All handlers define the following properties.
|
SignatureInfo object properties |
||||
|---|---|---|---|---|
|
Property |
Type |
Access |
Version |
Description |
|
buildInfo |
Object |
R |
6.0 |
An object containing software build and version information for the signature. The format of this object is described in the technical note PDF Signature Build Dictionary Specification on the Adobe Solutions Network website. |
|
date |
Date |
R |
5.0 |
The date and time that the signature was created, returned as a JavaScript Date object. |
|
dateTrusted |
Boolean |
R |
7.0 |
A Boolean value that indicates whether the date is from a trusted source. If this value is not present, the date should be assumed to be from an untrusted source (for example, the signer’s computer system time). |
|
digestMethod |
String |
R/W |
8.0 |
The digest method to be used for signing. For Acrobat 8, the valid values are SHA1, SHA256, SHA384, SHA512 and RIPEMD160. It is important that the caller knows that a particular signature handler can support this digest method. |
|
handlerName |
String |
R |
5.0 |
The language-independent name of the security handler that was specified as the Filter attribute in the signature dictionary. It is usually the name of the security handler that created the signature, but can also be the name of the security handler that the creator wants to be used when validating the signature. |
|
handlerUserName |
String |
R |
5.0 |
The language-dependent name corresponding to the security handler specified by handlerName. It is available only when the named security handler is available. |
|
handlerUIName |
String |
R |
5.0 |
The language-dependent name corresponding to the security handler specified by handlerName. It is available only when the named security handler is available. |
|
location |
String |
R/W |
5.0 |
Optional user-specified location when signing. It can be a physical location (such as a city) or hostname. |
|
mdp |
String |
R/W |
6.0 |
The Modification Detection and Prevention (MDP) setting that was used to sign the field or FDF object being read, or the MDP setting to use when signing. Values are: allowNone See Modification Detection and Prevention (MDP) Values for details. The value of allowAll, the default, means that MDP is not used for the signature, resulting in this not being an certification signature. |
|
name |
String |
R |
5.0 |
Name of the user that created the signature. |
|
numFieldsAltered |
Number |
R |
5.0 only |
Deprecated. The number of fields altered between the previous signature and this signature. Used only for signature fields. Beginning in |
|
numFieldsFilledIn |
Number |
R |
5.0 only |
Deprecated. The number of fields filled-in between the previous signature and this signature. Used only for signature fields. Beginning in |
|
numPagesAltered |
Number |
R |
5.0 only |
Deprecated. The number of pages altered between the previous signature and this signature. Used only for signature fields. Beginning in |
|
numRevisions |
Number |
R |
5.0 |
The number of revisions in the document. Used only for signature fields. |
|
reason |
String |
R/W |
5.0 |
The user-specified reason for signing. |
|
revision |
Number |
R |
5.0 |
The signature revision to which this signature field corresponds. Used only for signature fields. |
|
sigValue |
String |
R |
7.0 |
Raw bytes of the signature, as a hex encoded string. |
|
status |
Number |
R |
5.0 |
The validity status of the signature, computed during the last call to signatureValidate. See the return codes of the status property in the table status and idValidity properties. |
|
statusText |
String |
R |
5.0 |
The language-dependent text string, suitable for user display, denoting the signature validity status, computed during the last call to the signatureValidate. |
|
subFilter |
String |
R/W |
6.0 |
The format to use when signing. Consult the this format. |
|
timeStamp |
String |
W |
7.0 |
The URL of the server for time-stamping the signature. The only schemes and transport protocols supported for fetching time stamps are http or https. This property is write-only. If the signature is time stamped, during verification the property dateTrusted will be set to true (provided the time stamp signature is trusted) and the verifyDate and the signing date will be the same. |
|
verifyDate |
Date |
R |
7.0 |
The date and time that the signature was either signed or verified (if the signature was verified). If the signature is signed with a timestamp, verifyDate should be the signing date; if the signature is signed without a timestamp, verifyDate will be the verifying date. The property returns a JavaScript Date object. |
|
verifyHandlerName |
String |
R |
6.0 |
The language-independent name of the security handler that was used to validate this signature. This will be null if the signature has not been validated (that is, if the status property has a value of 1). |
