1 | |
| SB_EC_SECT113R1 | SECT113R1 | |
| SB_EC_SECT113R2 | SECT113R2 | |
| SB_EC_SECT131R1 | SECT131R1 | |
| SB_EC_SECT131R2 | SECT131R2 | |
| SB_EC_SECT163K1 | SECT163K1 | |
| SB_EC_SECT163R1 | SECT163R1 | |
| SB_EC_SECT163R2 | SECT163R2 | |
| SB_EC_SECT193R1 | SECT193R1 | |
| SB_EC_SECT193R2 | SECT193R2 | |
| SB_EC_SECT233K1 | SECT233K1 | |
| SB_EC_SECT233R1 | SECT233R1 | |
| SB_EC_SECT239K1 | SECT239K1 | |
| SB_EC_SECT283K1 | SECT283K1 | |
| SB_EC_SECT283R1 | SECT283R1 | |
| SB_EC_SECT409K1 | SECT409K1 | |
| SB_EC_SECT409R1 | SECT409R1 | |
| SB_EC_SECT571K1 | SECT571K1 | |
| SB_EC_SECT571R1 | SECT571R1 | |
| SB_EC_PRIME192V1 | PRIME192V1 | |
| SB_EC_PRIME192V2 | PRIME192V2 | |
| SB_EC_PRIME192V3 | PRIME192V3 | |
| SB_EC_PRIME239V1 | PRIME239V1 | |
| SB_EC_PRIME239V2 | PRIME239V2 | |
| SB_EC_PRIME239V3 | PRIME239V3 | |
| SB_EC_PRIME256V1 | PRIME256V1 | |
| SB_EC_C2PNB163V1 | C2PNB163V1 | |
| SB_EC_C2PNB163V2 | C2PNB163V2 | |
| SB_EC_C2PNB163V3 | C2PNB163V3 | |
| SB_EC_C2PNB176W1 | C2PNB176W1 | |
| SB_EC_C2TNB191V1 | C2TNB191V1 | |
| SB_EC_C2TNB191V2 | C2TNB191V2 | |
| SB_EC_C2TNB191V3 | C2TNB191V3 | |
| SB_EC_C2ONB191V4 | C2ONB191V4 | |
| SB_EC_C2ONB191V5 | C2ONB191V5 | |
| SB_EC_C2PNB208W1 | C2PNB208W1 | |
| SB_EC_C2TNB239V1 | C2TNB239V1 | |
| SB_EC_C2TNB239V2 | C2TNB239V2 | |
| SB_EC_C2TNB239V3 | C2TNB239V3 | |
| SB_EC_C2ONB239V4 | C2ONB239V4 | |
| SB_EC_C2ONB239V5 | C2ONB239V5 | |
| SB_EC_C2PNB272W1 | C2PNB272W1 | |
| SB_EC_C2PNB304W1 | C2PNB304W1 | |
| SB_EC_C2TNB359V1 | C2TNB359V1 | |
| SB_EC_C2PNB368W1 | C2PNB368W1 | |
| SB_EC_C2TNB431R1 | C2TNB431R1 | |
| SB_EC_NISTP192 | NISTP192 | |
| SB_EC_NISTP224 | NISTP224 | |
| SB_EC_NISTP256 | NISTP256 | |
| SB_EC_NISTP384 | NISTP384 | |
| SB_EC_NISTP521 | NISTP521 | |
| SB_EC_NISTB163 | NISTB163 | |
| SB_EC_NISTB233 | NISTB233 | |
| SB_EC_NISTB283 | NISTB283 | |
| SB_EC_NISTB409 | NISTB409 | |
| SB_EC_NISTB571 | NISTB571 | |
| SB_EC_NISTK163 | NISTK163 | |
| SB_EC_NISTK233 | NISTK233 | |
| SB_EC_NISTK283 | NISTK283 | |
| SB_EC_NISTK409 | NISTK409 | |
| SB_EC_NISTK571 | NISTK571 | |
| SB_EC_GOSTCPTEST | GOSTCPTEST | |
| SB_EC_GOSTCPA | GOSTCPA | |
| SB_EC_GOSTCPB | GOSTCPB | |
| SB_EC_GOSTCPC | GOSTCPC | |
| SB_EC_GOSTCPXCHA | GOSTCPXCHA | |
| SB_EC_GOSTCPXCHB | GOSTCPXCHB | |
| SB_EC_BRAINPOOLP160R1 | BRAINPOOLP160R1 | |
| SB_EC_BRAINPOOLP160T1 | BRAINPOOLP160T1 | |
| SB_EC_BRAINPOOLP192R1 | BRAINPOOLP192R1 | |
| SB_EC_BRAINPOOLP192T1 | BRAINPOOLP192T1 | |
| SB_EC_BRAINPOOLP224R1 | BRAINPOOLP224R1 | |
| SB_EC_BRAINPOOLP224T1 | BRAINPOOLP224T1 | |
| SB_EC_BRAINPOOLP256R1 | BRAINPOOLP256R1 | |
| SB_EC_BRAINPOOLP256T1 | BRAINPOOLP256T1 | |
| SB_EC_BRAINPOOLP320R1 | BRAINPOOLP320R1 | |
| SB_EC_BRAINPOOLP320T1 | BRAINPOOLP320T1 | |
| SB_EC_BRAINPOOLP384R1 | BRAINPOOLP384R1 | |
| SB_EC_BRAINPOOLP384T1 | BRAINPOOLP384T1 | |
| SB_EC_BRAINPOOLP512R1 | BRAINPOOLP512R1 | |
| SB_EC_BRAINPOOLP512T1 | BRAINPOOLP512T1 | |
| SB_EC_CURVE25519 | CURVE25519 | |
| SB_EC_CURVE448 | CURVE448 |
This property is read-only and not available at design time.
Data Type
String
SigningCertFingerprint Property (SecureBlackbox_CAdESVerifier Class)
Contains the fingerprint (a hash imprint) of this certificate.
Object Oriented Interface
public function getSigningCertFingerprint();
Procedural Interface
secureblackbox_cadesverifier_get($res, 204 );
Remarks
Contains the fingerprint (a hash imprint) of this certificate.
This property is read-only and not available at design time.
Data Type
Byte Array
SigningCertFriendlyName Property (SecureBlackbox_CAdESVerifier Class)
Contains an associated alias (friendly name) of the certificate.
Object Oriented Interface
public function getSigningCertFriendlyName();
Procedural Interface
secureblackbox_cadesverifier_get($res, 205 );
Default Value
''
Remarks
Contains an associated alias (friendly name) of the certificate.
This property is read-only and not available at design time.
Data Type
String
SigningCertHandle Property (SecureBlackbox_CAdESVerifier Class)
Allows to get or set a 'handle', a unique identifier of the underlying property object.
Object Oriented Interface
public function getSigningCertHandle();
Procedural Interface
secureblackbox_cadesverifier_get($res, 206 );
Default Value
0
Remarks
Allows to get or set a 'handle', a unique identifier of the underlying property object. Use this property to assign objects of the same type in a quicker manner, without copying them fieldwise.
When you pass a handle of one object to another, the source object is copied to the destination rather than assigned. It is safe to get rid of the original object
after such operation.
pdfSigner.setSigningCertHandle(certMgr.getCertHandle());
This property is read-only and not available at design time.
Data Type
Long64
SigningCertHashAlgorithm Property (SecureBlackbox_CAdESVerifier Class)
Specifies the hash algorithm to be used in the operations on the certificate (such as key signing) SB_HASH_ALGORITHM_SHA1 SHA1 SB_HASH_ALGORITHM_SHA224 SHA224 SB_HASH_ALGORITHM_SHA256 SHA256 SB_HASH_ALGORITHM_SHA384 SHA384 SB_HASH_ALGORITHM_SHA512 SHA512 SB_HASH_ALGORITHM_MD2 MD2 SB_HASH_ALGORITHM_MD4 MD4 SB_HASH_ALGORITHM_MD5 MD5 SB_HASH_ALGORITHM_RIPEMD160 RIPEMD160 SB_HASH_ALGORITHM_CRC32 CRC32 SB_HASH_ALGORITHM_SSL3 SSL3 SB_HASH_ALGORITHM_GOST_R3411_1994 GOST1994 SB_HASH_ALGORITHM_WHIRLPOOL WHIRLPOOL SB_HASH_ALGORITHM_POLY1305 POLY1305 SB_HASH_ALGORITHM_SHA3_224 SHA3_224 SB_HASH_ALGORITHM_SHA3_256 SHA3_256 SB_HASH_ALGORITHM_SHA3_384 SHA3_384 SB_HASH_ALGORITHM_SHA3_512 SHA3_512 SB_HASH_ALGORITHM_BLAKE2S_128 BLAKE2S_128 SB_HASH_ALGORITHM_BLAKE2S_160 BLAKE2S_160 SB_HASH_ALGORITHM_BLAKE2S_224 BLAKE2S_224 SB_HASH_ALGORITHM_BLAKE2S_256 BLAKE2S_256 SB_HASH_ALGORITHM_BLAKE2B_160 BLAKE2B_160 SB_HASH_ALGORITHM_BLAKE2B_256 BLAKE2B_256 SB_HASH_ALGORITHM_BLAKE2B_384 BLAKE2B_384 SB_HASH_ALGORITHM_BLAKE2B_512 BLAKE2B_512 SB_HASH_ALGORITHM_SHAKE_128 SHAKE_128 SB_HASH_ALGORITHM_SHAKE_256 SHAKE_256 SB_HASH_ALGORITHM_SHAKE_128_LEN SHAKE_128_LEN SB_HASH_ALGORITHM_SHAKE_256_LEN SHAKE_256_LEN .
Object Oriented Interface
public function getSigningCertHashAlgorithm();
Procedural Interface
secureblackbox_cadesverifier_get($res, 207 );
Default Value
''
Remarks
Specifies the hash algorithm to be used in the operations on the certificate (such as key signing)
| SB_HASH_ALGORITHM_SHA1 | SHA1 | |
| SB_HASH_ALGORITHM_SHA224 | SHA224 | |
| SB_HASH_ALGORITHM_SHA256 | SHA256 | |
| SB_HASH_ALGORITHM_SHA384 | SHA384 | |
| SB_HASH_ALGORITHM_SHA512 | SHA512 | |
| SB_HASH_ALGORITHM_MD2 | MD2 | |
| SB_HASH_ALGORITHM_MD4 | MD4 | |
| SB_HASH_ALGORITHM_MD5 | MD5 | |
| SB_HASH_ALGORITHM_RIPEMD160 | RIPEMD160 | |
| SB_HASH_ALGORITHM_CRC32 | CRC32 | |
| SB_HASH_ALGORITHM_SSL3 | SSL3 | |
| SB_HASH_ALGORITHM_GOST_R3411_1994 | GOST1994 | |
| SB_HASH_ALGORITHM_WHIRLPOOL | WHIRLPOOL | |
| SB_HASH_ALGORITHM_POLY1305 | POLY1305 | |
| SB_HASH_ALGORITHM_SHA3_224 | SHA3_224 | |
| SB_HASH_ALGORITHM_SHA3_256 | SHA3_256 | |
| SB_HASH_ALGORITHM_SHA3_384 | SHA3_384 | |
| SB_HASH_ALGORITHM_SHA3_512 | SHA3_512 | |
| SB_HASH_ALGORITHM_BLAKE2S_128 | BLAKE2S_128 | |
| SB_HASH_ALGORITHM_BLAKE2S_160 | BLAKE2S_160 | |
| SB_HASH_ALGORITHM_BLAKE2S_224 | BLAKE2S_224 | |
| SB_HASH_ALGORITHM_BLAKE2S_256 | BLAKE2S_256 | |
| SB_HASH_ALGORITHM_BLAKE2B_160 | BLAKE2B_160 | |
| SB_HASH_ALGORITHM_BLAKE2B_256 | BLAKE2B_256 | |
| SB_HASH_ALGORITHM_BLAKE2B_384 | BLAKE2B_384 | |
| SB_HASH_ALGORITHM_BLAKE2B_512 | BLAKE2B_512 | |
| SB_HASH_ALGORITHM_SHAKE_128 | SHAKE_128 | |
| SB_HASH_ALGORITHM_SHAKE_256 | SHAKE_256 | |
| SB_HASH_ALGORITHM_SHAKE_128_LEN | SHAKE_128_LEN | |
| SB_HASH_ALGORITHM_SHAKE_256_LEN | SHAKE_256_LEN |
This property is read-only and not available at design time.
Data Type
String
SigningCertIssuer Property (SecureBlackbox_CAdESVerifier Class)
The common name of the certificate issuer (CA), typically a company name.
Object Oriented Interface
public function getSigningCertIssuer();
Procedural Interface
secureblackbox_cadesverifier_get($res, 208 );
Default Value
''
Remarks
The common name of the certificate issuer (CA), typically a company name.
This property is read-only and not available at design time.
Data Type
String
SigningCertIssuerRDN Property (SecureBlackbox_CAdESVerifier Class)
A collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate issuer.
Object Oriented Interface
public function getSigningCertIssuerRDN();
Procedural Interface
secureblackbox_cadesverifier_get($res, 209 );
Default Value
''
Remarks
A collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate issuer.
This property is read-only and not available at design time.
Data Type
String
SigningCertKeyAlgorithm Property (SecureBlackbox_CAdESVerifier Class)
Specifies the public key algorithm of this certificate.
Object Oriented Interface
public function getSigningCertKeyAlgorithm();
Procedural Interface
secureblackbox_cadesverifier_get($res, 210 );
Default Value
'0'
Remarks
Specifies the public key algorithm of this certificate.
