|
Pdftools SDK
|
Go to the source code of this file.
| #define PDFTOOLS_CALL |
| #define PdfToolsCryptoProvidersPkcs11_Device_CreateSession PdfToolsCryptoProvidersPkcs11_Device_CreateSessionA |
| #define PdfToolsCryptoProvidersPkcs11_Device_GetDescription PdfToolsCryptoProvidersPkcs11_Device_GetDescriptionA |
| #define PdfToolsCryptoProvidersPkcs11_Device_GetManufacturerID PdfToolsCryptoProvidersPkcs11_Device_GetManufacturerIDA |
| #define PdfToolsCryptoProvidersPkcs11_Module_Load PdfToolsCryptoProvidersPkcs11_Module_LoadA |
| #define PdfToolsCryptoProvidersPkcs11_Session_CreateSignatureFromKeyLabel PdfToolsCryptoProvidersPkcs11_Session_CreateSignatureFromKeyLabelA |
| #define PdfToolsCryptoProvidersPkcs11_Session_CreateSignatureFromName PdfToolsCryptoProvidersPkcs11_Session_CreateSignatureFromNameA |
| #define PdfToolsCryptoProvidersPkcs11_Session_GetTimestampUrl PdfToolsCryptoProvidersPkcs11_Session_GetTimestampUrlA |
| #define PdfToolsCryptoProvidersPkcs11_Session_Login PdfToolsCryptoProvidersPkcs11_Session_LoginA |
| #define PdfToolsCryptoProvidersPkcs11_Session_SetTimestampUrl PdfToolsCryptoProvidersPkcs11_Session_SetTimestampUrlA |
| PDFTOOLS_EXPORT TPdfToolsCryptoProvidersPkcs11_Session *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Device_CreateSessionA | ( | TPdfToolsCryptoProvidersPkcs11_Device * | pDevice, |
| const char * | szPassword ) |
Create a session.
| [in,out] | pDevice | Acts as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Device. |
| [in] | szPassword | If this parameter is not NULL, the session is created and PdfToolsCryptoProvidersPkcs11_Session_Login executed. |
NULL if there is an error. NULL is returned. The specific error code can be retrieved by calling PdfTools_GetLastError. The error message can be obtained by calling PdfTools_GetLastErrorMessage. | PDFTOOLS_EXPORT TPdfToolsCryptoProvidersPkcs11_Session *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Device_CreateSessionW | ( | TPdfToolsCryptoProvidersPkcs11_Device * | pDevice, |
| const WCHAR * | szPassword ) |
Create a session.
| [in,out] | pDevice | Acts as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Device. |
| [in] | szPassword | If this parameter is not NULL, the session is created and PdfToolsCryptoProvidersPkcs11_Session_Login executed. |
NULL if there is an error. NULL is returned. The specific error code can be retrieved by calling PdfTools_GetLastError. The error message can be obtained by calling PdfTools_GetLastErrorMessage. | PDFTOOLS_EXPORT size_t PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Device_GetDescriptionA | ( | TPdfToolsCryptoProvidersPkcs11_Device * | pDevice, |
| char * | pBuffer, | ||
| size_t | nBufferSize ) |
Description of the device.
| [in,out] | pDevice | Acts as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Device. |
| [out] | pBuffer | Retrieved value. To determine the required buffer size, the function has to be called with NULL. The return value of this function specifies the buffer size. |
| [in] | nBufferSize | The buffer size of the retrieved string pBuffer. |
pBuffer. 0 if either an error occurred or the returned buffer is actually NULL. To determine if an error has occurred, check the error code as described in the note section below. 0 is returned and the error code returned by PdfTools_GetLastError is different from ePdfTools_Error_Success. The error message can be obtained by calling PdfTools_GetLastErrorMessage. | PDFTOOLS_EXPORT size_t PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Device_GetDescriptionW | ( | TPdfToolsCryptoProvidersPkcs11_Device * | pDevice, |
| WCHAR * | pBuffer, | ||
| size_t | nBufferSize ) |
Description of the device.