|
verifyHandlerUIName |
String |
R |
6.0 |
The language-dependent name corresponding to the security handler specified by verifyHandlerName. This will be null if the signature has not been validated, that is, if the status property has a value of 1). |
Public key security handlers may define the following additional properties:
|
Property |
Type |
Access |
Version |
Description |
|---|---|---|---|---|
|
appearance |
String |
W |
5.0 |
The name of the user-configured appearance to use when signing this field. PPKLite and PPKMS use the standard appearance handler. In this situation, the appearance names can be found in the signature appearance configuration dialog box of the Security user preferences. The default, when not specified, is to use the Standard Text appearance. Used only for visible signature fields. |
|
certificates |
Array |
R |
5.0 |
Array containing a hierarchy of certificates that identify the signer. The first element in the array is the signer’s certificate. Subsequent elements include the chain of certificates up to the certificate authority that issued the signer’s certificate. For self-signed certificates this array will contain only one entry. |
|
contactInfo |
String |
R/W |
5.0 |
The user-specified contact information for determining trust. For example, it can be a telephone number that recipients of a document can use to contact the author. This is not recommended as a scalable solution for establishing trust. |
|
byteRange |
Array |
R |
6.0 |
An array of numbers indicating the bytes that are covered by this signature. |
|
docValidity |
Number |
R |
6.0 |
The validity status of the document byte range digest portion of the signature, computed during the last call to signatureValidate. All PDF document signature field signatures include a byte range digest. See Validity Values for details of the return codes. |
|
idPrivValidity |
Number |
R |
6.0 |
The validity of the identity of the signer. This value is specific to the handler. See Private Validity Values for values supported by the Adobe.PPKLite and Adobe.PPKMS handlers. This value is 0 unless the signature has been validated, that is, if the status property has a value of 1. |
|
idValidity |
Number |
R |
6.0 |
The validity of the identity of the signer as number. See the return codes of the idValidity property in the table status and idValidity properties. |
|
objValidity |
Number |
R |
6.0 |
The validity status of the object digest portion of the signature, computed during the last call to signatureValidate. For PDF documents, signature field certification signatures and document-level application rights signatures include object digests. All FDF files are signed using object digests. See Validity Values for details of the return codes. |
|
revInfo |
Object |
R |
7.0 |
A generic object containing two properties: CRL and OCSP. These properties are arrays of hex-encoded strings, where each string contains the raw bytes of the revocation information that was used to carry out revocation checking of a certificate. For CRL, the strings represent CRLs. For OCSP, the strings represents OCSP responses. These properties are populated only if the application preference to populate them is turned on, because this data can potentially get very large. |
|
trustFlags |
Number |
R |
6.0 |
The bits in this number indicate what the signer is trusted for. The value is valid only when the value of the status property is 4. These trust settings are derived from the trust setting in the recipient’s trust database, for example, the 1 — Trusted for signatures 2 — Trusted for certifying documents 3 — Trusted for dynamic content such as multimedia 4 — Adobe internal use 5 — The JavaScript in the PDF file is trusted to operate outside the normal PDF restrictions |
|
password |
String |
W |
5.0 |
A password required as authentication when accessing a private key that is to be used for signing. This may or may not be required, dependent on the policies of the security handler. |
The following table list the codes returned by the SignatureInfo Object, status and idValidity properties.
|
Status code |
Description |
|---|---|
|
-1 |
Not a signature field. |
|
0 |
Signature is blank or unsigned. |
|
1 |
Unknown status. This occurs if the signature has not yet been validated; for example, if the document has not completed downloading over a network connection. |
|
2 |
Signature is invalid. |
|
3 |
Signature is valid but the identity of the signer could not be verified. |
|
4 |
Signature is valid and the identity of the signer is valid. |
The following codes are returned by the docValidity and objValidity properties. (See SignatureInfo object public key security handler properties). They provide a finer granularity of the validity of the signature than the status property.