| SB_CERT_ALGORITHM_ID_RSA_ENCRYPTION | rsaEncryption | |
| SB_CERT_ALGORITHM_MD2_RSA_ENCRYPTION | md2withRSAEncryption | |
| SB_CERT_ALGORITHM_MD5_RSA_ENCRYPTION | md5withRSAEncryption | |
| SB_CERT_ALGORITHM_SHA1_RSA_ENCRYPTION | sha1withRSAEncryption | |
| SB_CERT_ALGORITHM_ID_DSA | id-dsa | |
| SB_CERT_ALGORITHM_ID_DSA_SHA1 | id-dsa-with-sha1 | |
| SB_CERT_ALGORITHM_DH_PUBLIC | dhpublicnumber | |
| SB_CERT_ALGORITHM_SHA224_RSA_ENCRYPTION | sha224WithRSAEncryption | |
| SB_CERT_ALGORITHM_SHA256_RSA_ENCRYPTION | sha256WithRSAEncryption | |
| SB_CERT_ALGORITHM_SHA384_RSA_ENCRYPTION | sha384WithRSAEncryption | |
| SB_CERT_ALGORITHM_SHA512_RSA_ENCRYPTION | sha512WithRSAEncryption | |
| SB_CERT_ALGORITHM_ID_RSAPSS | id-RSASSA-PSS | |
| SB_CERT_ALGORITHM_ID_RSAOAEP | id-RSAES-OAEP | |
| SB_CERT_ALGORITHM_RSASIGNATURE_RIPEMD160 | ripemd160withRSA | |
| SB_CERT_ALGORITHM_ID_ELGAMAL | elGamal | |
| SB_CERT_ALGORITHM_SHA1_ECDSA | ecdsa-with-SHA1 | |
| SB_CERT_ALGORITHM_RECOMMENDED_ECDSA | ecdsa-recommended | |
| SB_CERT_ALGORITHM_SHA224_ECDSA | ecdsa-with-SHA224 | |
| SB_CERT_ALGORITHM_SHA256_ECDSA | ecdsa-with-SHA256 | |
| SB_CERT_ALGORITHM_SHA384_ECDSA | ecdsa-with-SHA384 | |
| SB_CERT_ALGORITHM_SHA512_ECDSA | ecdsa-with-SHA512 | |
| SB_CERT_ALGORITHM_EC | id-ecPublicKey | |
| SB_CERT_ALGORITHM_SPECIFIED_ECDSA | ecdsa-specified | |
| SB_CERT_ALGORITHM_GOST_R3410_1994 | id-GostR3410-94 | |
| SB_CERT_ALGORITHM_GOST_R3410_2001 | id-GostR3410-2001 | |
| SB_CERT_ALGORITHM_GOST_R3411_WITH_R3410_1994 | id-GostR3411-94-with-GostR3410-94 | |
| SB_CERT_ALGORITHM_GOST_R3411_WITH_R3410_2001 | id-GostR3411-94-with-GostR3410-2001 | |
| SB_CERT_ALGORITHM_SHA1_ECDSA_PLAIN | ecdsa-plain-SHA1 | |
| SB_CERT_ALGORITHM_SHA224_ECDSA_PLAIN | ecdsa-plain-SHA224 | |
| SB_CERT_ALGORITHM_SHA256_ECDSA_PLAIN | ecdsa-plain-SHA256 | |
| SB_CERT_ALGORITHM_SHA384_ECDSA_PLAIN | ecdsa-plain-SHA384 | |
| SB_CERT_ALGORITHM_SHA512_ECDSA_PLAIN | ecdsa-plain-SHA512 | |
| SB_CERT_ALGORITHM_RIPEMD160_ECDSA_PLAIN | ecdsa-plain-RIPEMD160 | |
| SB_CERT_ALGORITHM_WHIRLPOOL_RSA_ENCRYPTION | whirlpoolWithRSAEncryption | |
| SB_CERT_ALGORITHM_ID_DSA_SHA224 | id-dsa-with-sha224 | |
| SB_CERT_ALGORITHM_ID_DSA_SHA256 | id-dsa-with-sha256 | |
| SB_CERT_ALGORITHM_SHA3_224_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-sha3-224 | |
| SB_CERT_ALGORITHM_SHA3_256_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-sha3-256 | |
| SB_CERT_ALGORITHM_SHA3_384_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-sha3-384 | |
| SB_CERT_ALGORITHM_SHA3_512_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-sha3-512 | |
| SB_CERT_ALGORITHM_SHA3_224_ECDSA | id-ecdsa-with-sha3-224 | |
| SB_CERT_ALGORITHM_SHA3_256_ECDSA | id-ecdsa-with-sha3-256 | |
| SB_CERT_ALGORITHM_SHA3_384_ECDSA | id-ecdsa-with-sha3-384 | |
| SB_CERT_ALGORITHM_SHA3_512_ECDSA | id-ecdsa-with-sha3-512 | |
| SB_CERT_ALGORITHM_SHA3_224_ECDSA_PLAIN | id-ecdsa-plain-with-sha3-224 | |
| SB_CERT_ALGORITHM_SHA3_256_ECDSA_PLAIN | id-ecdsa-plain-with-sha3-256 | |
| SB_CERT_ALGORITHM_SHA3_384_ECDSA_PLAIN | id-ecdsa-plain-with-sha3-384 | |
| SB_CERT_ALGORITHM_SHA3_512_ECDSA_PLAIN | id-ecdsa-plain-with-sha3-512 | |
| SB_CERT_ALGORITHM_ID_DSA_SHA3_224 | id-dsa-with-sha3-224 | |
| SB_CERT_ALGORITHM_ID_DSA_SHA3_256 | id-dsa-with-sha3-256 | |
| SB_CERT_ALGORITHM_BLAKE2S_128_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2s128 | |
| SB_CERT_ALGORITHM_BLAKE2S_160_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2s160 | |
| SB_CERT_ALGORITHM_BLAKE2S_224_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2s224 | |
| SB_CERT_ALGORITHM_BLAKE2S_256_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2s256 | |
| SB_CERT_ALGORITHM_BLAKE2B_160_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2b160 | |
| SB_CERT_ALGORITHM_BLAKE2B_256_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2b256 | |
| SB_CERT_ALGORITHM_BLAKE2B_384_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2b384 | |
| SB_CERT_ALGORITHM_BLAKE2B_512_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2b512 | |
| SB_CERT_ALGORITHM_BLAKE2S_128_ECDSA | id-ecdsa-with-blake2s128 | |
| SB_CERT_ALGORITHM_BLAKE2S_160_ECDSA | id-ecdsa-with-blake2s160 | |
| SB_CERT_ALGORITHM_BLAKE2S_224_ECDSA | id-ecdsa-with-blake2s224 | |
| SB_CERT_ALGORITHM_BLAKE2S_256_ECDSA | id-ecdsa-with-blake2s256 | |
| SB_CERT_ALGORITHM_BLAKE2B_160_ECDSA | id-ecdsa-with-blake2b160 | |
| SB_CERT_ALGORITHM_BLAKE2B_256_ECDSA | id-ecdsa-with-blake2b256 | |
| SB_CERT_ALGORITHM_BLAKE2B_384_ECDSA | id-ecdsa-with-blake2b384 | |
| SB_CERT_ALGORITHM_BLAKE2B_512_ECDSA | id-ecdsa-with-blake2b512 | |
| SB_CERT_ALGORITHM_BLAKE2S_128_ECDSA_PLAIN | id-ecdsa-plain-with-blake2s128 | |
| SB_CERT_ALGORITHM_BLAKE2S_160_ECDSA_PLAIN | id-ecdsa-plain-with-blake2s160 | |
| SB_CERT_ALGORITHM_BLAKE2S_224_ECDSA_PLAIN | id-ecdsa-plain-with-blake2s224 | |
| SB_CERT_ALGORITHM_BLAKE2S_256_ECDSA_PLAIN | id-ecdsa-plain-with-blake2s256 | |
| SB_CERT_ALGORITHM_BLAKE2B_160_ECDSA_PLAIN | id-ecdsa-plain-with-blake2b160 | |
| SB_CERT_ALGORITHM_BLAKE2B_256_ECDSA_PLAIN | id-ecdsa-plain-with-blake2b256 | |
| SB_CERT_ALGORITHM_BLAKE2B_384_ECDSA_PLAIN | id-ecdsa-plain-with-blake2b384 | |
| SB_CERT_ALGORITHM_BLAKE2B_512_ECDSA_PLAIN | id-ecdsa-plain-with-blake2b512 | |
| SB_CERT_ALGORITHM_ID_DSA_BLAKE2S_224 | id-dsa-with-blake2s224 | |
| SB_CERT_ALGORITHM_ID_DSA_BLAKE2S_256 | id-dsa-with-blake2s256 | |
| SB_CERT_ALGORITHM_EDDSA_ED25519 | id-Ed25519 | |
| SB_CERT_ALGORITHM_EDDSA_ED448 | id-Ed448 | |
| SB_CERT_ALGORITHM_EDDSA_ED25519_PH | id-Ed25519ph | |
| SB_CERT_ALGORITHM_EDDSA_ED448_PH | id-Ed448ph | |
| SB_CERT_ALGORITHM_EDDSA | id-EdDSA | |
| SB_CERT_ALGORITHM_EDDSA_SIGNATURE | id-EdDSA-sig |
This property is read-only and not available at design time.
Data Type
String
SigningCertKeyBits Property (SecureBlackbox_CAdESVerifier Class)
Returns the length of the public key.
Object Oriented Interface
public function getSigningCertKeyBits();
Procedural Interface
secureblackbox_cadesverifier_get($res, 211 );
Default Value
0
Remarks
Returns the length of the public key.
This property is read-only and not available at design time.
Data Type
Integer
SigningCertKeyFingerprint Property (SecureBlackbox_CAdESVerifier Class)
Returns a fingerprint of the public key contained in the certificate.
Object Oriented Interface
public function getSigningCertKeyFingerprint();
Procedural Interface
secureblackbox_cadesverifier_get($res, 212 );
Remarks
Returns a fingerprint of the public key contained in the certificate.
This property is read-only and not available at design time.
Data Type
Byte Array
SigningCertKeyUsage Property (SecureBlackbox_CAdESVerifier Class)
Indicates the purposes of the key contained in the certificate, in the form of an OR'ed flag set.
Object Oriented Interface
public function getSigningCertKeyUsage();
Procedural Interface
secureblackbox_cadesverifier_get($res, 213 );
Default Value
0
Remarks
Indicates the purposes of the key contained in the certificate, in the form of an OR'ed flag set.
This value is a bit mask of the following values:
| ckuUnknown | 0x00000 | Unknown key usage |
| ckuDigitalSignature | 0x00001 | Digital signature |
| ckuNonRepudiation | 0x00002 | Non-repudiation |
| ckuKeyEncipherment | 0x00004 | Key encipherment |
| ckuDataEncipherment | 0x00008 | Data encipherment |
| ckuKeyAgreement | 0x00010 | Key agreement |
| ckuKeyCertSign | 0x00020 | Certificate signing |
| ckuCRLSign | 0x00040 | Revocation signing |
| ckuEncipherOnly | 0x00080 | Encipher only |
| ckuDecipherOnly | 0x00100 | Decipher only |
| ckuServerAuthentication | 0x00200 | Server authentication |
| ckuClientAuthentication | 0x00400 | Client authentication |
| ckuCodeSigning | 0x00800 | Code signing |
| ckuEmailProtection | 0x01000 | Email protection |
| ckuTimeStamping | 0x02000 | Timestamping |
| ckuOCSPSigning | 0x04000 | OCSP signing |
| ckuSmartCardLogon | 0x08000 | Smartcard logon |
| ckuKeyPurposeClientAuth | 0x10000 | Kerberos - client authentication |
| ckuKeyPurposeKDC | 0x20000 | Kerberos - KDC |
This property is read-only and not available at design time.
Data Type
Integer
SigningCertKeyValid Property (SecureBlackbox_CAdESVerifier Class)
Returns True if the certificate's key is cryptographically valid, and False otherwise.
Object Oriented Interface
public function getSigningCertKeyValid();
Procedural Interface
secureblackbox_cadesverifier_get($res, 214 );
Default Value
false
Remarks
Returns True if the certificate's key is cryptographically valid, and False otherwise.
This property is read-only and not available at design time.
Data Type
Boolean
SigningCertOCSPLocations Property (SecureBlackbox_CAdESVerifier Class)
Locations of OCSP (Online Certificate Status Protocol) services that can be used to check this certificate's validity, as recorded by the CA.
Object Oriented Interface
public function getSigningCertOCSPLocations();
Procedural Interface
secureblackbox_cadesverifier_get($res, 215 );
Default Value
''
Remarks
Locations of OCSP (Online Certificate Status Protocol) services that can be used to check this certificate's validity, as recorded by the CA.
This property is read-only and not available at design time.
Data Type
String
SigningCertOCSPNoCheck Property (SecureBlackbox_CAdESVerifier Class)
Accessor to the value of the certificate's ocsp-no-check extension.
Object Oriented Interface
public function getSigningCertOCSPNoCheck();
Procedural Interface
secureblackbox_cadesverifier_get($res, 216 );
Default Value
false
Remarks
Accessor to the value of the certificate's ocsp-no-check extension.
This property is read-only and not available at design time.
Data Type
Boolean
SigningCertOrigin Property (SecureBlackbox_CAdESVerifier Class)
Returns the origin of this certificate.
Object Oriented Interface
public function getSigningCertOrigin();
Procedural Interface
secureblackbox_cadesverifier_get($res, 217 );
Default Value
0
Remarks
Returns the origin of this certificate.
This property is read-only and not available at design time.
Data Type
Integer
SigningCertPolicyIDs Property (SecureBlackbox_CAdESVerifier Class)
Contains identifiers (OIDs) of the applicable certificate policies.
Object Oriented Interface
public function getSigningCertPolicyIDs();
Procedural Interface
secureblackbox_cadesverifier_get($res, 218 );
Default Value
''
Remarks
Contains identifiers (OIDs) of the applicable certificate policies.
The Certificate Policies extension identifies a sequence of policies under which the certificate has been issued, and which regulate its usage.
This property is read-only and not available at design time.
Data Type
String
SigningCertPrivateKeyBytes Property (SecureBlackbox_CAdESVerifier Class)
Contains the certificate's private key.
Object Oriented Interface
public function getSigningCertPrivateKeyBytes();
Procedural Interface
secureblackbox_cadesverifier_get($res, 219 );
Remarks
Contains the certificate's private key. It is normal for this property to be empty if the private key is non-exportable.
This property is read-only and not available at design time.
Data Type
Byte Array
SigningCertPrivateKeyExists Property (SecureBlackbox_CAdESVerifier Class)
Indicates whether the certificate has an associated private key.
Object Oriented Interface
public function getSigningCertPrivateKeyExists();
Procedural Interface
secureblackbox_cadesverifier_get($res, 220 );
Default Value
false
Remarks
Indicates whether the certificate has an associated private key.
This property is read-only and not available at design time.
Data Type
Boolean
SigningCertPrivateKeyExtractable Property (SecureBlackbox_CAdESVerifier Class)
Indicates whether the private key is extractable.
Object Oriented Interface
public function getSigningCertPrivateKeyExtractable();
Procedural Interface
secureblackbox_cadesverifier_get($res, 221 );
Default Value
false
Remarks
Indicates whether the private key is extractable.
This property is read-only and not available at design time.
Data Type
Boolean
SigningCertPublicKeyBytes Property (SecureBlackbox_CAdESVerifier Class)
Contains the certificate's public key in DER format.
Object Oriented Interface
public function getSigningCertPublicKeyBytes();
Procedural Interface
secureblackbox_cadesverifier_get($res, 222 );
Remarks
Contains the certificate's public key in DER format.
This property is read-only and not available at design time.
Data Type
Byte Array
SigningCertQualifiedStatements Property (SecureBlackbox_CAdESVerifier Class)
Returns the qualified status of the certificate.
Object Oriented Interface
public function getSigningCertQualifiedStatements();
Procedural Interface
secureblackbox_cadesverifier_get($res, 223 );
Default Value
0
Remarks
Returns the qualified status of the certificate.
This property is read-only and not available at design time.
Data Type
Integer
SigningCertSelfSigned Property (SecureBlackbox_CAdESVerifier Class)
Indicates whether the certificate is self-signed (root) or signed by an external CA.
Object Oriented Interface
public function getSigningCertSelfSigned();
Procedural Interface
secureblackbox_cadesverifier_get($res, 224 );
Default Value
false
Remarks
Indicates whether the certificate is self-signed (root) or signed by an external CA.
This property is read-only and not available at design time.
Data Type
Boolean
SigningCertSerialNumber Property (SecureBlackbox_CAdESVerifier Class)
Returns the certificate's serial number.
Object Oriented Interface
public function getSigningCertSerialNumber();
Procedural Interface
secureblackbox_cadesverifier_get($res, 225 );
Remarks
Returns the certificate's serial number.
This property is read-only and not available at design time.
Data Type
Byte Array
SigningCertSigAlgorithm Property (SecureBlackbox_CAdESVerifier Class)
Indicates the algorithm that was used by the CA to sign this certificate.
Object Oriented Interface
public function getSigningCertSigAlgorithm();
Procedural Interface
secureblackbox_cadesverifier_get($res, 226 );
Default Value
''
Remarks
Indicates the algorithm that was used by the CA to sign this certificate.
This property is read-only and not available at design time.
Data Type
String
SigningCertSubject Property (SecureBlackbox_CAdESVerifier Class)
The common name of the certificate holder, typically an individual's name, a URL, an e-mail address, or a company name.
Object Oriented Interface
public function getSigningCertSubject();
Procedural Interface
secureblackbox_cadesverifier_get($res, 227 );
Default Value
''
Remarks
The common name of the certificate holder, typically an individual's name, a URL, an e-mail address, or a company name.
This property is read-only and not available at design time.
Data Type
String
SigningCertSubjectAlternativeName Property (SecureBlackbox_CAdESVerifier Class)
Returns or sets the value of the Subject Alternative Name extension of the certificate.
Object Oriented Interface
public function getSigningCertSubjectAlternativeName();
Procedural Interface
secureblackbox_cadesverifier_get($res, 228 );
Default Value
''
Remarks
Returns or sets the value of the Subject Alternative Name extension of the certificate.
This property is read-only and not available at design time.
Data Type
String
SigningCertSubjectKeyID Property (SecureBlackbox_CAdESVerifier Class)
Contains a unique identifier (fingerprint) of the certificate's private key.
Object Oriented Interface
public function getSigningCertSubjectKeyID();
Procedural Interface
secureblackbox_cadesverifier_get($res, 229 );
Remarks
Contains a unique identifier (fingerprint) of the certificate's private key.
Subject Key Identifier is a (non-critical) X.509 certificate extension which allows the identification of certificates containing a particular public key. In SecureBlackbox, the unique identifier is represented with a SHA1 hash of the bit string of the subject public key.
This property is read-only and not available at design time.
Data Type
Byte Array
SigningCertSubjectRDN Property (SecureBlackbox_CAdESVerifier Class)
A collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate holder (subject).
Object Oriented Interface
public function getSigningCertSubjectRDN();
Procedural Interface
secureblackbox_cadesverifier_get($res, 230 );
Default Value
''
Remarks
A collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate holder (subject).
This property is read-only and not available at design time.
Data Type
String
SigningCertValidFrom Property (SecureBlackbox_CAdESVerifier Class)
The time point at which the certificate becomes valid, in UTC.
Object Oriented Interface
public function getSigningCertValidFrom();
Procedural Interface
secureblackbox_cadesverifier_get($res, 231 );
Default Value
''
Remarks
The time point at which the certificate becomes valid, in UTC.
This property is read-only and not available at design time.
Data Type
String
SigningCertValidTo Property (SecureBlackbox_CAdESVerifier Class)
The time point at which the certificate expires, in UTC.
Object Oriented Interface
public function getSigningCertValidTo();
Procedural Interface
secureblackbox_cadesverifier_get($res, 232 );
Default Value
''
Remarks
The time point at which the certificate expires, in UTC.
This property is read-only and not available at design time.
Data Type
String
SocketDNSMode Property (SecureBlackbox_CAdESVerifier Class)
Selects the DNS resolver to use: the class's (secure) built-in one, or the one provided by the system.
Object Oriented Interface
public function getSocketDNSMode(); public function setSocketDNSMode($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 233 ); secureblackbox_cadesverifier_set($res, 233, $value );
Default Value
0
Remarks
Selects the DNS resolver to use: the component's (secure) built-in one, or the one provided by the system.
| dmAuto | 0 |
| dmPlatform | 1 |
| dmOwn | 2 |
| dmOwnSecure | 3 |
Data Type
Integer
SocketDNSPort Property (SecureBlackbox_CAdESVerifier Class)
Specifies the port number to be used for sending queries to the DNS server.
Object Oriented Interface
public function getSocketDNSPort(); public function setSocketDNSPort($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 234 ); secureblackbox_cadesverifier_set($res, 234, $value );
Default Value
0
Remarks
Specifies the port number to be used for sending queries to the DNS server.
Data Type
Integer
SocketDNSQueryTimeout Property (SecureBlackbox_CAdESVerifier Class)
The timeout (in milliseconds) for each DNS query.
Object Oriented Interface
public function getSocketDNSQueryTimeout(); public function setSocketDNSQueryTimeout($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 235 ); secureblackbox_cadesverifier_set($res, 235, $value );
Default Value
0
Remarks
The timeout (in milliseconds) for each DNS query. The value of 0 indicates an infinite timeout.