| [in,out] | pDevice | Acts as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Device. |
| [out] | pBuffer | Retrieved value. To determine the required buffer size, the function has to be called with NULL. The return value of this function specifies the buffer size. |
| [in] | nBufferSize | The buffer size of the retrieved string pBuffer. |
pBuffer. 0 if either an error occurred or the returned buffer is actually NULL. To determine if an error has occurred, check the error code as described in the note section below. 0 is returned and the error code returned by PdfTools_GetLastError is different from ePdfTools_Error_Success. The error message can be obtained by calling PdfTools_GetLastErrorMessage. | PDFTOOLS_EXPORT size_t PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Device_GetManufacturerIDA | ( | TPdfToolsCryptoProvidersPkcs11_Device * | pDevice, |
| char * | pBuffer, | ||
| size_t | nBufferSize ) |
ID of the device's manufacturer.
| [in,out] | pDevice | Acts as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Device. |
| [out] | pBuffer | Retrieved value. To determine the required buffer size, the function has to be called with NULL. The return value of this function specifies the buffer size. |
| [in] | nBufferSize | The buffer size of the retrieved string pBuffer. |
pBuffer. 0 if either an error occurred or the returned buffer is actually NULL. To determine if an error has occurred, check the error code as described in the note section below. 0 is returned and the error code returned by PdfTools_GetLastError is different from ePdfTools_Error_Success. The error message can be obtained by calling PdfTools_GetLastErrorMessage. | PDFTOOLS_EXPORT size_t PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Device_GetManufacturerIDW | ( | TPdfToolsCryptoProvidersPkcs11_Device * | pDevice, |
| WCHAR * | pBuffer, | ||
| size_t | nBufferSize ) |
ID of the device's manufacturer.
| [in,out] | pDevice | Acts as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Device. |
| [out] | pBuffer | Retrieved value. To determine the required buffer size, the function has to be called with NULL. The return value of this function specifies the buffer size. |
| [in] | nBufferSize | The buffer size of the retrieved string pBuffer. |
pBuffer. 0 if either an error occurred or the returned buffer is actually NULL. To determine if an error has occurred, check the error code as described in the note section below. 0 is returned and the error code returned by PdfTools_GetLastError is different from ePdfTools_Error_Success. The error message can be obtained by calling PdfTools_GetLastErrorMessage. | PDFTOOLS_EXPORT TPdfToolsCryptoProvidersPkcs11_Device *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_DeviceList_Get | ( | TPdfToolsCryptoProvidersPkcs11_DeviceList * | pDeviceList, |
| int | iIndex ) |
Returns the element at the specified position in the given list.
| [in,out] | pDeviceList | Acts as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_DeviceList. |
| [in] | iIndex |
NULL if there is an error. NULL is returned. The specific error code can be retrieved by calling PdfTools_GetLastError. The error message can be obtained by calling PdfTools_GetLastErrorMessage. Possible error codes:
| PDFTOOLS_EXPORT int PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_DeviceList_GetCount | ( | TPdfToolsCryptoProvidersPkcs11_DeviceList * | pDeviceList | ) |
Get the number of elements in the list.
| [in,out] | pDeviceList | Acts as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_DeviceList. |
0 is returned. The specific error code can be retrieved by calling PdfTools_GetLastError. The error message can be obtained by calling PdfTools_GetLastErrorMessage. Possible error codes:
| PDFTOOLS_EXPORT TPdfToolsCryptoProvidersPkcs11_Device *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_DeviceList_GetSingle | ( | TPdfToolsCryptoProvidersPkcs11_DeviceList * | pDeviceList | ) |
Get the single device.
| [in,out] | pDeviceList | Acts as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_DeviceList. |
NULL if there is an error. NULL is returned. The specific error code can be retrieved by calling PdfTools_GetLastError. The error message can be obtained by calling PdfTools_GetLastErrorMessage. Possible error codes:| PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Module_Close | ( | TPdfToolsCryptoProvidersPkcs11_Module * | pObject | ) |
Close object.