|
Status code |
Description |
|---|---|
|
kDSSigValUnknown |
Validity not yet determined. |
|
kDSSigValUnknownTrouble |
Validity could not be determined because of errors encountered during the validation process. |
|
kDSSigValUnknownBytesNotReady |
Validity could not be determined because all bytes are not available, for example, when viewing a file in a web browser. Even when bytes are not immediately available, this value may not be returned if the underlying implementation blocks when bytes are not ready. Adobe makes no commitment regarding whether validation checks will block or not block. However, the implementation in |
|
kDSSigValInvalidTrouble |
Validity for this digest was not computed because there were errors in the formatting or information contained in this signature. There is sufficient evidence to conclude that the signature is invalid. |
|
kDSSigValUnused |
The validity for this digest is not used (for example, no document validity if no byte range). |
|
kDSSigValJustSigned |
The signature was just signed, so it is implicitly valid. |
|
kDSSigValFalse |
The digest or validity is invalid. |
|
kDSSigValTrue |
The digest or validity is valid. |
Verification of the validity of the signer’s identity is specific to the handler that is being used to validate the identity. This value may contain useful information regarding an identity. The identity is returned in the idPrivValidity property. Values for Adobe.PPKMS and Adobe.PPKLite security handlers are shown here. This value is also mapped to an idValidity value that is common across all handlers.
|
|
idValidity |
Security |
|
|---|---|---|---|
|
kIdUnknown |
1 (unknown) |
PPKMS, |
Validity not yet determined. |
|
kIdTrouble |
1 (unknown) |
PPKMS, |
Could not determine validity because of errors, for example, internal errors, or could not build the chain, or could not check basic policy. |
|
kIdInvalid |
2 (invalid) |
PPKMS, |
Certificate is invalid: not time nested, invalid signature, invalid/unsupported constraints, invalid extensions, chain is cyclic. |
|
kIdNotTimeValid |
2 (invalid) |
PPKMS, |
Certificate is outside its time window (too early or too late). |
|
kIdRevoked |
2 (invalid) |
PPKMS |
Certificate has been revoked. |
|
kIdUntrustedRoot |
1 (unknown) |
PPKMS, |
Certificate has an untrusted root certificate. |
|
kIdBrokenChain |
2 (invalid) |
PPKMS, |
Could not build a certificate chain up to a self-signed root certificate. |
|
kIdPathLenConstraint |
2 (invalid) |
PPKLite |
Certificate chain has exceeded the specified length restriction. The restriction was specified in Basic Constraints extension of one of the certificates in the chain. |
|
kIdCriticalExtension |
1 (unknown) |
PPKMS |
One of the certificates in the chain has an unrecognized critical extension. |
|
kIdJustSigned |
4 (valid) |
PPKMS, |
Just signed by user (similar to kIdIsSelf) |
|
kIdAssumedValid |
3 (idunknown) |
PPKMS |
Certificate is valid to a trusted root, but revocation could not be checked and was not required. |
|
kIdIsSelf |
4 (valid) |
PPKMS, |
Certificate is my credential (no further checking was done). |
|
kIdValid |
4 (valid) |
PPKMS, |
Certificate is valid to a trusted root (in the Windows or |
|
kIdRevocationUnknown |
? |
PPKMS, |
Certificate is valid to a trusted root, but revocation could not be checked and was required by the user. |
Modification detection and prevention (MDP) settings control which changes are allowed to occur in a document before the signature becomes invalid. Changes are recorded outside of the byte range, for signature fields, and can include changes that have been incrementally saved as part of the document or changes that have occurred in memory between the time that a document is opened and when the signature is validated. MDP settings may only be applied to the first signature in a document. Use of MDP will result in an certification signature. MDP has one of the following four values:
allowAll — Allow all changes to a document without any of these changes invalidating the signature. This results in MDP not being used for the signature. This was the behavior for
allowNone — Do not allow any changes to the document without invalidating the signature. Note that this will also lock down the author’s signature.
default — Allow form field fill-in if form fields are present in the document. Otherwise, do not allow any changes to the document without invalidating the signature.
defaultAndComments — Allow form field fill-in if form fields are present in the document and allow annotations (comments) to be added, deleted or modified. Otherwise, do not allow any changes to the document without invalidating the signature. Note that annotations can be used to obscure portions of a document and thereby affect the visual presentation of the document.