Data Type
Integer
SocketDNSServers Property (SecureBlackbox_CAdESVerifier Class)
The addresses of DNS servers to use for address resolution, separated by commas or semicolons.
Object Oriented Interface
public function getSocketDNSServers(); public function setSocketDNSServers($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 236 ); secureblackbox_cadesverifier_set($res, 236, $value );
Default Value
''
Remarks
The addresses of DNS servers to use for address resolution, separated by commas or semicolons.
Data Type
String
SocketDNSTotalTimeout Property (SecureBlackbox_CAdESVerifier Class)
The timeout (in milliseconds) for the whole resolution process.
Object Oriented Interface
public function getSocketDNSTotalTimeout(); public function setSocketDNSTotalTimeout($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 237 ); secureblackbox_cadesverifier_set($res, 237, $value );
Default Value
0
Remarks
The timeout (in milliseconds) for the whole resolution process. The value of 0 indicates an infinite timeout.
Data Type
Integer
SocketIncomingSpeedLimit Property (SecureBlackbox_CAdESVerifier Class)
The maximum number of bytes to read from the socket, per second.
Object Oriented Interface
public function getSocketIncomingSpeedLimit(); public function setSocketIncomingSpeedLimit($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 238 ); secureblackbox_cadesverifier_set($res, 238, $value );
Default Value
0
Remarks
The maximum number of bytes to read from the socket, per second.
Data Type
Integer
SocketLocalAddress Property (SecureBlackbox_CAdESVerifier Class)
The local network interface to bind the socket to.
Object Oriented Interface
public function getSocketLocalAddress(); public function setSocketLocalAddress($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 239 ); secureblackbox_cadesverifier_set($res, 239, $value );
Default Value
''
Remarks
The local network interface to bind the socket to.
Data Type
String
SocketLocalPort Property (SecureBlackbox_CAdESVerifier Class)
The local port number to bind the socket to.
Object Oriented Interface
public function getSocketLocalPort(); public function setSocketLocalPort($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 240 ); secureblackbox_cadesverifier_set($res, 240, $value );
Default Value
0
Remarks
The local port number to bind the socket to.
Data Type
Integer
SocketOutgoingSpeedLimit Property (SecureBlackbox_CAdESVerifier Class)
The maximum number of bytes to write to the socket, per second.
Object Oriented Interface
public function getSocketOutgoingSpeedLimit(); public function setSocketOutgoingSpeedLimit($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 241 ); secureblackbox_cadesverifier_set($res, 241, $value );
Default Value
0
Remarks
The maximum number of bytes to write to the socket, per second.
Data Type
Integer
SocketTimeout Property (SecureBlackbox_CAdESVerifier Class)
The maximum period of waiting, in milliseconds, after which the socket operation is considered unsuccessful.
Object Oriented Interface
public function getSocketTimeout(); public function setSocketTimeout($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 242 ); secureblackbox_cadesverifier_set($res, 242, $value );
Default Value
60000
Remarks
The maximum period of waiting, in milliseconds, after which the socket operation is considered unsuccessful.
If Timeout is set to 0, a socket operation will expire after the system-default timeout (2 hrs 8 min for TCP stack).
Data Type
Integer
SocketUseIPv6 Property (SecureBlackbox_CAdESVerifier Class)
Enables or disables IP protocol version 6.
Object Oriented Interface
public function getSocketUseIPv6(); public function setSocketUseIPv6($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 243 ); secureblackbox_cadesverifier_set($res, 243, $value );
Default Value
false
Remarks
Enables or disables IP protocol version 6.
Data Type
Boolean
TimestampAccuracy Property (SecureBlackbox_CAdESVerifier Class)
This property indicates the accuracy of the included time mark, in microseconds.
Object Oriented Interface
public function getTimestampAccuracy();
Procedural Interface
secureblackbox_cadesverifier_get($res, 244 );
Default Value
0
Remarks
This field indicates the accuracy of the included time mark, in microseconds.
This property is read-only and not available at design time.
Data Type
Long64
TimestampBytes Property (SecureBlackbox_CAdESVerifier Class)
Returns the raw timestamp data in DER format.
Object Oriented Interface
public function getTimestampBytes();
Procedural Interface
secureblackbox_cadesverifier_get($res, 245 );
Remarks
Returns the raw timestamp data in DER format.
This property is read-only and not available at design time.
Data Type
Byte Array
TimestampCertificateIndex Property (SecureBlackbox_CAdESVerifier Class)
Returns the index of the TSA certificate in the Certificates collection.
Object Oriented Interface
public function getTimestampCertificateIndex();
Procedural Interface
secureblackbox_cadesverifier_get($res, 246 );
Default Value
-1
Remarks
Returns the index of the TSA certificate in the Certificates collection.
Use this property to look up the TSA certificate in the Certificates collection.
This property is read-only and not available at design time.
Data Type
Integer
TimestampChainValidationDetails Property (SecureBlackbox_CAdESVerifier Class)
The details of a certificate chain validation outcome.
Object Oriented Interface
public function getTimestampChainValidationDetails();
Procedural Interface
secureblackbox_cadesverifier_get($res, 247 );
Default Value
0
Remarks
The details of a certificate chain validation outcome. They may often suggest the reasons that contributed to the overall validation result.
Returns a bit mask of the following options:
| cvrBadData | 0x0001 | One or more certificates in the validation path are malformed |
| cvrRevoked | 0x0002 | One or more certificates are revoked |
| cvrNotYetValid | 0x0004 | One or more certificates are not yet valid |
| cvrExpired | 0x0008 | One or more certificates are expired |
| cvrInvalidSignature | 0x0010 | A certificate contains a non-valid digital signature |
| cvrUnknownCA | 0x0020 | A CA certificate for one or more certificates has not been found (chain incomplete) |
| cvrCAUnauthorized | 0x0040 | One of the CA certificates are not authorized to act as CA |
| cvrCRLNotVerified | 0x0080 | One or more CRLs could not be verified |
| cvrOCSPNotVerified | 0x0100 | One or more OCSP responses could not be verified |
| cvrIdentityMismatch | 0x0200 | The identity protected by the certificate (a TLS endpoint or an e-mail addressee) does not match what is recorded in the certificate |
| cvrNoKeyUsage | 0x0400 | A mandatory key usage is not enabled in one of the chain certificates |
| cvrBlocked | 0x0800 | One or more certificates are blocked |
| cvrFailure | 0x1000 | General validation failure |
| cvrChainLoop | 0x2000 | Chain loop: one of the CA certificates recursively signs itself |
| cvrWeakAlgorithm | 0x4000 | A weak algorithm is used in one of certificates or revocation elements |
| cvrUserEnforced | 0x8000 | The chain was considered invalid following intervention from a user code |
This property is read-only and not available at design time.
Data Type
Integer
TimestampChainValidationResult Property (SecureBlackbox_CAdESVerifier Class)
The outcome of a certificate chain validation routine.
Object Oriented Interface
public function getTimestampChainValidationResult();
Procedural Interface
secureblackbox_cadesverifier_get($res, 248 );
Default Value
0
Remarks
The outcome of a certificate chain validation routine.
Available options:
| cvtValid | 0 | The chain is valid |
| cvtValidButUntrusted | 1 | The chain is valid, but the root certificate is not trusted |
| cvtInvalid | 2 | The chain is not valid (some of certificates are revoked, expired, or contain an invalid signature) |
| cvtCantBeEstablished | 3 | The validity of the chain cannot be established because of missing or unavailable validation information (certificates, CRLs, or OCSP responses) |
Use the ValidationLog property to access the detailed validation log.
This property is read-only and not available at design time.
Data Type
Integer
TimestampHashAlgorithm Property (SecureBlackbox_CAdESVerifier Class)
Returns the timestamp's hash algorithm.
Object Oriented Interface
public function getTimestampHashAlgorithm();
Procedural Interface
secureblackbox_cadesverifier_get($res, 249 );
Default Value
''
Remarks
Returns the timestamp's hash algorithm.
| SB_HASH_ALGORITHM_SHA1 | SHA1 | |
| SB_HASH_ALGORITHM_SHA224 | SHA224 | |
| SB_HASH_ALGORITHM_SHA256 | SHA256 | |
| SB_HASH_ALGORITHM_SHA384 | SHA384 | |
| SB_HASH_ALGORITHM_SHA512 | SHA512 | |
| SB_HASH_ALGORITHM_MD2 | MD2 | |
| SB_HASH_ALGORITHM_MD4 | MD4 | |
| SB_HASH_ALGORITHM_MD5 | MD5 | |
| SB_HASH_ALGORITHM_RIPEMD160 | RIPEMD160 | |
| SB_HASH_ALGORITHM_CRC32 | CRC32 | |
| SB_HASH_ALGORITHM_SSL3 | SSL3 | |
| SB_HASH_ALGORITHM_GOST_R3411_1994 | GOST1994 | |
| SB_HASH_ALGORITHM_WHIRLPOOL | WHIRLPOOL | |
| SB_HASH_ALGORITHM_POLY1305 | POLY1305 | |
| SB_HASH_ALGORITHM_SHA3_224 | SHA3_224 | |
| SB_HASH_ALGORITHM_SHA3_256 | SHA3_256 | |
| SB_HASH_ALGORITHM_SHA3_384 | SHA3_384 | |
| SB_HASH_ALGORITHM_SHA3_512 | SHA3_512 | |
| SB_HASH_ALGORITHM_BLAKE2S_128 | BLAKE2S_128 | |
| SB_HASH_ALGORITHM_BLAKE2S_160 | BLAKE2S_160 | |
| SB_HASH_ALGORITHM_BLAKE2S_224 | BLAKE2S_224 | |
| SB_HASH_ALGORITHM_BLAKE2S_256 | BLAKE2S_256 | |
| SB_HASH_ALGORITHM_BLAKE2B_160 | BLAKE2B_160 | |
| SB_HASH_ALGORITHM_BLAKE2B_256 | BLAKE2B_256 | |
| SB_HASH_ALGORITHM_BLAKE2B_384 | BLAKE2B_384 | |
| SB_HASH_ALGORITHM_BLAKE2B_512 | BLAKE2B_512 | |
| SB_HASH_ALGORITHM_SHAKE_128 | SHAKE_128 | |
| SB_HASH_ALGORITHM_SHAKE_256 | SHAKE_256 | |
| SB_HASH_ALGORITHM_SHAKE_128_LEN | SHAKE_128_LEN | |
| SB_HASH_ALGORITHM_SHAKE_256_LEN | SHAKE_256_LEN |
This property is read-only and not available at design time.
Data Type
String
TimestampSerialNumber Property (SecureBlackbox_CAdESVerifier Class)
Returns the timestamp's serial number.
Object Oriented Interface
public function getTimestampSerialNumber();
Procedural Interface
secureblackbox_cadesverifier_get($res, 250 );
Remarks
Returns the timestamp's serial number.
This property is read-only and not available at design time.
Data Type
Byte Array
TimestampSignatureIndex Property (SecureBlackbox_CAdESVerifier Class)
Returns the index of the owner signature, if applicable.
Object Oriented Interface
public function getTimestampSignatureIndex();
Procedural Interface
secureblackbox_cadesverifier_get($res, 251 );
Default Value
-1
Remarks
Returns the index of the owner signature, if applicable.
Use this property to establish the index of the associated signature object in the signature collection.
This property is read-only and not available at design time.
Data Type
Integer
TimestampTime Property (SecureBlackbox_CAdESVerifier Class)
The time point incorporated into the timestamp.
Object Oriented Interface
public function getTimestampTime();
Procedural Interface
secureblackbox_cadesverifier_get($res, 252 );
Default Value
''
Remarks
The time point incorporated into the timestamp.
This property is read-only and not available at design time.
Data Type
String
TimestampTimestampType Property (SecureBlackbox_CAdESVerifier Class)
Returns the type of the timestamp.
Object Oriented Interface
public function getTimestampTimestampType();
Procedural Interface
secureblackbox_cadesverifier_get($res, 253 );
Default Value
0
Remarks
Returns the type of the timestamp.
Available options:
| tstUnknown | 0 | |
| tstLegacy | 1 | Supported by: Authenticode components |
| tstTrusted | 2 | Supported by: Authenticode components |
| tstGeneric | 3 | Supported by: CAdES components |
| tstESC | 4 | Supported by: CAdES components |
| tstContent | 5 | Supported by: CAdES components |
| tstCertsAndCRLs | 6 | Supported by: CAdES components |
| tstArchive | 7 | Archive timestamp. Supported by: ASiC, CAdES, JAdES, Office, SOAP, XAdES components |
| tstArchive2 | 8 | Archive v2 timestamp. Supported by: ASiC, CAdES components |
| tstArchive3 | 9 | Archive v3 timestamp. Supported by: ASiC, CAdES components |
| tstIndividualDataObjects | 10 | Individual data objects timetamp. Supported by: ASiC, Office, SOAP, XAdES components |
| tstAllDataObjects | 11 | All data objects timestamp. Supported by: ASiC, Office, SOAP, XAdES components |
| tstSignature | 12 | Signature timestamp. Supported by: ASiC, JAdES, Office, SOAP, XAdES components |
| tstRefsOnly | 13 | RefsOnly timestamp. Supported by: ASiC, JAdES, Office, SOAP, XAdES components |
| tstSigAndRefs | 14 | SigAndRefs timestamp. Supported by: ASiC, JAdES, Office, SOAP, XAdES components |
| tstSignedData | 15 | SignedData timestamp. Supported by: JAdES components |
| tstArchive141 | 16 | Archive timestamp v1.4.1. Supported by: ASiC, Office, SOAP, XAdES components |
Not all of the above timestamp types can be supported by a specific signature technology used (CAdES, PDF, XAdES).
This property is read-only and not available at design time.
Data Type
Integer
TimestampTSAName Property (SecureBlackbox_CAdESVerifier Class)
This value uniquely identifies the Timestamp Authority (TSA).
Object Oriented Interface
public function getTimestampTSAName();
Procedural Interface
secureblackbox_cadesverifier_get($res, 254 );
Default Value
''
Remarks
This value uniquely identifies the Timestamp Authority (TSA).
This property provides information about the entity that manages the TSA.
This property is read-only and not available at design time.
Data Type
String
TimestampValidationLog Property (SecureBlackbox_CAdESVerifier Class)
Contains the TSA certificate chain validation log.
Object Oriented Interface
public function getTimestampValidationLog();
Procedural Interface
secureblackbox_cadesverifier_get($res, 255 );
Default Value
''
Remarks
Contains the TSA certificate chain validation log. This information is extremely useful if the timestamp validation fails.
This property is read-only and not available at design time.
Data Type
String
TimestampValidationResult Property (SecureBlackbox_CAdESVerifier Class)
Contains the timestamp validation outcome.
Object Oriented Interface
public function getTimestampValidationResult();
Procedural Interface
secureblackbox_cadesverifier_get($res, 256 );
Default Value
0
Remarks
Contains the timestamp validation outcome.
Use this property to check the result of the most recent timestamp validation.
| svtValid | 0 | The signature is valid |
| svtUnknown | 1 | Signature validity is unknown |
| svtCorrupted | 2 | The signature is corrupted |
| svtSignerNotFound | 3 | Failed to acquire the signing certificate. The signature cannot be validated. |
| svtFailure | 4 | General failure |
This property is read-only and not available at design time.
Data Type
Integer
TLSClientCertCount Property (SecureBlackbox_CAdESVerifier Class)
The number of records in the TLSClientCert arrays.
Object Oriented Interface
public function getTLSClientCertCount(); public function setTLSClientCertCount($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 257 ); secureblackbox_cadesverifier_set($res, 257, $value );
Default Value
0
Remarks
This property controls the size of the following arrays:
The array indices start at 0 and end at TLSClientCertCount - 1.This property is not available at design time.
Data Type
Integer
TLSClientCertBytes Property (SecureBlackbox_CAdESVerifier Class)
Returns the raw certificate data in DER format.
Object Oriented Interface
public function getTLSClientCertBytes($tlsclientcertindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 258 , $tlsclientcertindex);
Remarks
Returns the raw certificate data in DER format.
The $tlsclientcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the TLSClientCertCount property.
This property is read-only and not available at design time.
Data Type
Byte Array
TLSClientCertHandle Property (SecureBlackbox_CAdESVerifier Class)
Allows to get or set a 'handle', a unique identifier of the underlying property object.
Object Oriented Interface
public function getTLSClientCertHandle($tlsclientcertindex); public function setTLSClientCertHandle($tlsclientcertindex, $value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 265 , $tlsclientcertindex); secureblackbox_cadesverifier_set($res, 265, $value , $tlsclientcertindex);
Default Value
0
Remarks
Allows to get or set a 'handle', a unique identifier of the underlying property object. Use this property to assign objects of the same type in a quicker manner, without copying them fieldwise.
When you pass a handle of one object to another, the source object is copied to the destination rather than assigned. It is safe to get rid of the original object
after such operation.
pdfSigner.setSigningCertHandle(certMgr.getCertHandle());
The $tlsclientcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the TLSClientCertCount property.
This property is not available at design time.
Data Type
Long64
TLSServerCertCount Property (SecureBlackbox_CAdESVerifier Class)
The number of records in the TLSServerCert arrays.
Object Oriented Interface
public function getTLSServerCertCount();
Procedural Interface
secureblackbox_cadesverifier_get($res, 292 );
Default Value
0
Remarks
This property controls the size of the following arrays:
The array indices start at 0 and end at TLSServerCertCount - 1.This property is read-only and not available at design time.
Data Type
Integer
TLSServerCertBytes Property (SecureBlackbox_CAdESVerifier Class)
Returns the raw certificate data in DER format.
