Contains classes, structures, and enumerations that implement:
- PDF encryption as specified in the PDF Specification ISO 32000-1:2008, section '7.6 Encryption'.
- X.509 Internet Public Key Infrastructure as specified in the RFC 5280 (PdfCertificate and PdfCertificateRevocationList), RFC 6960 (PdfOnlineCertificateStatusProtocolResponse) and RFC 3161 (PdfTimestamper).
- Document security store as specified in the ETSI EN 319 142-1 (PdfDocumentSecurityStore).
- Cryptographic device that stores cryptographic information and possibly performs cryptographic functions as specified in the PKCS #11 Cryptographic Token Interface (PdfPkcs11Module and PdfPkcs11Token).
Encryption-related information is stored in the PdfEncryption class and for password-based encryption, it is stored in the PdfPasswordEncryption class. PDF encryption is used with the Password property when loading a PDF document from an encrypted PDF file and with the Encryption property and SetPasswordEncryption() method when saving a PDF document to an encrypted PDF file.
Represents an X.509 certificate sent to others so that they can verify your digital signature with a public key contained in the certificate.
Represents an X.509 Certificate Revocation List (CRL) that is a time-stamped list identifying revoked certificates that is signed by a Certificate Authority (CA) or CRL issuer and made freely available in a public repository.
Represents a digital ID used to delay-sign (deferred-sign) or re-sign a PDF file.
A PdfDelayOrReSignDigitalId does not perform the actual signing because it contains only a PdfCertificate (with a public key) and no private key. Instead, a PdfDelayOrReSignDigitalId is used in the following process:
The PdfSigner instances used in the delay-sign and re-sign should have equal properties so that the signature content created by re-signing fits into the delay-signed signature content that it replaces.
Delay-signing is also possible with Sign(Func<Stream, Byte>, PdfSignatureFormat, Int32) method, but then you must take care to provide the appropriate value of the estimatedSignatureContentsLength parameter that should be large enough to contain the entire signature content created when re-signing the PDF file. If the PdfCertificate is not available when performing the delay-sign, then delay-signing must be done by using the Sign(Func<Stream, Byte>, PdfSignatureFormat, Int32) method. The first parameter of that method should return an array of bytes whose value is zero of the estimatedSignatureContentsLength length. Note that if Format is not PKCS7, then delay-signing with Sign(Func<Stream, Byte>, PdfSignatureFormat, Int32) method is difficult because hash provided to the external signer is not ComputeHash(PdfHashAlgorithm) as explained in the Message Digest Calculation Process.
A digital ID used to sign and encrypt documents.
The certificate that comes with your digital ID is sent to others so that they can verify your signature.
The most secure digital IDs are issued by trusted Certificate authorities and are based on secure devices like smart card or token. Some are based on files.
Represents a container that may contain:
Stores encryption-related information.
Represents data for an event that occurs when a PDF document is being loaded from an encrypted PDF file.
Stores encryption-related information for a PDF’s standard security handler that shall allow up to two passwords to be specified for a document: a DocumentOpenPassword and a PermissionsPassword with access Permissions.
Represents a digital ID that is stored on a cryptographic device accessible through PKCS#11 application programming interface called "Cryptoki".
Represents a cryptographic device that stores cryptographic information and possibly performs cryptographic functions accessible through PKCS#11 application programming interface called "Cryptoki".
Cryptographic device may be implemented as a smart card, smart disk, PCMCIA card, or with some other technology, including software-only.
Represents the logical view of a cryptographic device defined by Cryptoki.
Various objects can be stored on a token. These include data, certificates and keys.
Stored objects can be accessed and cryptographic functions performed only after the session (a logical connection between an application and a token) is opened.
Represents the padding to use with RSA signature.
The value of the messageImprint field within the TimeStampToken shall be a hash of either:
Represents a symmetric encryption algorithm used in a PDF file and the length of the encryption key used in that algorithm.
Represents an encryption algorithm used in a PDF file.
Represents options for PDF file password-based encryption.
Represents a hash algorithm used in GemBox.Pdf cryptographic operations.
Represents user access permissions.