DigitalSignature:: Signing:: SignedDataCreator
This class is used for creating a CMS SignedData binary data object, as needed for PDF signing.
OpenSSL already provides the ability to access, sign and create such CMS objects but is limited in what it offers in terms of data added to it. Since
HexaPDF needs to follow the PDF standard, it needs control over the created structure so as to make it compatible with the various requirements.
As the created CMS object is only meant to be used in the context of PDF signing, it also restricts certain things, like allowing only a single signer.
Additionally, only RSA signatures are currently supported!
See: PDF2.0 s18.104.22.168, PDF2.0 s22.214.171.124, RFC5652, ETSI TS 102 778 Parts 1-4
Mapping of ASN.1 object ID names to object ID strings.
The OpenSSL certificate object which is used to sign the data.
Array of additional OpenSSL certificate objects that should be included.
Should include all certificates of the hierarchy of the signing certificate.
The digest algorithm that should be used. Defaults to 'sha256'.
Allowed values: sha256, sha384, sha512.
The OpenSSL key object which is used for signing. Needs to correspond to
If the key is not set, a block for signing will need to be provided to sign.
The timestamp handler instance that should be used for timestamping.
Public Class Methods
Creates a new SignedData object.
Public Instance Methods
Creates a CMS SignedData binary data object for the given data using the set attributes and returns it in DER-serialized form.
key attribute is not set, the digest algorithm and the already digested data to be signed is yielded and the block needs to return the signature.
The type can either be :cms when creating standard PDF CMS signatures or :pades when creating PAdES compatible signatures. PAdES signatures are part of PDF 2.0.