Object Oriented Interface
public function getTLSServerCertBytes($tlsservercertindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 293 , $tlsservercertindex);
Remarks
Returns the raw certificate data in DER format.
The $tlsservercertindex parameter specifies the index of the item in the array. The size of the array is controlled by the TLSServerCertCount property.
This property is read-only and not available at design time.
Data Type
Byte Array
TLSServerCertHandle Property (SecureBlackbox_CAdESVerifier Class)
Allows to get or set a 'handle', a unique identifier of the underlying property object.
Object Oriented Interface
public function getTLSServerCertHandle($tlsservercertindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 300 , $tlsservercertindex);
Default Value
0
Remarks
Allows to get or set a 'handle', a unique identifier of the underlying property object. Use this property to assign objects of the same type in a quicker manner, without copying them fieldwise.
When you pass a handle of one object to another, the source object is copied to the destination rather than assigned. It is safe to get rid of the original object
after such operation.
pdfSigner.setSigningCertHandle(certMgr.getCertHandle());
The $tlsservercertindex parameter specifies the index of the item in the array. The size of the array is controlled by the TLSServerCertCount property.
This property is read-only and not available at design time.
Data Type
Long64
TLSAutoValidateCertificates Property (SecureBlackbox_CAdESVerifier Class)
Specifies whether server-side TLS certificates should be validated automatically using internal validation rules.
Object Oriented Interface
public function getTLSAutoValidateCertificates(); public function setTLSAutoValidateCertificates($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 327 ); secureblackbox_cadesverifier_set($res, 327, $value );
Default Value
true
Remarks
Specifies whether server-side TLS certificates should be validated automatically using internal validation rules.
Data Type
Boolean
TLSBaseConfiguration Property (SecureBlackbox_CAdESVerifier Class)
Selects the base configuration for the TLS settings.
Object Oriented Interface
public function getTLSBaseConfiguration(); public function setTLSBaseConfiguration($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 328 ); secureblackbox_cadesverifier_set($res, 328, $value );
Default Value
0
Remarks
Selects the base configuration for the TLS settings. Several profiles are offered and tuned up for different purposes, such as high security or higher compatibility.
| stpcDefault | 0 | |
| stpcCompatible | 1 | |
| stpcComprehensiveInsecure | 2 | |
| stpcHighlySecure | 3 |
Data Type
Integer
TLSCiphersuites Property (SecureBlackbox_CAdESVerifier Class)
A list of ciphersuites separated with commas or semicolons.
Object Oriented Interface
public function getTLSCiphersuites(); public function setTLSCiphersuites($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 329 ); secureblackbox_cadesverifier_set($res, 329, $value );
Default Value
''
Remarks
A list of ciphersuites separated with commas or semicolons. Each ciphersuite in the list may be prefixed with a minus sign (-) to indicate that the ciphersuite should be disabled rather than enabled. Besides the specific ciphersuite modifiers, this property supports the all (and -all) aliases, allowing all ciphersuites to be blanketly enabled or disabled at once.
Note: the list of ciphersuites provided to this property alters the baseline list of ciphersuites as defined by TLSBaseConfiguration. Remember to start your ciphersuite string with -all; if you need to only enable a specific fixed set of ciphersuites. The list of supported ciphersuites is provided below:
- NULL_NULL_NULL
- RSA_NULL_MD5
- RSA_NULL_SHA
- RSA_RC4_MD5
- RSA_RC4_SHA
- RSA_RC2_MD5
- RSA_IDEA_MD5
- RSA_IDEA_SHA
- RSA_DES_MD5
- RSA_DES_SHA
- RSA_3DES_MD5
- RSA_3DES_SHA
- RSA_AES128_SHA
- RSA_AES256_SHA
- DH_DSS_DES_SHA
- DH_DSS_3DES_SHA
- DH_DSS_AES128_SHA
- DH_DSS_AES256_SHA
- DH_RSA_DES_SHA
- DH_RSA_3DES_SHA
- DH_RSA_AES128_SHA
- DH_RSA_AES256_SHA
- DHE_DSS_DES_SHA
- DHE_DSS_3DES_SHA
- DHE_DSS_AES128_SHA
- DHE_DSS_AES256_SHA
- DHE_RSA_DES_SHA
- DHE_RSA_3DES_SHA
- DHE_RSA_AES128_SHA
- DHE_RSA_AES256_SHA
- DH_ANON_RC4_MD5
- DH_ANON_DES_SHA
- DH_ANON_3DES_SHA
- DH_ANON_AES128_SHA
- DH_ANON_AES256_SHA
- RSA_RC2_MD5_EXPORT
- RSA_RC4_MD5_EXPORT
- RSA_DES_SHA_EXPORT
- DH_DSS_DES_SHA_EXPORT
- DH_RSA_DES_SHA_EXPORT
- DHE_DSS_DES_SHA_EXPORT
- DHE_RSA_DES_SHA_EXPORT
- DH_ANON_RC4_MD5_EXPORT
- DH_ANON_DES_SHA_EXPORT
- RSA_CAMELLIA128_SHA
- DH_DSS_CAMELLIA128_SHA
- DH_RSA_CAMELLIA128_SHA
- DHE_DSS_CAMELLIA128_SHA
- DHE_RSA_CAMELLIA128_SHA
- DH_ANON_CAMELLIA128_SHA
- RSA_CAMELLIA256_SHA
- DH_DSS_CAMELLIA256_SHA
- DH_RSA_CAMELLIA256_SHA
- DHE_DSS_CAMELLIA256_SHA
- DHE_RSA_CAMELLIA256_SHA
- DH_ANON_CAMELLIA256_SHA
- PSK_RC4_SHA
- PSK_3DES_SHA
- PSK_AES128_SHA
- PSK_AES256_SHA
- DHE_PSK_RC4_SHA
- DHE_PSK_3DES_SHA
- DHE_PSK_AES128_SHA
- DHE_PSK_AES256_SHA
- RSA_PSK_RC4_SHA
- RSA_PSK_3DES_SHA
- RSA_PSK_AES128_SHA
- RSA_PSK_AES256_SHA
- RSA_SEED_SHA
- DH_DSS_SEED_SHA
- DH_RSA_SEED_SHA
- DHE_DSS_SEED_SHA
- DHE_RSA_SEED_SHA
- DH_ANON_SEED_SHA
- SRP_SHA_3DES_SHA
- SRP_SHA_RSA_3DES_SHA
- SRP_SHA_DSS_3DES_SHA
- SRP_SHA_AES128_SHA
- SRP_SHA_RSA_AES128_SHA
- SRP_SHA_DSS_AES128_SHA
- SRP_SHA_AES256_SHA
- SRP_SHA_RSA_AES256_SHA
- SRP_SHA_DSS_AES256_SHA
- ECDH_ECDSA_NULL_SHA
- ECDH_ECDSA_RC4_SHA
- ECDH_ECDSA_3DES_SHA
- ECDH_ECDSA_AES128_SHA
- ECDH_ECDSA_AES256_SHA
- ECDHE_ECDSA_NULL_SHA
- ECDHE_ECDSA_RC4_SHA
- ECDHE_ECDSA_3DES_SHA
- ECDHE_ECDSA_AES128_SHA
- ECDHE_ECDSA_AES256_SHA
- ECDH_RSA_NULL_SHA
- ECDH_RSA_RC4_SHA
- ECDH_RSA_3DES_SHA
- ECDH_RSA_AES128_SHA
- ECDH_RSA_AES256_SHA
- ECDHE_RSA_NULL_SHA
- ECDHE_RSA_RC4_SHA
- ECDHE_RSA_3DES_SHA
- ECDHE_RSA_AES128_SHA
- ECDHE_RSA_AES256_SHA
- ECDH_ANON_NULL_SHA
- ECDH_ANON_RC4_SHA
- ECDH_ANON_3DES_SHA
- ECDH_ANON_AES128_SHA
- ECDH_ANON_AES256_SHA
- RSA_NULL_SHA256
- RSA_AES128_SHA256
- RSA_AES256_SHA256
- DH_DSS_AES128_SHA256
- DH_RSA_AES128_SHA256
- DHE_DSS_AES128_SHA256
- DHE_RSA_AES128_SHA256
- DH_DSS_AES256_SHA256
- DH_RSA_AES256_SHA256
- DHE_DSS_AES256_SHA256
- DHE_RSA_AES256_SHA256
- DH_ANON_AES128_SHA256
- DH_ANON_AES256_SHA256
- RSA_AES128_GCM_SHA256
- RSA_AES256_GCM_SHA384
- DHE_RSA_AES128_GCM_SHA256
- DHE_RSA_AES256_GCM_SHA384
- DH_RSA_AES128_GCM_SHA256
- DH_RSA_AES256_GCM_SHA384
- DHE_DSS_AES128_GCM_SHA256
- DHE_DSS_AES256_GCM_SHA384
- DH_DSS_AES128_GCM_SHA256
- DH_DSS_AES256_GCM_SHA384
- DH_ANON_AES128_GCM_SHA256
- DH_ANON_AES256_GCM_SHA384
- ECDHE_ECDSA_AES128_SHA256
- ECDHE_ECDSA_AES256_SHA384
- ECDH_ECDSA_AES128_SHA256
- ECDH_ECDSA_AES256_SHA384
- ECDHE_RSA_AES128_SHA256
- ECDHE_RSA_AES256_SHA384
- ECDH_RSA_AES128_SHA256
- ECDH_RSA_AES256_SHA384
- ECDHE_ECDSA_AES128_GCM_SHA256
- ECDHE_ECDSA_AES256_GCM_SHA384
- ECDH_ECDSA_AES128_GCM_SHA256
- ECDH_ECDSA_AES256_GCM_SHA384
- ECDHE_RSA_AES128_GCM_SHA256
- ECDHE_RSA_AES256_GCM_SHA384
- ECDH_RSA_AES128_GCM_SHA256
- ECDH_RSA_AES256_GCM_SHA384
- PSK_AES128_GCM_SHA256
- PSK_AES256_GCM_SHA384
- DHE_PSK_AES128_GCM_SHA256
- DHE_PSK_AES256_GCM_SHA384
- RSA_PSK_AES128_GCM_SHA256
- RSA_PSK_AES256_GCM_SHA384
- PSK_AES128_SHA256
- PSK_AES256_SHA384
- PSK_NULL_SHA256
- PSK_NULL_SHA384
- DHE_PSK_AES128_SHA256
- DHE_PSK_AES256_SHA384
- DHE_PSK_NULL_SHA256
- DHE_PSK_NULL_SHA384
- RSA_PSK_AES128_SHA256
- RSA_PSK_AES256_SHA384
- RSA_PSK_NULL_SHA256
- RSA_PSK_NULL_SHA384
- RSA_CAMELLIA128_SHA256
- DH_DSS_CAMELLIA128_SHA256
- DH_RSA_CAMELLIA128_SHA256
- DHE_DSS_CAMELLIA128_SHA256
- DHE_RSA_CAMELLIA128_SHA256
- DH_ANON_CAMELLIA128_SHA256
- RSA_CAMELLIA256_SHA256
- DH_DSS_CAMELLIA256_SHA256
- DH_RSA_CAMELLIA256_SHA256
- DHE_DSS_CAMELLIA256_SHA256
- DHE_RSA_CAMELLIA256_SHA256
- DH_ANON_CAMELLIA256_SHA256
- ECDHE_ECDSA_CAMELLIA128_SHA256
- ECDHE_ECDSA_CAMELLIA256_SHA384
- ECDH_ECDSA_CAMELLIA128_SHA256
- ECDH_ECDSA_CAMELLIA256_SHA384
- ECDHE_RSA_CAMELLIA128_SHA256
- ECDHE_RSA_CAMELLIA256_SHA384
- ECDH_RSA_CAMELLIA128_SHA256
- ECDH_RSA_CAMELLIA256_SHA384
- RSA_CAMELLIA128_GCM_SHA256
- RSA_CAMELLIA256_GCM_SHA384
- DHE_RSA_CAMELLIA128_GCM_SHA256
- DHE_RSA_CAMELLIA256_GCM_SHA384
- DH_RSA_CAMELLIA128_GCM_SHA256
- DH_RSA_CAMELLIA256_GCM_SHA384
- DHE_DSS_CAMELLIA128_GCM_SHA256
- DHE_DSS_CAMELLIA256_GCM_SHA384
- DH_DSS_CAMELLIA128_GCM_SHA256
- DH_DSS_CAMELLIA256_GCM_SHA384
- DH_anon_CAMELLIA128_GCM_SHA256
- DH_anon_CAMELLIA256_GCM_SHA384
- ECDHE_ECDSA_CAMELLIA128_GCM_SHA256
- ECDHE_ECDSA_CAMELLIA256_GCM_SHA384
- ECDH_ECDSA_CAMELLIA128_GCM_SHA256
- ECDH_ECDSA_CAMELLIA256_GCM_SHA384
- ECDHE_RSA_CAMELLIA128_GCM_SHA256
- ECDHE_RSA_CAMELLIA256_GCM_SHA384
- ECDH_RSA_CAMELLIA128_GCM_SHA256
- ECDH_RSA_CAMELLIA256_GCM_SHA384
- PSK_CAMELLIA128_GCM_SHA256
- PSK_CAMELLIA256_GCM_SHA384
- DHE_PSK_CAMELLIA128_GCM_SHA256
- DHE_PSK_CAMELLIA256_GCM_SHA384
- RSA_PSK_CAMELLIA128_GCM_SHA256
- RSA_PSK_CAMELLIA256_GCM_SHA384
- PSK_CAMELLIA128_SHA256
- PSK_CAMELLIA256_SHA384
- DHE_PSK_CAMELLIA128_SHA256
- DHE_PSK_CAMELLIA256_SHA384
- RSA_PSK_CAMELLIA128_SHA256
- RSA_PSK_CAMELLIA256_SHA384
- ECDHE_PSK_CAMELLIA128_SHA256
- ECDHE_PSK_CAMELLIA256_SHA384
- ECDHE_PSK_RC4_SHA
- ECDHE_PSK_3DES_SHA
- ECDHE_PSK_AES128_SHA
- ECDHE_PSK_AES256_SHA
- ECDHE_PSK_AES128_SHA256
- ECDHE_PSK_AES256_SHA384
- ECDHE_PSK_NULL_SHA
- ECDHE_PSK_NULL_SHA256
- ECDHE_PSK_NULL_SHA384
- ECDHE_RSA_CHACHA20_POLY1305_SHA256
- ECDHE_ECDSA_CHACHA20_POLY1305_SHA256
- DHE_RSA_CHACHA20_POLY1305_SHA256
- PSK_CHACHA20_POLY1305_SHA256
- ECDHE_PSK_CHACHA20_POLY1305_SHA256
- DHE_PSK_CHACHA20_POLY1305_SHA256
- RSA_PSK_CHACHA20_POLY1305_SHA256
- AES128_GCM_SHA256
- AES256_GCM_SHA384
- CHACHA20_POLY1305_SHA256
- AES128_CCM_SHA256
- AES128_CCM8_SHA256
Data Type
String
TLSECCurves Property (SecureBlackbox_CAdESVerifier Class)
Defines the elliptic curves to enable.
Object Oriented Interface
public function getTLSECCurves(); public function setTLSECCurves($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 330 ); secureblackbox_cadesverifier_set($res, 330, $value );
Default Value
''
Remarks
Defines the elliptic curves to enable.
Data Type
String
TLSExtensions Property (SecureBlackbox_CAdESVerifier Class)
Provides access to TLS extensions.
Object Oriented Interface
public function getTLSExtensions(); public function setTLSExtensions($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 331 ); secureblackbox_cadesverifier_set($res, 331, $value );
Default Value
''
Remarks
Provides access to TLS extensions.
Data Type
String
TLSForceResumeIfDestinationChanges Property (SecureBlackbox_CAdESVerifier Class)
Whether to force TLS session resumption when the destination address changes.
Object Oriented Interface
public function getTLSForceResumeIfDestinationChanges(); public function setTLSForceResumeIfDestinationChanges($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 332 ); secureblackbox_cadesverifier_set($res, 332, $value );
Default Value
false
Remarks
Whether to force TLS session resumption when the destination address changes.
Data Type
Boolean
TLSPreSharedIdentity Property (SecureBlackbox_CAdESVerifier Class)
Defines the identity used when the PSK (Pre-Shared Key) key-exchange mechanism is negotiated.
Object Oriented Interface
public function getTLSPreSharedIdentity(); public function setTLSPreSharedIdentity($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 333 ); secureblackbox_cadesverifier_set($res, 333, $value );
Default Value
''
Remarks
Defines the identity used when the PSK (Pre-Shared Key) key-exchange mechanism is negotiated.
This property is not available at design time.
Data Type
String
TLSPreSharedKey Property (SecureBlackbox_CAdESVerifier Class)
Contains the pre-shared key for the PSK (Pre-Shared Key) key-exchange mechanism, encoded with base16.
Object Oriented Interface
public function getTLSPreSharedKey(); public function setTLSPreSharedKey($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 334 ); secureblackbox_cadesverifier_set($res, 334, $value );
Default Value
''
Remarks
Contains the pre-shared key for the PSK (Pre-Shared Key) key-exchange mechanism, encoded with base16.
This property is not available at design time.
Data Type
String
TLSPreSharedKeyCiphersuite Property (SecureBlackbox_CAdESVerifier Class)
Defines the ciphersuite used for PSK (Pre-Shared Key) negotiation.
