Cannot get Digital Signature to work

[musabio]

I'm nearly done converting my app from the old v3 driver interface to the new one, and the main feature I can't get working is digital signatures via the driver API. Note that is a demo mode evaluation (following your own advice I'm verifying that I can get everything to work before purchasing the license.)

I can generate a driver test page with a digital signature if I set it up manually in the PDF-XChange Printer 2012 driver properties dialog using a System stored certificate. However, I cannot get it to work via the driver API.

I tried adding the following lines to the CExAPI sample program:

Code: Select all

    printer->Option[L"DigiSig.Enabled"]    = L"True";  
    printer->Option[L"DigiSig.Store"]      = L"System";
    printer->Option[L"DigiSig.Reason"]     = L"Sample Reason";
    printer->Option[L"DigiSig.Location"]   = L"Sample Location";
    printer->Option[L"DigiSig.Contact"]    = L"Sample Contact";
    printer->Option[L"DigiSig.ShowFlags"]   = 63;

I click Go (Native Printing) and it creates the file, with no apparent errors when setting the above properties, but the output document has no signature (according to the properties in the PDF-X Change Editor).

Note that I didn't specify the DigiSig.Hash, as I wasn't sure which hash algorithm to use or what form it should take (this is the only instance of a Binary property in the entire driver API.) In any case, I'm guessing/hoping that it would use the first cert as the default. If this could be the problem, can you please provide an example of how to get and specify the hash of a system cert?

I also tried using a Certificate stored in a PFX file (the same one I use for code signing). In that case, whether I do it manually/interactively through the driver dialog properties and test page, or through the API using the sample application, the result is the same: it goes through the motions, asks to save the file, but doesn't actually create any file. I know the password is correct because it works with signtool.exe. (I realize that to create a signature that Adobe recognizes as valid, I may need to use one of their approved cert providers, but at this point I just need to verify the the basic operation can work.)

I searched through all the forum articles but could not find one that covered digital signatures via the driver API.

Thanks in advance for any assistance on this,

Jack

[Tracker Supp-Stefan]

Hello Jack,

The signature is not placed because you are not specifying the hash at all - and the driver does not know which certificate to use.
Can you please take a look here:
https://forum.pdf-xchange.com/ ... 39&t=22906
Seems like you need the Thumbprint value for a certificate. You can find that via Start -> search for certmgr.msc -> Then locate the signature you are interested to use, and look at it's details.

Regards,
Stefan

[musabio]

Brilliant. I'm not sure why I failed to find that article when searching, but in any case it's now clear:

a) Hash refers to the "Thumbprint"
b) There is no defaulting and no exception thrown - without valid hash/thumbprint, no signature is added
c) Hash value must be supplied as an explicit BSTR (there is no automatic conversion as with other strings)

(Perhaps next editing pass of the doc could add a few words of clarification.)

I'll return to the PFX issue later if it's still a problem, but the System stored certificate now works well.
Thanks!
Jack

[Tracker Supp-Stefan]

Hi Jack,

Glad to hear you got it working!
Passed the missing information to a colleague dealing with the online help system and we will see to update it asap.

Regards,
Stefan