Disposable objects that have an associated close method must be closed by invoking this function.
| [in] | pObject | Disposable object. |
| PDFTOOLS_EXPORT TPdfToolsCryptoProvidersPkcs11_DeviceList *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Module_GetDevices | ( | TPdfToolsCryptoProvidersPkcs11_Module * | pModule | ) |
The list of devices managed by this module Most often there is only a single device, so the method PdfToolsCryptoProvidersPkcs11_DeviceList_GetSingle can be used.
| [in,out] | pModule | Acts as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Module. |
NULL if there is an error.
NULL is returned. The specific error code can be retrieved by calling PdfTools_GetLastError. The error message can be obtained by calling PdfTools_GetLastErrorMessage. | PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Module_GetEnableFullParallelization | ( | TPdfToolsCryptoProvidersPkcs11_Module * | pModule | ) |
Enable full parallelization.
The PKCS#11 standard specifies that "an application can specify that it will be accessing the library concurrently from multiple threads, and the library must [...] ensure proper thread-safe behavior." However, some PKCS#11 modules (middleware) implementations are not thread-safe. For this reason, the SDK synchronizes all access to the module. If the middleware is thread-safe, full parallel usage of the cryptographic device can be enabled by setting this property to TRUE and thereby improving the performance.
Default: FALSE
| [in,out] | pModule | Acts as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Module. |
May indicate an error in certain scenarios. For further information see the note section below.
| PDFTOOLS_EXPORT TPdfToolsCryptoProvidersPkcs11_Module *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Module_LoadA | ( | const char * | szLibrary | ) |
Load a PKCS#11 driver module.
| [in] | szLibrary | The name or path to the driver module (middleware). This can be found in the documentation of your cryptographic device. Examples:
|
NULL if there is an error. NULL is returned. The specific error code can be retrieved by calling PdfTools_GetLastError. The error message can be obtained by calling PdfTools_GetLastErrorMessage. Possible error codes:| PDFTOOLS_EXPORT TPdfToolsCryptoProvidersPkcs11_Module *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Module_LoadW | ( | const WCHAR * | szLibrary | ) |
Load a PKCS#11 driver module.
| [in] | szLibrary | The name or path to the driver module (middleware). This can be found in the documentation of your cryptographic device. Examples:
|
NULL if there is an error. NULL is returned. The specific error code can be retrieved by calling PdfTools_GetLastError. The error message can be obtained by calling PdfTools_GetLastErrorMessage. Possible error codes:| PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Module_SetEnableFullParallelization | ( | TPdfToolsCryptoProvidersPkcs11_Module * | pModule, |
| BOOL | bEnableFullParallelization ) |
Enable full parallelization.
The PKCS#11 standard specifies that "an application can specify that it will be accessing the library concurrently from multiple threads, and the library must [...] ensure proper thread-safe behavior." However, some PKCS#11 modules (middleware) implementations are not thread-safe. For this reason, the SDK synchronizes all access to the module. If the middleware is thread-safe, full parallel usage of the cryptographic device can be enabled by setting this property to TRUE and thereby improving the performance.
Default: FALSE
| [in,out] | pModule | Acts as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Module. |
| [in] | bEnableFullParallelization | Set value. |
| PDFTOOLS_EXPORT TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Session_CreateSignature | ( | TPdfToolsCryptoProvidersPkcs11_Session * | pSession, |
| TPdfToolsCryptoProviders_Certificate * | pCertificate ) |
Create a signature configuration based on signing certificate.
| [in,out] | pSession | Acts as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Session. |
| [in,out] | pCertificate | The signing certificate from PdfToolsCryptoProvidersPkcs11_Session_GetCertificates |
NULL if there is an error. NULL is returned. The specific error code can be retrieved by calling PdfTools_GetLastError. The error message can be obtained by calling PdfTools_GetLastErrorMessage. Possible error codes:| PDFTOOLS_EXPORT TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Session_CreateSignatureFromKeyId | ( | TPdfToolsCryptoProvidersPkcs11_Session * | pSession, |
| const unsigned char * | pId, | ||
| size_t | nIds, | ||
| const TPdfToolsSys_StreamDescriptor * | pCertificate ) |
Create a signature configuration based on the private key's ID and an external certificate.