Object Oriented Interface
public function getTLSPreSharedKeyCiphersuite(); public function setTLSPreSharedKeyCiphersuite($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 335 ); secureblackbox_cadesverifier_set($res, 335, $value );
Default Value
''
Remarks
Defines the ciphersuite used for PSK (Pre-Shared Key) negotiation.
Data Type
String
TLSRenegotiationAttackPreventionMode Property (SecureBlackbox_CAdESVerifier Class)
Selects the renegotiation attack prevention mechanism.
Object Oriented Interface
public function getTLSRenegotiationAttackPreventionMode(); public function setTLSRenegotiationAttackPreventionMode($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 336 ); secureblackbox_cadesverifier_set($res, 336, $value );
Default Value
0
Remarks
Selects the renegotiation attack prevention mechanism.
The following options are available:
| crapmCompatible | 0 | TLS 1.0 and 1.1 compatibility mode (renegotiation indication extension is disabled). |
| crapmStrict | 1 | Renegotiation attack prevention is enabled and enforced. |
| crapmAuto | 2 | Automatically choose whether to enable or disable renegotiation attack prevention. |
Data Type
Integer
TLSRevocationCheck Property (SecureBlackbox_CAdESVerifier Class)
Specifies the kind(s) of revocation check to perform.
Object Oriented Interface
public function getTLSRevocationCheck(); public function setTLSRevocationCheck($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 337 ); secureblackbox_cadesverifier_set($res, 337, $value );
Default Value
1
Remarks
Specifies the kind(s) of revocation check to perform.
Revocation checking is necessary to ensure the integrity of the chain and obtain up-to-date certificate validity and trustworthiness information.
| crcNone | 0 | No revocation checking. |
| crcAuto | 1 | Automatic mode selection. Currently this maps to crcAnyOCSPOrCRL, but it may change in the future. |
| crcAllCRL | 2 | All provided CRL endpoints will be checked, and all checks must succeed. |
| crcAllOCSP | 3 | All provided OCSP endpoints will be checked, and all checks must succeed. |
| crcAllCRLAndOCSP | 4 | All provided CRL and OCSP endpoints will be checked, and all checks must succeed. |
| crcAnyCRL | 5 | All provided CRL endpoints will be checked, and at least one check must succeed. |
| crcAnyOCSP | 6 | All provided OCSP endpoints will be checked, and at least one check must succeed. |
| crcAnyCRLOrOCSP | 7 | All provided CRL and OCSP endpoints will be checked, and at least one check must succeed. CRL endpoints are checked first. |
| crcAnyOCSPOrCRL | 8 | All provided CRL and OCSP endpoints will be checked, and at least one check must succeed. OCSP endpoints are checked first. |
This setting controls the way the revocation checks are performed for every certificate in the chain. Typically certificates come with two types of revocation information sources: CRL (certificate revocation lists) and OCSP responders. CRLs are static objects periodically published by the CA at some online location. OCSP responders are active online services maintained by the CA that can provide up-to-date information on certificate statuses in near real time.
There are some conceptual differences between the two. CRLs are normally larger in size. Their use involves some latency because there is normally some delay between the time when a certificate was revoked and the time the subsequent CRL mentioning that is published. The benefits of CRL is that the same object can provide statuses for all certificates issued by a particular CA, and that the whole technology is much simpler than OCSP (and thus is supported by more CAs).
This setting lets you adjust the validation course by including or excluding certain types of revocation sources from the validation process. The crcAnyOCSPOrCRL setting (give preference to the faster OCSP route and only demand one source to succeed) is a good choice for most typical validation environments. The "crcAll*" modes are much stricter, and may be used in scenarios where bulletproof validity information is essential.
Note: If no CRL or OCSP endpoints are provided by the CA, the revocation check will be considered successful. This is because the CA chose not to supply revocation information for its certificates, meaning they are considered irrevocable.
Note: Within each of the above settings, if any retrieved CRL or OCSP response indicates that the certificate has been revoked, the revocation check fails.
This property is not available at design time.
Data Type
Integer
TLSSSLOptions Property (SecureBlackbox_CAdESVerifier Class)
Various SSL (TLS) protocol options, set of cssloExpectShutdownMessage 0x001 Wait for the close-notify message when shutting down the connection cssloOpenSSLDTLSWorkaround 0x002 (DEPRECATED) Use a DTLS version workaround when talking to very old OpenSSL versions cssloDisableKexLengthAlignment 0x004 Do not align the client-side PMS by the RSA modulus size.
Object Oriented Interface
public function getTLSSSLOptions(); public function setTLSSSLOptions($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 338 ); secureblackbox_cadesverifier_set($res, 338, $value );
Default Value
16
Remarks
Various SSL (TLS) protocol options, set of
| cssloExpectShutdownMessage | 0x001 | Wait for the close-notify message when shutting down the connection |
| cssloOpenSSLDTLSWorkaround | 0x002 | (DEPRECATED) Use a DTLS version workaround when talking to very old OpenSSL versions |
| cssloDisableKexLengthAlignment | 0x004 | Do not align the client-side PMS by the RSA modulus size. It is unlikely that you will ever need to adjust it. |
| cssloForceUseOfClientCertHashAlg | 0x008 | Enforce the use of the client certificate hash algorithm. It is unlikely that you will ever need to adjust it. |
| cssloAutoAddServerNameExtension | 0x010 | Automatically add the server name extension when known |
| cssloAcceptTrustedSRPPrimesOnly | 0x020 | Accept trusted SRP primes only |
| cssloDisableSignatureAlgorithmsExtension | 0x040 | Disable (do not send) the signature algorithms extension. It is unlikely that you will ever need to adjust it. |
| cssloIntolerateHigherProtocolVersions | 0x080 | (server option) Do not allow fallback from TLS versions higher than currently enabled |
| cssloStickToPrefCertHashAlg | 0x100 | Stick to preferred certificate hash algorithms |
| cssloNoImplicitTLS12Fallback | 0x200 | Disable implicit TLS 1.3 to 1.2 fallbacks |
| cssloUseHandshakeBatches | 0x400 | Send the handshake message as large batches rather than individually |
Data Type
Integer
TLSTLSMode Property (SecureBlackbox_CAdESVerifier Class)
Specifies the TLS mode to use.
Object Oriented Interface
public function getTLSTLSMode(); public function setTLSTLSMode($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 339 ); secureblackbox_cadesverifier_set($res, 339, $value );
Default Value
0
Remarks
Specifies the TLS mode to use.
| smDefault | 0 | |
| smNoTLS | 1 | Do not use TLS |
| smExplicitTLS | 2 | Connect to the server without any encryption and then request an SSL session. |
| smImplicitTLS | 3 | Connect to the specified port, and establish the SSL session at once. |
| smMixedTLS | 4 | Connect to the specified port, and establish the SSL session at once, but allow plain data. |
Data Type
Integer
TLSUseExtendedMasterSecret Property (SecureBlackbox_CAdESVerifier Class)
Enables the Extended Master Secret Extension, as defined in RFC 7627.
Object Oriented Interface
public function getTLSUseExtendedMasterSecret(); public function setTLSUseExtendedMasterSecret($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 340 ); secureblackbox_cadesverifier_set($res, 340, $value );
Default Value
false
Remarks
Enables the Extended Master Secret Extension, as defined in RFC 7627.
Data Type
Boolean
TLSUseSessionResumption Property (SecureBlackbox_CAdESVerifier Class)
Enables or disables the TLS session resumption capability.
Object Oriented Interface
public function getTLSUseSessionResumption(); public function setTLSUseSessionResumption($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 341 ); secureblackbox_cadesverifier_set($res, 341, $value );
Default Value
false
Remarks
Enables or disables the TLS session resumption capability.
Data Type
Boolean
TLSVersions Property (SecureBlackbox_CAdESVerifier Class)
The SSL/TLS versions to enable by default.
Object Oriented Interface
public function getTLSVersions(); public function setTLSVersions($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 342 ); secureblackbox_cadesverifier_set($res, 342, $value );
Default Value
16
Remarks
The SSL/TLS versions to enable by default.
| csbSSL2 | 0x01 | SSL 2 |
| csbSSL3 | 0x02 | SSL 3 |
| csbTLS1 | 0x04 | TLS 1.0 |
| csbTLS11 | 0x08 | TLS 1.1 |
| csbTLS12 | 0x10 | TLS 1.2 |
| csbTLS13 | 0x20 | TLS 1.3 |
Data Type
Integer
TrustedCertCount Property (SecureBlackbox_CAdESVerifier Class)
The number of records in the TrustedCert arrays.
Object Oriented Interface
public function getTrustedCertCount(); public function setTrustedCertCount($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 343 ); secureblackbox_cadesverifier_set($res, 343, $value );
Default Value
0
Remarks
This property controls the size of the following arrays:
The array indices start at 0 and end at TrustedCertCount - 1.This property is not available at design time.
Data Type
Integer
TrustedCertBytes Property (SecureBlackbox_CAdESVerifier Class)
Returns the raw certificate data in DER format.
Object Oriented Interface
public function getTrustedCertBytes($trustedcertindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 344 , $trustedcertindex);
Remarks
Returns the raw certificate data in DER format.
The $trustedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the TrustedCertCount property.
This property is read-only and not available at design time.
Data Type
Byte Array
TrustedCertHandle Property (SecureBlackbox_CAdESVerifier Class)
Allows to get or set a 'handle', a unique identifier of the underlying property object.
Object Oriented Interface
public function getTrustedCertHandle($trustedcertindex); public function setTrustedCertHandle($trustedcertindex, $value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 351 , $trustedcertindex); secureblackbox_cadesverifier_set($res, 351, $value , $trustedcertindex);
Default Value
0
Remarks
Allows to get or set a 'handle', a unique identifier of the underlying property object. Use this property to assign objects of the same type in a quicker manner, without copying them fieldwise.
When you pass a handle of one object to another, the source object is copied to the destination rather than assigned. It is safe to get rid of the original object
after such operation.
pdfSigner.setSigningCertHandle(certMgr.getCertHandle());
The $trustedcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the TrustedCertCount property.
This property is not available at design time.
Data Type
Long64
TSACertBytes Property (SecureBlackbox_CAdESVerifier Class)
Returns the raw certificate data in DER format.
Object Oriented Interface
public function getTSACertBytes();
Procedural Interface
secureblackbox_cadesverifier_get($res, 378 );
Remarks
Returns the raw certificate data in DER format.
This property is read-only and not available at design time.
Data Type
Byte Array
TSACertCA Property (SecureBlackbox_CAdESVerifier Class)
Indicates whether the certificate has a CA capability (a setting in the BasicConstraints extension).
Object Oriented Interface
public function getTSACertCA();
Procedural Interface
secureblackbox_cadesverifier_get($res, 379 );
Default Value
false
Remarks
Indicates whether the certificate has a CA capability (a setting in the BasicConstraints extension).
This property is read-only and not available at design time.
Data Type
Boolean
TSACertCAKeyID Property (SecureBlackbox_CAdESVerifier Class)
A unique identifier (fingerprint) of the CA certificate's private key.
Object Oriented Interface
public function getTSACertCAKeyID();
Procedural Interface
secureblackbox_cadesverifier_get($res, 380 );
Remarks
A unique identifier (fingerprint) of the CA certificate's private key.
Authority Key Identifier is a (non-critical) X.509 certificate extension which allows the identification of certificates produced by the same issuer, but with different public keys.
This property is read-only and not available at design time.
Data Type
Byte Array
TSACertCRLDistributionPoints Property (SecureBlackbox_CAdESVerifier Class)
Locations of the CRL (Certificate Revocation List) distribution points used to check this certificate's validity.
Object Oriented Interface
public function getTSACertCRLDistributionPoints();
Procedural Interface
secureblackbox_cadesverifier_get($res, 381 );
Default Value
''
Remarks
Locations of the CRL (Certificate Revocation List) distribution points used to check this certificate's validity.
This property is read-only and not available at design time.
Data Type
String
TSACertCurve Property (SecureBlackbox_CAdESVerifier Class)
Specifies the elliptic curve of the EC public key.
Object Oriented Interface
public function getTSACertCurve();
Procedural Interface
secureblackbox_cadesverifier_get($res, 382 );
Default Value
''
Remarks
Specifies the elliptic curve of the EC public key.
| SB_EC_SECP112R1 | SECP112R1 | |
| SB_EC_SECP112R2 | SECP112R2 | |
| SB_EC_SECP128R1 | SECP128R1 | |
| SB_EC_SECP128R2 | SECP128R2 | |
| SB_EC_SECP160K1 | SECP160K1 | |
| SB_EC_SECP160R1 | SECP160R1 | |
| SB_EC_SECP160R2 | SECP160R2 | |
| SB_EC_SECP192K1 | SECP192K1 | |
| SB_EC_SECP192R1 | SECP192R1 | |
| SB_EC_SECP224K1 | SECP224K1 | |
| SB_EC_SECP224R1 | SECP224R1 | |
| SB_EC_SECP256K1 | SECP256K1 | |
| SB_EC_SECP256R1 | SECP256R1 | |
| SB_EC_SECP384R1 | SECP384R1 | |
| SB_EC_SECP521R1 | SECP521R1 | |
| SB_EC_SECT113R1 | SECT113R1 | |
| SB_EC_SECT113R2 | SECT113R2 | |
| SB_EC_SECT131R1 | SECT131R1 | |
| SB_EC_SECT131R2 | SECT131R2 | |
| SB_EC_SECT163K1 | SECT163K1 | |
| SB_EC_SECT163R1 | SECT163R1 | |
| SB_EC_SECT163R2 | SECT163R2 | |
| SB_EC_SECT193R1 | SECT193R1 | |
| SB_EC_SECT193R2 | SECT193R2 | |
| SB_EC_SECT233K1 | SECT233K1 | |
| SB_EC_SECT233R1 | SECT233R1 | |
| SB_EC_SECT239K1 | SECT239K1 | |
| SB_EC_SECT283K1 | SECT283K1 | |
| SB_EC_SECT283R1 | SECT283R1 | |
| SB_EC_SECT409K1 | SECT409K1 | |
| SB_EC_SECT409R1 | SECT409R1 | |
| SB_EC_SECT571K1 | SECT571K1 | |
| SB_EC_SECT571R1 | SECT571R1 | |
| SB_EC_PRIME192V1 | PRIME192V1 | |
| SB_EC_PRIME192V2 | PRIME192V2 | |
| SB_EC_PRIME192V3 | PRIME192V3 | |
| SB_EC_PRIME239V1 | PRIME239V1 | |
| SB_EC_PRIME239V2 | PRIME239V2 | |
| SB_EC_PRIME239V3 | PRIME239V3 | |
| SB_EC_PRIME256V1 | PRIME256V1 | |
| SB_EC_C2PNB163V1 | C2PNB163V1 | |
| SB_EC_C2PNB163V2 | C2PNB163V2 | |
| SB_EC_C2PNB163V3 | C2PNB163V3 | |
| SB_EC_C2PNB176W1 | C2PNB176W1 | |
| SB_EC_C2TNB191V1 | C2TNB191V1 | |
| SB_EC_C2TNB191V2 | C2TNB191V2 | |
| SB_EC_C2TNB191V3 | C2TNB191V3 | |
| SB_EC_C2ONB191V4 | C2ONB191V4 | |
| SB_EC_C2ONB191V5 | C2ONB191V5 | |
| SB_EC_C2PNB208W1 | C2PNB208W1 | |
| SB_EC_C2TNB239V1 | C2TNB239V1 | |
| SB_EC_C2TNB239V2 | C2TNB239V2 | |
| SB_EC_C2TNB239V3 | C2TNB239V3 | |
| SB_EC_C2ONB239V4 | C2ONB239V4 | |
| SB_EC_C2ONB239V5 | C2ONB239V5 | |
| SB_EC_C2PNB272W1 | C2PNB272W1 | |
| SB_EC_C2PNB304W1 | C2PNB304W1 | |
| SB_EC_C2TNB359V1 | C2TNB359V1 | |
| SB_EC_C2PNB368W1 | C2PNB368W1 | |
| SB_EC_C2TNB431R1 | C2TNB431R1 | |
| SB_EC_NISTP192 | NISTP192 | |
| SB_EC_NISTP224 | NISTP224 | |
| SB_EC_NISTP256 | NISTP256 | |
| SB_EC_NISTP384 | NISTP384 | |
| SB_EC_NISTP521 | NISTP521 | |
| SB_EC_NISTB163 | NISTB163 | |
| SB_EC_NISTB233 | NISTB233 | |
| SB_EC_NISTB283 | NISTB283 | |
| SB_EC_NISTB409 | NISTB409 | |
| SB_EC_NISTB571 | NISTB571 | |
| SB_EC_NISTK163 | NISTK163 | |
| SB_EC_NISTK233 | NISTK233 | |
| SB_EC_NISTK283 | NISTK283 | |
| SB_EC_NISTK409 | NISTK409 | |
| SB_EC_NISTK571 | NISTK571 | |
| SB_EC_GOSTCPTEST | GOSTCPTEST | |
| SB_EC_GOSTCPA | GOSTCPA | |
| SB_EC_GOSTCPB | GOSTCPB | |
| SB_EC_GOSTCPC | GOSTCPC | |
| SB_EC_GOSTCPXCHA | GOSTCPXCHA | |
| SB_EC_GOSTCPXCHB | GOSTCPXCHB | |
| SB_EC_BRAINPOOLP160R1 | BRAINPOOLP160R1 | |
| SB_EC_BRAINPOOLP160T1 | BRAINPOOLP160T1 | |
| SB_EC_BRAINPOOLP192R1 | BRAINPOOLP192R1 | |
| SB_EC_BRAINPOOLP192T1 | BRAINPOOLP192T1 | |
| SB_EC_BRAINPOOLP224R1 | BRAINPOOLP224R1 | |
| SB_EC_BRAINPOOLP224T1 | BRAINPOOLP224T1 | |
| SB_EC_BRAINPOOLP256R1 | BRAINPOOLP256R1 | |
| SB_EC_BRAINPOOLP256T1 | BRAINPOOLP256T1 | |
| SB_EC_BRAINPOOLP320R1 | BRAINPOOLP320R1 | |
| SB_EC_BRAINPOOLP320T1 | BRAINPOOLP320T1 | |
| SB_EC_BRAINPOOLP384R1 | BRAINPOOLP384R1 | |
| SB_EC_BRAINPOOLP384T1 | BRAINPOOLP384T1 | |
| SB_EC_BRAINPOOLP512R1 | BRAINPOOLP512R1 | |
| SB_EC_BRAINPOOLP512T1 | BRAINPOOLP512T1 | |
| SB_EC_CURVE25519 | CURVE25519 | |
| SB_EC_CURVE448 | CURVE448 |
This property is read-only and not available at design time.
Data Type
String
TSACertFingerprint Property (SecureBlackbox_CAdESVerifier Class)
Contains the fingerprint (a hash imprint) of this certificate.
Object Oriented Interface
public function getTSACertFingerprint();
Procedural Interface
secureblackbox_cadesverifier_get($res, 383 );
Remarks
Contains the fingerprint (a hash imprint) of this certificate.
This property is read-only and not available at design time.
Data Type
Byte Array
TSACertFriendlyName Property (SecureBlackbox_CAdESVerifier Class)
Contains an associated alias (friendly name) of the certificate.
Object Oriented Interface
public function getTSACertFriendlyName();
Procedural Interface
secureblackbox_cadesverifier_get($res, 384 );
Default Value
''
Remarks
Contains an associated alias (friendly name) of the certificate.
This property is read-only and not available at design time.
Data Type
String
TSACertHandle Property (SecureBlackbox_CAdESVerifier Class)
Allows to get or set a 'handle', a unique identifier of the underlying property object.
Object Oriented Interface
public function getTSACertHandle();
Procedural Interface
secureblackbox_cadesverifier_get($res, 385 );
Default Value
0
Remarks
Allows to get or set a 'handle', a unique identifier of the underlying property object. Use this property to assign objects of the same type in a quicker manner, without copying them fieldwise.
When you pass a handle of one object to another, the source object is copied to the destination rather than assigned. It is safe to get rid of the original object
after such operation.
pdfSigner.setSigningCertHandle(certMgr.getCertHandle());
This property is read-only and not available at design time.
Data Type
Long64
TSACertHashAlgorithm Property (SecureBlackbox_CAdESVerifier Class)
Specifies the hash algorithm to be used in the operations on the certificate (such as key signing) SB_HASH_ALGORITHM_SHA1 SHA1 SB_HASH_ALGORITHM_SHA224 SHA224 SB_HASH_ALGORITHM_SHA256 SHA256 SB_HASH_ALGORITHM_SHA384 SHA384 SB_HASH_ALGORITHM_SHA512 SHA512 SB_HASH_ALGORITHM_MD2 MD2 SB_HASH_ALGORITHM_MD4 MD4 SB_HASH_ALGORITHM_MD5 MD5 SB_HASH_ALGORITHM_RIPEMD160 RIPEMD160 SB_HASH_ALGORITHM_CRC32 CRC32 SB_HASH_ALGORITHM_SSL3 SSL3 SB_HASH_ALGORITHM_GOST_R3411_1994 GOST1994 SB_HASH_ALGORITHM_WHIRLPOOL WHIRLPOOL SB_HASH_ALGORITHM_POLY1305 POLY1305 SB_HASH_ALGORITHM_SHA3_224 SHA3_224 SB_HASH_ALGORITHM_SHA3_256 SHA3_256 SB_HASH_ALGORITHM_SHA3_384 SHA3_384 SB_HASH_ALGORITHM_SHA3_512 SHA3_512 SB_HASH_ALGORITHM_BLAKE2S_128 BLAKE2S_128 SB_HASH_ALGORITHM_BLAKE2S_160 BLAKE2S_160 SB_HASH_ALGORITHM_BLAKE2S_224 BLAKE2S_224 SB_HASH_ALGORITHM_BLAKE2S_256 BLAKE2S_256 SB_HASH_ALGORITHM_BLAKE2B_160 BLAKE2B_160 SB_HASH_ALGORITHM_BLAKE2B_256 BLAKE2B_256 SB_HASH_ALGORITHM_BLAKE2B_384 BLAKE2B_384 SB_HASH_ALGORITHM_BLAKE2B_512 BLAKE2B_512 SB_HASH_ALGORITHM_SHAKE_128 SHAKE_128 SB_HASH_ALGORITHM_SHAKE_256 SHAKE_256 SB_HASH_ALGORITHM_SHAKE_128_LEN SHAKE_128_LEN SB_HASH_ALGORITHM_SHAKE_256_LEN SHAKE_256_LEN .
Object Oriented Interface
public function getTSACertHashAlgorithm();
Procedural Interface
secureblackbox_cadesverifier_get($res, 386 );
Default Value
''
Remarks
Specifies the hash algorithm to be used in the operations on the certificate (such as key signing)
| SB_HASH_ALGORITHM_SHA1 | SHA1 | |
| SB_HASH_ALGORITHM_SHA224 | SHA224 | |
| SB_HASH_ALGORITHM_SHA256 | SHA256 | |
| SB_HASH_ALGORITHM_SHA384 | SHA384 | |
| SB_HASH_ALGORITHM_SHA512 | SHA512 | |
| SB_HASH_ALGORITHM_MD2 | MD2 | |
| SB_HASH_ALGORITHM_MD4 | MD4 | |
| SB_HASH_ALGORITHM_MD5 | MD5 | |
| SB_HASH_ALGORITHM_RIPEMD160 | RIPEMD160 | |
| SB_HASH_ALGORITHM_CRC32 | CRC32 | |
| SB_HASH_ALGORITHM_SSL3 | SSL3 | |
| SB_HASH_ALGORITHM_GOST_R3411_1994 | GOST1994 | |
| SB_HASH_ALGORITHM_WHIRLPOOL | WHIRLPOOL | |
| SB_HASH_ALGORITHM_POLY1305 | POLY1305 | |
| SB_HASH_ALGORITHM_SHA3_224 | SHA3_224 | |
| SB_HASH_ALGORITHM_SHA3_256 | SHA3_256 | |
| SB_HASH_ALGORITHM_SHA3_384 | SHA3_384 | |
| SB_HASH_ALGORITHM_SHA3_512 | SHA3_512 | |
| SB_HASH_ALGORITHM_BLAKE2S_128 | BLAKE2S_128 | |
| SB_HASH_ALGORITHM_BLAKE2S_160 | BLAKE2S_160 | |
| SB_HASH_ALGORITHM_BLAKE2S_224 | BLAKE2S_224 | |
| SB_HASH_ALGORITHM_BLAKE2S_256 | BLAKE2S_256 | |
| SB_HASH_ALGORITHM_BLAKE2B_160 | BLAKE2B_160 | |
| SB_HASH_ALGORITHM_BLAKE2B_256 | BLAKE2B_256 | |
| SB_HASH_ALGORITHM_BLAKE2B_384 | BLAKE2B_384 | |
| SB_HASH_ALGORITHM_BLAKE2B_512 | BLAKE2B_512 | |
| SB_HASH_ALGORITHM_SHAKE_128 | SHAKE_128 | |
| SB_HASH_ALGORITHM_SHAKE_256 | SHAKE_256 | |
| SB_HASH_ALGORITHM_SHAKE_128_LEN | SHAKE_128_LEN | |
| SB_HASH_ALGORITHM_SHAKE_256_LEN | SHAKE_256_LEN |
This property is read-only and not available at design time.
Data Type
String
TSACertIssuer Property (SecureBlackbox_CAdESVerifier Class)
The common name of the certificate issuer (CA), typically a company name.
Object Oriented Interface
public function getTSACertIssuer();
Procedural Interface
secureblackbox_cadesverifier_get($res, 387 );
Default Value
''
Remarks
The common name of the certificate issuer (CA), typically a company name.
This property is read-only and not available at design time.
Data Type
String
TSACertIssuerRDN Property (SecureBlackbox_CAdESVerifier Class)
A collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate issuer.
Object Oriented Interface
public function getTSACertIssuerRDN();
Procedural Interface
secureblackbox_cadesverifier_get($res, 388 );
Default Value
''
Remarks
A collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate issuer.
This property is read-only and not available at design time.
Data Type
String
TSACertKeyAlgorithm Property (SecureBlackbox_CAdESVerifier Class)
Specifies the public key algorithm of this certificate.
Object Oriented Interface
public function getTSACertKeyAlgorithm();
Procedural Interface
secureblackbox_cadesverifier_get($res, 389 );
Default Value
'0'
Remarks
Specifies the public key algorithm of this certificate.
| SB_CERT_ALGORITHM_ID_RSA_ENCRYPTION | rsaEncryption | |
| SB_CERT_ALGORITHM_MD2_RSA_ENCRYPTION | md2withRSAEncryption | |
| SB_CERT_ALGORITHM_MD5_RSA_ENCRYPTION | md5withRSAEncryption | |
| SB_CERT_ALGORITHM_SHA1_RSA_ENCRYPTION | sha1withRSAEncryption | |
| SB_CERT_ALGORITHM_ID_DSA | id-dsa | |
| SB_CERT_ALGORITHM_ID_DSA_SHA1 | id-dsa-with-sha1 | |
| SB_CERT_ALGORITHM_DH_PUBLIC | dhpublicnumber | |
| SB_CERT_ALGORITHM_SHA224_RSA_ENCRYPTION | sha224WithRSAEncryption | |
| SB_CERT_ALGORITHM_SHA256_RSA_ENCRYPTION | sha256WithRSAEncryption | |
| SB_CERT_ALGORITHM_SHA384_RSA_ENCRYPTION | sha384WithRSAEncryption | |
| SB_CERT_ALGORITHM_SHA512_RSA_ENCRYPTION | sha512WithRSAEncryption | |
| SB_CERT_ALGORITHM_ID_RSAPSS | id-RSASSA-PSS | |
| SB_CERT_ALGORITHM_ID_RSAOAEP | id-RSAES-OAEP | |
| SB_CERT_ALGORITHM_RSASIGNATURE_RIPEMD160 | ripemd160withRSA | |
| SB_CERT_ALGORITHM_ID_ELGAMAL | elGamal | |
| SB_CERT_ALGORITHM_SHA1_ECDSA | ecdsa-with-SHA1 | |
| SB_CERT_ALGORITHM_RECOMMENDED_ECDSA | ecdsa-recommended | |
| SB_CERT_ALGORITHM_SHA224_ECDSA | ecdsa-with-SHA224 | |
| SB_CERT_ALGORITHM_SHA256_ECDSA | ecdsa-with-SHA256 | |
| SB_CERT_ALGORITHM_SHA384_ECDSA | ecdsa-with-SHA384 | |
| SB_CERT_ALGORITHM_SHA512_ECDSA | ecdsa-with-SHA512 | |
| SB_CERT_ALGORITHM_EC | id-ecPublicKey | |
| SB_CERT_ALGORITHM_SPECIFIED_ECDSA | ecdsa-specified | |
| SB_CERT_ALGORITHM_GOST_R3410_1994 | id-GostR3410-94 | |
| SB_CERT_ALGORITHM_GOST_R3410_2001 | id-GostR3410-2001 | |
| SB_CERT_ALGORITHM_GOST_R3411_WITH_R3410_1994 | id-GostR3411-94-with-GostR3410-94 | |
| SB_CERT_ALGORITHM_GOST_R3411_WITH_R3410_2001 | id-GostR3411-94-with-GostR3410-2001 | |
| SB_CERT_ALGORITHM_SHA1_ECDSA_PLAIN | ecdsa-plain-SHA1 | |
| SB_CERT_ALGORITHM_SHA224_ECDSA_PLAIN | ecdsa-plain-SHA224 | |
| SB_CERT_ALGORITHM_SHA256_ECDSA_PLAIN | ecdsa-plain-SHA256 | |
| SB_CERT_ALGORITHM_SHA384_ECDSA_PLAIN | ecdsa-plain-SHA384 | |
| SB_CERT_ALGORITHM_SHA512_ECDSA_PLAIN | ecdsa-plain-SHA512 | |
| SB_CERT_ALGORITHM_RIPEMD160_ECDSA_PLAIN | ecdsa-plain-RIPEMD160 | |
| SB_CERT_ALGORITHM_WHIRLPOOL_RSA_ENCRYPTION | whirlpoolWithRSAEncryption | |
| SB_CERT_ALGORITHM_ID_DSA_SHA224 | id-dsa-with-sha224 | |
| SB_CERT_ALGORITHM_ID_DSA_SHA256 | id-dsa-with-sha256 | |
| SB_CERT_ALGORITHM_SHA3_224_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-sha3-224 | |
| SB_CERT_ALGORITHM_SHA3_256_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-sha3-256 | |
| SB_CERT_ALGORITHM_SHA3_384_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-sha3-384 | |
| SB_CERT_ALGORITHM_SHA3_512_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-sha3-512 | |
| SB_CERT_ALGORITHM_SHA3_224_ECDSA | id-ecdsa-with-sha3-224 | |
| SB_CERT_ALGORITHM_SHA3_256_ECDSA | id-ecdsa-with-sha3-256 | |
| SB_CERT_ALGORITHM_SHA3_384_ECDSA | id-ecdsa-with-sha3-384 | |
| SB_CERT_ALGORITHM_SHA3_512_ECDSA | id-ecdsa-with-sha3-512 | |
| SB_CERT_ALGORITHM_SHA3_224_ECDSA_PLAIN | id-ecdsa-plain-with-sha3-224 | |
| SB_CERT_ALGORITHM_SHA3_256_ECDSA_PLAIN | id-ecdsa-plain-with-sha3-256 | |
| SB_CERT_ALGORITHM_SHA3_384_ECDSA_PLAIN | id-ecdsa-plain-with-sha3-384 | |
| SB_CERT_ALGORITHM_SHA3_512_ECDSA_PLAIN | id-ecdsa-plain-with-sha3-512 | |
| SB_CERT_ALGORITHM_ID_DSA_SHA3_224 | id-dsa-with-sha3-224 | |
| SB_CERT_ALGORITHM_ID_DSA_SHA3_256 | id-dsa-with-sha3-256 | |
| SB_CERT_ALGORITHM_BLAKE2S_128_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2s128 | |
| SB_CERT_ALGORITHM_BLAKE2S_160_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2s160 | |
| SB_CERT_ALGORITHM_BLAKE2S_224_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2s224 | |
| SB_CERT_ALGORITHM_BLAKE2S_256_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2s256 | |
| SB_CERT_ALGORITHM_BLAKE2B_160_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2b160 | |
| SB_CERT_ALGORITHM_BLAKE2B_256_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2b256 | |
| SB_CERT_ALGORITHM_BLAKE2B_384_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2b384 | |
| SB_CERT_ALGORITHM_BLAKE2B_512_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2b512 | |
| SB_CERT_ALGORITHM_BLAKE2S_128_ECDSA | id-ecdsa-with-blake2s128 | |
| SB_CERT_ALGORITHM_BLAKE2S_160_ECDSA | id-ecdsa-with-blake2s160 | |
| SB_CERT_ALGORITHM_BLAKE2S_224_ECDSA | id-ecdsa-with-blake2s224 | |
| SB_CERT_ALGORITHM_BLAKE2S_256_ECDSA | id-ecdsa-with-blake2s256 | |
| SB_CERT_ALGORITHM_BLAKE2B_160_ECDSA | id-ecdsa-with-blake2b160 | |
| SB_CERT_ALGORITHM_BLAKE2B_256_ECDSA | id-ecdsa-with-blake2b256 | |
| SB_CERT_ALGORITHM_BLAKE2B_384_ECDSA | id-ecdsa-with-blake2b384 | |
| SB_CERT_ALGORITHM_BLAKE2B_512_ECDSA | id-ecdsa-with-blake2b512 | |
| SB_CERT_ALGORITHM_BLAKE2S_128_ECDSA_PLAIN | id-ecdsa-plain-with-blake2s128 | |
| SB_CERT_ALGORITHM_BLAKE2S_160_ECDSA_PLAIN | id-ecdsa-plain-with-blake2s160 | |
| SB_CERT_ALGORITHM_BLAKE2S_224_ECDSA_PLAIN | id-ecdsa-plain-with-blake2s224 | |
| SB_CERT_ALGORITHM_BLAKE2S_256_ECDSA_PLAIN | id-ecdsa-plain-with-blake2s256 | |
| SB_CERT_ALGORITHM_BLAKE2B_160_ECDSA_PLAIN | id-ecdsa-plain-with-blake2b160 | |
| SB_CERT_ALGORITHM_BLAKE2B_256_ECDSA_PLAIN | id-ecdsa-plain-with-blake2b256 | |
| SB_CERT_ALGORITHM_BLAKE2B_384_ECDSA_PLAIN | id-ecdsa-plain-with-blake2b384 | |
| SB_CERT_ALGORITHM_BLAKE2B_512_ECDSA_PLAIN | id-ecdsa-plain-with-blake2b512 | |
| SB_CERT_ALGORITHM_ID_DSA_BLAKE2S_224 | id-dsa-with-blake2s224 | |
| SB_CERT_ALGORITHM_ID_DSA_BLAKE2S_256 | id-dsa-with-blake2s256 | |
| SB_CERT_ALGORITHM_EDDSA_ED25519 | id-Ed25519 | |
| SB_CERT_ALGORITHM_EDDSA_ED448 | id-Ed448 | |
| SB_CERT_ALGORITHM_EDDSA_ED25519_PH | id-Ed25519ph | |
| SB_CERT_ALGORITHM_EDDSA_ED448_PH | id-Ed448ph | |
| SB_CERT_ALGORITHM_EDDSA | id-EdDSA | |
| SB_CERT_ALGORITHM_EDDSA_SIGNATURE | id-EdDSA-sig |
This property is read-only and not available at design time.