Create a signature configuration where only the private key is contained in the PKCS#11 device and the signing certificate is provided externally. This is intended for PKCS#11 devices that can only store private keys, e.g. the Google Cloud Key Management (KMS).
The private key object is identified using its ID, i.e. the CKA_ID object attribute in the PKCS#11 store.
The certificates of the trust chain should be added using PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_AddCertificate.
| [in,out] | pSession | Acts as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Session. |
| [in] | pId | The ID of the private key object in the PKCS#11 store |
| [in] | nIds | Size of the array pId. |
| [in] | pCertificate | The signing certificate in either PEM (.pem, ASCII text) or DER (.cer, binary) form |
NULL if there is an error. NULL is returned. The specific error code can be retrieved by calling PdfTools_GetLastError. The error message can be obtained by calling PdfTools_GetLastErrorMessage. Possible error codes:| PDFTOOLS_EXPORT TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Session_CreateSignatureFromKeyLabelA | ( | TPdfToolsCryptoProvidersPkcs11_Session * | pSession, |
| const char * | szLabel, | ||
| const TPdfToolsSys_StreamDescriptor * | pCertificate ) |
Create a signature configuration based on the private key's label (name) and an external certificate.
Create a signature configuration where only the private key is contained in the PKCS#11 device and the signing certificate is provided externally. This is intended for PKCS#11 devices that can only store private keys, e.g. the Google Cloud Key Management (KMS).
The private key object is identified using its label, i.e. the CKA_LABEL object attribute in the PKCS#11 store.
The certificates of the trust chain should be added using PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_AddCertificate.
| [in,out] | pSession | Acts as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Session. |
| [in] | szLabel | The label of the private key object in the PKCS#11 store |
| [in] | pCertificate | The signing certificate in either PEM (.pem, ASCII text) or DER (.cer, binary) form |
NULL if there is an error. NULL is returned. The specific error code can be retrieved by calling PdfTools_GetLastError. The error message can be obtained by calling PdfTools_GetLastErrorMessage. Possible error codes:| PDFTOOLS_EXPORT TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Session_CreateSignatureFromKeyLabelW | ( | TPdfToolsCryptoProvidersPkcs11_Session * | pSession, |
| const WCHAR * | szLabel, | ||
| const TPdfToolsSys_StreamDescriptor * | pCertificate ) |
Create a signature configuration based on the private key's label (name) and an external certificate.
Create a signature configuration where only the private key is contained in the PKCS#11 device and the signing certificate is provided externally. This is intended for PKCS#11 devices that can only store private keys, e.g. the Google Cloud Key Management (KMS).
The private key object is identified using its label, i.e. the CKA_LABEL object attribute in the PKCS#11 store.
The certificates of the trust chain should be added using PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_AddCertificate.
| [in,out] | pSession | Acts as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Session. |
| [in] | szLabel | The label of the private key object in the PKCS#11 store |
| [in] | pCertificate | The signing certificate in either PEM (.pem, ASCII text) or DER (.cer, binary) form |
NULL if there is an error. NULL is returned. The specific error code can be retrieved by calling PdfTools_GetLastError. The error message can be obtained by calling PdfTools_GetLastErrorMessage. Possible error codes:| PDFTOOLS_EXPORT TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Session_CreateSignatureFromNameA | ( | TPdfToolsCryptoProvidersPkcs11_Session * | pSession, |
| const char * | szName ) |
Create a signature configuration based on certificate name.