Data Type
String
TSACertKeyBits Property (SecureBlackbox_CAdESVerifier Class)
Returns the length of the public key.
Object Oriented Interface
public function getTSACertKeyBits();
Procedural Interface
secureblackbox_cadesverifier_get($res, 390 );
Default Value
0
Remarks
Returns the length of the public key.
This property is read-only and not available at design time.
Data Type
Integer
TSACertKeyFingerprint Property (SecureBlackbox_CAdESVerifier Class)
Returns a fingerprint of the public key contained in the certificate.
Object Oriented Interface
public function getTSACertKeyFingerprint();
Procedural Interface
secureblackbox_cadesverifier_get($res, 391 );
Remarks
Returns a fingerprint of the public key contained in the certificate.
This property is read-only and not available at design time.
Data Type
Byte Array
TSACertKeyUsage Property (SecureBlackbox_CAdESVerifier Class)
Indicates the purposes of the key contained in the certificate, in the form of an OR'ed flag set.
Object Oriented Interface
public function getTSACertKeyUsage();
Procedural Interface
secureblackbox_cadesverifier_get($res, 392 );
Default Value
0
Remarks
Indicates the purposes of the key contained in the certificate, in the form of an OR'ed flag set.
This value is a bit mask of the following values:
| ckuUnknown | 0x00000 | Unknown key usage |
| ckuDigitalSignature | 0x00001 | Digital signature |
| ckuNonRepudiation | 0x00002 | Non-repudiation |
| ckuKeyEncipherment | 0x00004 | Key encipherment |
| ckuDataEncipherment | 0x00008 | Data encipherment |
| ckuKeyAgreement | 0x00010 | Key agreement |
| ckuKeyCertSign | 0x00020 | Certificate signing |
| ckuCRLSign | 0x00040 | Revocation signing |
| ckuEncipherOnly | 0x00080 | Encipher only |
| ckuDecipherOnly | 0x00100 | Decipher only |
| ckuServerAuthentication | 0x00200 | Server authentication |
| ckuClientAuthentication | 0x00400 | Client authentication |
| ckuCodeSigning | 0x00800 | Code signing |
| ckuEmailProtection | 0x01000 | Email protection |
| ckuTimeStamping | 0x02000 | Timestamping |
| ckuOCSPSigning | 0x04000 | OCSP signing |
| ckuSmartCardLogon | 0x08000 | Smartcard logon |
| ckuKeyPurposeClientAuth | 0x10000 | Kerberos - client authentication |
| ckuKeyPurposeKDC | 0x20000 | Kerberos - KDC |
This property is read-only and not available at design time.
Data Type
Integer
TSACertKeyValid Property (SecureBlackbox_CAdESVerifier Class)
Returns True if the certificate's key is cryptographically valid, and False otherwise.
Object Oriented Interface
public function getTSACertKeyValid();
Procedural Interface
secureblackbox_cadesverifier_get($res, 393 );
Default Value
false
Remarks
Returns True if the certificate's key is cryptographically valid, and False otherwise.
This property is read-only and not available at design time.
Data Type
Boolean
TSACertOCSPLocations Property (SecureBlackbox_CAdESVerifier Class)
Locations of OCSP (Online Certificate Status Protocol) services that can be used to check this certificate's validity, as recorded by the CA.
Object Oriented Interface
public function getTSACertOCSPLocations();
Procedural Interface
secureblackbox_cadesverifier_get($res, 394 );
Default Value
''
Remarks
Locations of OCSP (Online Certificate Status Protocol) services that can be used to check this certificate's validity, as recorded by the CA.
This property is read-only and not available at design time.
Data Type
String
TSACertPolicyIDs Property (SecureBlackbox_CAdESVerifier Class)
Contains identifiers (OIDs) of the applicable certificate policies.
Object Oriented Interface
public function getTSACertPolicyIDs();
Procedural Interface
secureblackbox_cadesverifier_get($res, 397 );
Default Value
''
Remarks
Contains identifiers (OIDs) of the applicable certificate policies.
The Certificate Policies extension identifies a sequence of policies under which the certificate has been issued, and which regulate its usage.
This property is read-only and not available at design time.
Data Type
String
TSACertPublicKeyBytes Property (SecureBlackbox_CAdESVerifier Class)
Contains the certificate's public key in DER format.
Object Oriented Interface
public function getTSACertPublicKeyBytes();
Procedural Interface
secureblackbox_cadesverifier_get($res, 401 );
Remarks
Contains the certificate's public key in DER format.
This property is read-only and not available at design time.
Data Type
Byte Array
TSACertSelfSigned Property (SecureBlackbox_CAdESVerifier Class)
Indicates whether the certificate is self-signed (root) or signed by an external CA.
Object Oriented Interface
public function getTSACertSelfSigned();
Procedural Interface
secureblackbox_cadesverifier_get($res, 403 );
Default Value
false
Remarks
Indicates whether the certificate is self-signed (root) or signed by an external CA.
This property is read-only and not available at design time.
Data Type
Boolean
TSACertSerialNumber Property (SecureBlackbox_CAdESVerifier Class)
Returns the certificate's serial number.
Object Oriented Interface
public function getTSACertSerialNumber();
Procedural Interface
secureblackbox_cadesverifier_get($res, 404 );
Remarks
Returns the certificate's serial number.
This property is read-only and not available at design time.
Data Type
Byte Array
TSACertSigAlgorithm Property (SecureBlackbox_CAdESVerifier Class)
Indicates the algorithm that was used by the CA to sign this certificate.
Object Oriented Interface
public function getTSACertSigAlgorithm();
Procedural Interface
secureblackbox_cadesverifier_get($res, 405 );
Default Value
''
Remarks
Indicates the algorithm that was used by the CA to sign this certificate.
This property is read-only and not available at design time.
Data Type
String
TSACertSubject Property (SecureBlackbox_CAdESVerifier Class)
The common name of the certificate holder, typically an individual's name, a URL, an e-mail address, or a company name.
Object Oriented Interface
public function getTSACertSubject();
Procedural Interface
secureblackbox_cadesverifier_get($res, 406 );
Default Value
''
Remarks
The common name of the certificate holder, typically an individual's name, a URL, an e-mail address, or a company name.
This property is read-only and not available at design time.
Data Type
String
TSACertSubjectKeyID Property (SecureBlackbox_CAdESVerifier Class)
Contains a unique identifier (fingerprint) of the certificate's private key.
Object Oriented Interface
public function getTSACertSubjectKeyID();
Procedural Interface
secureblackbox_cadesverifier_get($res, 408 );
Remarks
Contains a unique identifier (fingerprint) of the certificate's private key.
Subject Key Identifier is a (non-critical) X.509 certificate extension which allows the identification of certificates containing a particular public key. In SecureBlackbox, the unique identifier is represented with a SHA1 hash of the bit string of the subject public key.
This property is read-only and not available at design time.
Data Type
Byte Array
TSACertSubjectRDN Property (SecureBlackbox_CAdESVerifier Class)
A collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate holder (subject).
Object Oriented Interface
public function getTSACertSubjectRDN();
Procedural Interface
secureblackbox_cadesverifier_get($res, 409 );
Default Value
''
Remarks
A collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate holder (subject).
This property is read-only and not available at design time.
Data Type
String
TSACertValidFrom Property (SecureBlackbox_CAdESVerifier Class)
The time point at which the certificate becomes valid, in UTC.
Object Oriented Interface
public function getTSACertValidFrom();
Procedural Interface
secureblackbox_cadesverifier_get($res, 410 );
Default Value
''
Remarks
The time point at which the certificate becomes valid, in UTC.
This property is read-only and not available at design time.
Data Type
String
TSACertValidTo Property (SecureBlackbox_CAdESVerifier Class)
The time point at which the certificate expires, in UTC.
Object Oriented Interface
public function getTSACertValidTo();
Procedural Interface
secureblackbox_cadesverifier_get($res, 411 );
Default Value
''
Remarks
The time point at which the certificate expires, in UTC.
This property is read-only and not available at design time.
Data Type
String
UnsignedAttributeCount Property (SecureBlackbox_CAdESVerifier Class)
The number of records in the UnsignedAttribute arrays.
Object Oriented Interface
public function getUnsignedAttributeCount();
Procedural Interface
secureblackbox_cadesverifier_get($res, 412 );
Default Value
0
Remarks
This property controls the size of the following arrays:
The array indices start at 0 and end at UnsignedAttributeCount - 1.This property is read-only and not available at design time.
Data Type
Integer
UnsignedAttributeOID Property (SecureBlackbox_CAdESVerifier Class)
The object identifier of the attribute.
Object Oriented Interface
public function getUnsignedAttributeOID($unsignedattributeindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 413 , $unsignedattributeindex);
Default Value
''
Remarks
The object identifier of the attribute.
The $unsignedattributeindex parameter specifies the index of the item in the array. The size of the array is controlled by the UnsignedAttributeCount property.
This property is read-only and not available at design time.
Data Type
String
UnsignedAttributeValue Property (SecureBlackbox_CAdESVerifier Class)
The value of the attribute.
Object Oriented Interface
public function getUnsignedAttributeValue($unsignedattributeindex);
Procedural Interface
secureblackbox_cadesverifier_get($res, 414 , $unsignedattributeindex);
Remarks
The value of the attribute.
The $unsignedattributeindex parameter specifies the index of the item in the array. The size of the array is controlled by the UnsignedAttributeCount property.
This property is read-only and not available at design time.
Data Type
Byte Array
ValidationMoment Property (SecureBlackbox_CAdESVerifier Class)
The time point at which signature validity is to be established.
Object Oriented Interface
public function getValidationMoment(); public function setValidationMoment($value);
Procedural Interface
secureblackbox_cadesverifier_get($res, 415 ); secureblackbox_cadesverifier_set($res, 415, $value );
Default Value
''
Remarks
Use this property to specify the moment in time at which signature validity should be established. The time is in UTC. Leave the setting empty to stick to the default moment (either the signature creation time or the current time).
The validity of the same signature may differ depending on the time point chosen due to temporal changes in chain validities, revocation statuses, and timestamp times.
Data Type
String
Config Method (SecureBlackbox_CAdESVerifier Class)
Sets or retrieves a configuration setting.
Object Oriented Interface
public function doConfig($configurationstring);
Procedural Interface
secureblackbox_cadesverifier_do_config($res, $configurationstring);
Remarks
Config is a generic method available in every class. It is used to set and retrieve configuration settings for the class.
These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.
To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).
To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.
DoAction Method (SecureBlackbox_CAdESVerifier Class)
Performs an additional action.
Object Oriented Interface
public function doDoAction($actionid, $actionparams);
Procedural Interface
secureblackbox_cadesverifier_do_doaction($res, $actionid, $actionparams);
Remarks
DoAction is a generic method available in every class. It is used to perform an additional action introduced after the product major release. The list of actions is not fixed, and may be flexibly extended over time.
The unique identifier (case insensitive) of the action is provided in the ActionID parameter.
ActionParams contains the value of a single parameter, or a list of multiple parameters for the action in the form of PARAM1=VALUE1;PARAM2=VALUE2;....
Verify Method (SecureBlackbox_CAdESVerifier Class)
Verifies a digitally signed CAdES message.
Object Oriented Interface
public function doVerify();
Procedural Interface
secureblackbox_cadesverifier_do_verify($res);
Remarks
CAdESVerifier supports two types of signatures: enveloping and detached. In the enveloping case, both the data and the signature travel in the same 'combined' message. The detached variant observes the signature and the data (in its original form) residing in different files.
Call this method to verify enveloping signatures provided via InputStream or InputFile property, and extract the embedded data to OutputFile or OutputStream. Use VerifyDetached to verify detached signatures.
VerifyDetached Method (SecureBlackbox_CAdESVerifier Class)
Verifies a detached CAdES signature.
Object Oriented Interface
public function doVerifyDetached();
Procedural Interface
secureblackbox_cadesverifier_do_verifydetached($res);
Remarks
Use this method to verify detached signatures. Pass the signature via InputStream or InputFile property, and the data via DataStream or DataFile property.
Use Verify to verify enveloping (non-detached) signatures.
ChainElementDownload Event (SecureBlackbox_CAdESVerifier Class)
Fires when there is a need to download a chain element from an online source.
Object Oriented Interface
public function fireChainElementDownload($param);
Procedural Interface
secureblackbox_cadesverifier_register_callback($res, 1, array($this, 'fireChainElementDownload'));
Parameter List
'kind'
'certrdn'
'cacertrdn'
'location'
'action'
Remarks
Subscribe to this event to be notified about validation element retrievals. Use the Action parameter to suppress the download if required.
| veaAuto | 0 | Handle the action automatically (the default behaviour) |
| veaContinue | 1 | Accept the request implied by the event (accept the certificate, allow the object retrieval) |
| veaReject | 2 | Reject the request implied by the event (reject the certificate, disallow the object retrieval) |
| veaAcceptNow | 3 | Accept the validated certificate immediately |
| veaAbortNow | 4 | Abort the validation, reject the certificate |
ChainElementNeeded Event (SecureBlackbox_CAdESVerifier Class)
Fires when an element required to validate the chain was not located.
Object Oriented Interface
public function fireChainElementNeeded($param);
Procedural Interface
secureblackbox_cadesverifier_register_callback($res, 2, array($this, 'fireChainElementNeeded'));
Parameter List
'kind'
'certrdn'
'cacertrdn'
Remarks
Subscribe to this event to be notified about missing validation elements. Use the KnownCRLs, KnownCertificates, and KnownOCSPs properties in the event handler to provide the missing piece.
ChainValidated Event (SecureBlackbox_CAdESVerifier Class)
Reports the completion of a certificate chain validation.
Object Oriented Interface
public function fireChainValidated($param);
Procedural Interface
secureblackbox_cadesverifier_register_callback($res, 3, array($this, 'fireChainValidated'));
Parameter List
'subjectrdn'
'validationresult'
'validationdetails'
Remarks
This event is fired when a certificate chain validation routine completes. SubjectRDN identifies the owner of the validated certificate.
ValidationResult set to 0 (zero) indicates successful chain validation.
| cvtValid | 0 | The chain is valid |
| cvtValidButUntrusted | 1 | The chain is valid, but the root certificate is not trusted |
| cvtInvalid | 2 | The chain is not valid (some of certificates are revoked, expired, or contain an invalid signature) |
| cvtCantBeEstablished | 3 | The validity of the chain cannot be established because of missing or unavailable validation information (certificates, CRLs, or OCSP responses) |
| cvrBadData | 0x0001 | One or more certificates in the validation path are malformed |
| cvrRevoked | 0x0002 | One or more certificates are revoked |
| cvrNotYetValid | 0x0004 | One or more certificates are not yet valid |
| cvrExpired | 0x0008 | One or more certificates are expired |
| cvrInvalidSignature | 0x0010 | A certificate contains a non-valid digital signature |
| cvrUnknownCA | 0x0020 | A CA certificate for one or more certificates has not been found (chain incomplete) |
| cvrCAUnauthorized | 0x0040 | One of the CA certificates are not authorized to act as CA |
| cvrCRLNotVerified | 0x0080 | One or more CRLs could not be verified |
| cvrOCSPNotVerified | 0x0100 | One or more OCSP responses could not be verified |
| cvrIdentityMismatch | 0x0200 | The identity protected by the certificate (a TLS endpoint or an e-mail addressee) does not match what is recorded in the certificate |
| cvrNoKeyUsage | 0x0400 | A mandatory key usage is not enabled in one of the chain certificates |
| cvrBlocked | 0x0800 | One or more certificates are blocked |
| cvrFailure | 0x1000 | General validation failure |
| cvrChainLoop | 0x2000 | Chain loop: one of the CA certificates recursively signs itself |
| cvrWeakAlgorithm | 0x4000 | A weak algorithm is used in one of certificates or revocation elements |
| cvrUserEnforced | 0x8000 | The chain was considered invalid following intervention from a user code |
ChainValidationProgress Event (SecureBlackbox_CAdESVerifier Class)
This event is fired multiple times during chain validation to report various stages of the validation procedure.
Object Oriented Interface
public function fireChainValidationProgress($param);
Procedural Interface
secureblackbox_cadesverifier_register_callback($res, 4, array($this, 'fireChainValidationProgress'));
Parameter List
'eventkind'
'certrdn'
'cacertrdn'
'action'
Remarks
Subscribe to this event to be notified about chain validation progress. Use the Action parameter to alter the validation flow.
The EventKind parameter reports the nature of the event being reported. The CertRDN and CACertRDN parameters report the distinguished names of the certificates that are relevant for the event invocation (one or both can be empty, depending on EventKind). Use the Action parameter to adjust the validation flow.
| veaAuto | 0 | Handle the action automatically (the default behaviour) |
| veaContinue | 1 | Accept the request implied by the event (accept the certificate, allow the object retrieval) |
| veaReject | 2 | Reject the request implied by the event (reject the certificate, disallow the object retrieval) |
| veaAcceptNow | 3 | Accept the validated certificate immediately |
| veaAbortNow | 4 | Abort the validation, reject the certificate |
Error Event (SecureBlackbox_CAdESVerifier Class)
Information about errors during CAdES verification.
Object Oriented Interface
public function fireError($param);
Procedural Interface
secureblackbox_cadesverifier_register_callback($res, 5, array($this, 'fireError'));
Parameter List
'errorcode'
'description'
Remarks
The event is fired in case of exceptional conditions during message processing.
ErrorCode contains an error code and Description contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Messages section.
Notification Event (SecureBlackbox_CAdESVerifier Class)
This event notifies the application about an underlying control flow event.
Object Oriented Interface
public function fireNotification($param);
Procedural Interface
secureblackbox_cadesverifier_register_callback($res, 6, array($this, 'fireNotification'));
Parameter List
'eventid'
'eventparam'
Remarks
The class fires this event to let the application know about some event, occurrence, or milestone in the class. For example, it may fire to report completion of the document processing. The list of events being reported is not fixed, and may be flexibly extended over time.
The unique identifier of the event is provided in the EventID parameter. EventParam contains any parameters accompanying the occurrence. Depending on the type of the class, the exact action it is performing, or the document being processed, one or both may be omitted.
SignatureFound Event (SecureBlackbox_CAdESVerifier Class)
Signifies the start of individual signature validation.
Object Oriented Interface
public function fireSignatureFound($param);
Procedural Interface
secureblackbox_cadesverifier_register_callback($res, 7, array($this, 'fireSignatureFound'));
Parameter List
'scope'
'issuerrdn'
'serialnumber'
'subjectkeyid'
'certfound'
'last'
'validatesignature'
'validatechain'
Remarks
This event tells the application that signature validation is about to start, and provides the details about the signature, via its Scope parameter, and the signer's certificate via IssuerRDN, SerialNumber, and SubjectKeyID parameters. It fires for every signature located in the verified document or message, including sub-signatures made over timestamps and countersignatures.
| cssUnknown | 0 | The scope of signature is unknown |
| cssData | 1 | The signature is a top-level signature over the data |
| cssSignature | 2 | The signature is a countersignature, and is made over another signature |
| cssTimestamp | 3 | The signature is made over a timestamp |
The CertFound is set to True if the class has found the needed certificate in one of the known locations, and to False otherwise, in which case you must provide it manually via KnownCertificates property.
Signature validation consists of two independent stages: cryptographic signature validation and chain validation. Separate validation results are reported for each, with SignatureValidationResult and ChainValidationResult properties respectively.
Use the ValidateSignature and ValidateChain parameters to tell the verifier which stages to include in the validation.
SignatureProcessed Event (SecureBlackbox_CAdESVerifier Class)
Reports the completion of signature processing.
Object Oriented Interface
public function fireSignatureProcessed($param);
Procedural Interface
secureblackbox_cadesverifier_register_callback($res, 8, array($this, 'fireSignatureProcessed'));
Parameter List
'validationresult'
'chainvalidationresult'
'chainvalidationdetails'
'last'
'proceed'
Remarks
This event reports the completion of signature processing. By the time it fires, any embedded timestamps and countersignatures have been processed.
The ValidationResult, ChainValidationResult, and ChainValidationDetails summarize the validation outcomes. The Last parameter tells if the signature is the last one on this level.
| svtValid | 0 | The signature is valid |
| svtUnknown | 1 | Signature validity is unknown |
| svtCorrupted | 2 | The signature is corrupted |
| svtSignerNotFound | 3 | Failed to acquire the signing certificate. The signature cannot be validated. |
| svtFailure | 4 | General failure |
| cvtValid | 0 | The chain is valid |
| cvtValidButUntrusted | 1 | The chain is valid, but the root certificate is not trusted |
| cvtInvalid | 2 | The chain is not valid (some of certificates are revoked, expired, or contain an invalid signature) |
| cvtCantBeEstablished | 3 | The validity of the chain cannot be established because of missing or unavailable validation information (certificates, CRLs, or OCSP responses) |
| cvrBadData | 0x0001 | One or more certificates in the validation path are malformed |
| cvrRevoked | 0x0002 | One or more certificates are revoked |
| cvrNotYetValid | 0x0004 | One or more certificates are not yet valid |
| cvrExpired | 0x0008 | One or more certificates are expired |
| cvrInvalidSignature | 0x0010 | A certificate contains a non-valid digital signature |
| cvrUnknownCA | 0x0020 | A CA certificate for one or more certificates has not been found (chain incomplete) |
| cvrCAUnauthorized | 0x0040 | One of the CA certificates are not authorized to act as CA |
| cvrCRLNotVerified | 0x0080 | One or more CRLs could not be verified |
| cvrOCSPNotVerified | 0x0100 | One or more OCSP responses could not be verified |
| cvrIdentityMismatch | 0x0200 | The identity protected by the certificate (a TLS endpoint or an e-mail addressee) does not match what is recorded in the certificate |
| cvrNoKeyUsage | 0x0400 | A mandatory key usage is not enabled in one of the chain certificates |
| cvrBlocked | 0x0800 | One or more certificates are blocked |
| cvrFailure | 0x1000 | General validation failure |
| cvrChainLoop | 0x2000 | Chain loop: one of the CA certificates recursively signs itself |
| cvrWeakAlgorithm | 0x4000 | A weak algorithm is used in one of certificates or revocation elements |
| cvrUserEnforced | 0x8000 | The chain was considered invalid following intervention from a user code |
SignatureValidated Event (SecureBlackbox_CAdESVerifier Class)
Marks the completion of the signature validation routine.
Object Oriented Interface
public function fireSignatureValidated($param);
Procedural Interface
secureblackbox_cadesverifier_register_callback($res, 9, array($this, 'fireSignatureValidated'));
Parameter List
'validationresult'
'proceed'
Remarks
This event is fired upon the completion of the cryptographic signature validation routine, and reports the respective result. It fires before the component proceeds to detailed signature inspection, which involves timestamp and countersignature processing.
ValidationResult is set to 0 if the validation has been successful, or to a non-zero value in case of a validation failure.
| svtValid | 0 | The signature is valid |
| svtUnknown | 1 | Signature validity is unknown |
| svtCorrupted | 2 | The signature is corrupted |
| svtSignerNotFound | 3 | Failed to acquire the signing certificate. The signature cannot be validated. |
| svtFailure | 4 | General failure |
TimestampFound Event (SecureBlackbox_CAdESVerifier Class)
Signifies the start of timestamp validation routine.
Object Oriented Interface
public function fireTimestampFound($param);
Procedural Interface
secureblackbox_cadesverifier_register_callback($res, 10, array($this, 'fireTimestampFound'));
Parameter List
'timestamptype'
'time'
'issuerrdn'
'serialnumber'
'subjectkeyid'
'certfound'
'last'
'validatetimestamp'
'validatechain'
Remarks
This event fires for every timestamp identified during signature processing, and reports the details about the signer's certificate via its IssuerRDN, SerialNumber, and SubjectKeyID parameters.
The CertFound is set to True if the class has found the needed certificate in one of the known locations, and to False otherwise, in which case you must provide it manually via KnownCertificates property.
Just like with signature validation, timestamp validation consists of two independent stages: cryptographic signature validation and chain validation. Separate validation results are reported for each, with SignatureValidationResult and ChainValidationResult properties respectively.
Use the ValidateSignature and ValidateChain parameters to tell the verifier which stages to include in the validation.
| tstUnknown | 0 | |
| tstLegacy | 1 | Supported by: Authenticode components |
| tstTrusted | 2 | Supported by: Authenticode components |
| tstGeneric | 3 | Supported by: CAdES components |
| tstESC | 4 | Supported by: CAdES components |
| tstContent | 5 | Supported by: CAdES components |
| tstCertsAndCRLs | 6 | Supported by: CAdES components |
| tstArchive | 7 | Archive timestamp. Supported by: ASiC, CAdES, JAdES, Office, SOAP, XAdES components |
| tstArchive2 | 8 | Archive v2 timestamp. Supported by: ASiC, CAdES components |
| tstArchive3 | 9 | Archive v3 timestamp. Supported by: ASiC, CAdES components |
| tstIndividualDataObjects | 10 | Individual data objects timetamp. Supported by: ASiC, Office, SOAP, XAdES components |
| tstAllDataObjects | 11 | All data objects timestamp. Supported by: ASiC, Office, SOAP, XAdES components |
| tstSignature | 12 | Signature timestamp. Supported by: ASiC, JAdES, Office, SOAP, XAdES components |
| tstRefsOnly | 13 | RefsOnly timestamp. Supported by: ASiC, JAdES, Office, SOAP, XAdES components |
| tstSigAndRefs | 14 | SigAndRefs timestamp. Supported by: ASiC, JAdES, Office, SOAP, XAdES components |
| tstSignedData | 15 | SignedData timestamp. Supported by: JAdES components |
| tstArchive141 | 16 | Archive timestamp v1.4.1. Supported by: ASiC, Office, SOAP, XAdES components |
TimestampProcessed Event (SecureBlackbox_CAdESVerifier Class)
Reports the completion of the timestamp validation routine.
Object Oriented Interface
public function fireTimestampProcessed($param);
Procedural Interface
secureblackbox_cadesverifier_register_callback($res, 11, array($this, 'fireTimestampProcessed'));
Parameter List
'validationresult'
'chainvalidationresult'
'chainvalidationdetails'
'last'
'proceed'
Remarks
This event is fired upon the completion of the timestamp validation routine, and reports the respective validation result.
ValidationResult, ChainValidationResult, and ChainValidationDetails report the validity of the timestamp and the associated chain.
| svtValid | 0 | The signature is valid |
| svtUnknown | 1 | Signature validity is unknown |
| svtCorrupted | 2 | The signature is corrupted |
| svtSignerNotFound | 3 | Failed to acquire the signing certificate. The signature cannot be validated. |
| svtFailure | 4 | General failure |
| cvtValid | 0 | The chain is valid |
| cvtValidButUntrusted | 1 | The chain is valid, but the root certificate is not trusted |
| cvtInvalid | 2 | The chain is not valid (some of certificates are revoked, expired, or contain an invalid signature) |
| cvtCantBeEstablished | 3 | The validity of the chain cannot be established because of missing or unavailable validation information (certificates, CRLs, or OCSP responses) |
TimestampValidated Event (SecureBlackbox_CAdESVerifier Class)
Marks the completion of the signature validation routine.
Object Oriented Interface
public function fireTimestampValidated($param);
Procedural Interface
secureblackbox_cadesverifier_register_callback($res, 12, array($this, 'fireTimestampValidated'));
Parameter List
'validationresult'
'proceed'
Remarks
This event is fired upon the completion of the cryptographic signature validation routine, and reports the respective result. It fires before the component proceeds to detailed signature inspection, which involves timestamp and countersignature processing.
ValidationResult is set to 0 if the validation has been successful, or to a non-zero value in case of a validation failure.
| svtValid | 0 | The signature is valid |
| svtUnknown | 1 | Signature validity is unknown |
| svtCorrupted | 2 | The signature is corrupted |
| svtSignerNotFound | 3 | Failed to acquire the signing certificate. The signature cannot be validated. |
| svtFailure | 4 | General failure |
TLSCertNeeded Event (SecureBlackbox_CAdESVerifier Class)
Fires when a remote TLS party requests a client certificate.
Object Oriented Interface
public function fireTLSCertNeeded($param);
Procedural Interface
secureblackbox_cadesverifier_register_callback($res, 13, array($this, 'fireTLSCertNeeded'));
Parameter List
'host'
'canames'
Remarks
This event fires to notify the implementation that a remote TLS server has requested a client certificate. The Host parameter identifies the host that makes a request, and the CANames parameter (optional, according to the TLS spec) advises on the accepted issuing CAs.
Use the TLSClientChain property in response to this event to provide the requested certificate. Please make sure the client certificate includes the associated private key. Note that you may set the certificates before the connection without waiting for this event to fire.
This event is preceded by the TLSHandshake event for the given host and, if the certificate was accepted, succeeded by the TLSEstablished event.
TLSCertValidate Event (SecureBlackbox_CAdESVerifier Class)
This event is fired upon receipt of the TLS server's certificate, allowing the user to control its acceptance.
Object Oriented Interface
public function fireTLSCertValidate($param);
Procedural Interface
secureblackbox_cadesverifier_register_callback($res, 14, array($this, 'fireTLSCertValidate'));
Parameter List
'serverhost'
'serverip'
'accept'
Remarks
This event is fired during a TLS handshake. Use the TLSServerChain property to access the certificate chain. In general, classes may contact a number of TLS endpoints during their work, depending on their configuration.
Accept is assigned in accordance with the outcome of the internal validation check performed by the class, and can be adjusted if needed.
TLSEstablished Event (SecureBlackbox_CAdESVerifier Class)
Fires when a TLS handshake with Host successfully completes.
Object Oriented Interface
public function fireTLSEstablished($param);
Procedural Interface
secureblackbox_cadesverifier_register_callback($res, 15, array($this, 'fireTLSEstablished'));
Parameter List
'host'
'version'
'ciphersuite'
'connectionid'
'abort'
Remarks
The class uses this event to notify the application about a successful completion of a TLS handshake.
The Version, Ciphersuite, and ConnectionId parameters indicate the security parameters of the new connection. Use the Abort parameter if you need to terminate the connection at this stage.
TLSHandshake Event (SecureBlackbox_CAdESVerifier Class)
Fires when a new TLS handshake is initiated, before the handshake commences.
Object Oriented Interface
public function fireTLSHandshake($param);
Procedural Interface
secureblackbox_cadesverifier_register_callback($res, 16, array($this, 'fireTLSHandshake'));
Parameter List
'host'
'abort'
Remarks
The class uses this event to notify the application about the start of a new TLS handshake to Host. If the handshake is successful, this event will be followed by the TLSEstablished event. If the server chooses to request a client certificate, the TLSCertNeeded event will also be fired.
TLSShutdown Event (SecureBlackbox_CAdESVerifier Class)
Reports the graceful closure of a TLS connection.
Object Oriented Interface
public function fireTLSShutdown($param);
Procedural Interface
secureblackbox_cadesverifier_register_callback($res, 17, array($this, 'fireTLSShutdown'));
Parameter List
'host'
Remarks
This event notifies the application about the closure of an earlier established TLS connection. Note that only graceful connection closures are reported.
Config Settings (CAdESVerifier Class)
The class accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.CAdESVerifier Config Settings
If IgnoreSystemTrust is True, certificates residing in the trusted root store are treated as if they are known, rather than trusted. Only certificates provided via other means (such as the TrustedCertificates property) are considered trusted.
- CA, revocation source, TLS key usage requirements are not mandated
- Violation of OCSP issuer requirements are ignored
- The AuthorityKeyID extension in CRL- and certificate-issuing CAs are ignored (helps with incorrectly renewed certificates)
- Basic constraints and name constraints of CA certificates are ignored
- Some weaker algorithms are tolerated
Base Config Settings
You can switch this property off to improve performance if your project only uses known, good private keys.
Supported values are:
| off | No caching (default) | |
| local | Local caching | |
| global | Global caching |
This setting only applies to sessions negotiated with TLS version 1.3.
Supported values are:
| file | File | |
| console | Console | |
| systemlog | System Log (supported for Android only) | |
| debugger | Debugger (supported for VCL for Windows and .Net) |
Supported values are:
| time | Current time | |
| level | Level | |
| package | Package name | |
| module | Module name | |
| class | Class name | |
| method | Method name | |
| threadid | Thread Id | |
| contenttype | Content type | |
| content | Content | |
| all | All details |
Supported filter names are:
| exclude-package | Exclude a package specified in the value | |
| exclude-module | Exclude a module specified in the value | |
| exclude-class | Exclude a class specified in the value | |
| exclude-method | Exclude a method specified in the value | |
| include-package | Include a package specified in the value | |
| include-module | Include a module specified in the value | |
| include-class | Include a class specified in the value | |
| include-method | Include a method specified in the value |
| none | No flush (caching only) | |
| immediate | Immediate flush (real-time logging) | |
| maxcount | Flush cached entries upon reaching LogMaxEventCount entries in the cache. |
Supported values are:
| none | None (by default) | |
| fatal | Severe errors that cause premature termination. | |
| error | Other runtime errors or unexpected conditions. | |
| warning | Use of deprecated APIs, poor use of API, 'almost' errors, other runtime situations that are undesirable or unexpected, but not necessarily "wrong". | |
| info | Interesting runtime events (startup/shutdown). | |
| debug | Detailed information on flow of through the system. | |
| trace | More detailed information. |
The default value of this setting is 100.
| none | No rotation | |
| deleteolder | Delete older entries from the cache upon reaching LogMaxEventCount | |
| keepolder | Keep older entries in the cache upon reaching LogMaxEventCount (newer entries are discarded) |
Supported values are:
| none | No static DNS rules (default) | |
| local | Local static DNS rules | |
| global | Global static DNS rules |
This setting only applies to certificates originating from a Windows system store.
Trappable Errors (CAdESVerifier Class)
CAdESVerifier Errors
| 1048577 Invalid parameter value (SB_ERROR_INVALID_PARAMETER) | |
| 1048578 Class is configured incorrectly (SB_ERROR_INVALID_SETUP) | |
| 1048579 Operation cannot be executed in the current state (SB_ERROR_INVALID_STATE) | |
| 1048580 Attempt to set an invalid value to a property (SB_ERROR_INVALID_VALUE) | |
| 1048581 Certificate does not have its private key loaded (SB_ERROR_NO_PRIVATE_KEY) | |
| 1048581 Cancelled by the user (SB_ERROR_CANCELLED_BY_USER) |