| [in,out] | pSession | Acts as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Session. |
| [in] | szName | The name of the signing certificate (PdfToolsCryptoProviders_Certificate_GetName) |
NULL if there is an error. NULL is returned. The specific error code can be retrieved by calling PdfTools_GetLastError. The error message can be obtained by calling PdfTools_GetLastErrorMessage. Possible error codes:| PDFTOOLS_EXPORT TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Session_CreateSignatureFromNameW | ( | TPdfToolsCryptoProvidersPkcs11_Session * | pSession, |
| const WCHAR * | szName ) |
Create a signature configuration based on certificate name.
| [in,out] | pSession | Acts as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Session. |
| [in] | szName | The name of the signing certificate (PdfToolsCryptoProviders_Certificate_GetName) |
NULL if there is an error. NULL is returned. The specific error code can be retrieved by calling PdfTools_GetLastError. The error message can be obtained by calling PdfTools_GetLastErrorMessage. Possible error codes:| PDFTOOLS_EXPORT TPdfToolsCryptoProvidersPkcs11_TimestampConfiguration *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Session_CreateTimestamp | ( | TPdfToolsCryptoProvidersPkcs11_Session * | pSession | ) |
Create a time-stamp configuration Note that to create time-stamps, the PdfToolsCryptoProvidersPkcs11_Session_GetTimestampUrl must be set.
| [in,out] | pSession | Acts as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Session. |
NULL if there is an error. NULL is returned. The specific error code can be retrieved by calling PdfTools_GetLastError. The error message can be obtained by calling PdfTools_GetLastErrorMessage. | PDFTOOLS_EXPORT TPdfToolsCryptoProviders_CertificateList *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Session_GetCertificates | ( | TPdfToolsCryptoProvidersPkcs11_Session * | pSession | ) |
The cerfificates of the device The certificates available in this device. Note that some certificates or their private keys (see PdfToolsCryptoProviders_Certificate_GetHasPrivateKey) might only be visible after PdfToolsCryptoProvidersPkcs11_Session_Login.
| [in,out] | pSession | Acts as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Session. |
NULL if there is an error.
NULL is returned. The specific error code can be retrieved by calling PdfTools_GetLastError. The error message can be obtained by calling PdfTools_GetLastErrorMessage. | PDFTOOLS_EXPORT size_t PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Session_GetTimestampUrlA | ( | TPdfToolsCryptoProvidersPkcs11_Session * | pSession, |
| char * | pBuffer, | ||
| size_t | nBufferSize ) |
The URL of the trusted time-stamp authority (TSA) from which time-stamps shall be acquired.
The TSA must support the time-stamp protocol as defined in RFC 3161.
The property’s value must be a URL with the following elements:
http[s]://[‹user›[:‹password›]@]‹host›[:‹port›][/‹resource›]
Where:
http/https: Protocol for connection to TSA.‹user›:‹password› (optional): Credentials for connection to TSA (basic authorization).‹host›: Hostname of TSA.‹port›: Port for connection to TSA.‹resource›: The resource.Applying a time-stamp requires an online connection to a time server; the firewall must be configured accordingly. If a web proxy is used (see PdfTools_Sdk_GetProxy), make sure the following MIME types are supported:
application/timestamp-queryapplication/timestamp-reply| [in,out] | pSession | Acts as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Session. |
| [out] | pBuffer | Retrieved value. To determine the required buffer size, the function has to be called with NULL. The return value of this function specifies the buffer size. |
| [in] | nBufferSize | The buffer size of the retrieved string pBuffer. |
pBuffer. 0 if either an error occurred or the returned buffer is actually NULL. To determine if an error has occurred, check the error code as described in the note section below. 0 is returned and the error code returned by PdfTools_GetLastError is different from ePdfTools_Error_Success. The error message can be obtained by calling PdfTools_GetLastErrorMessage. | PDFTOOLS_EXPORT size_t PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Session_GetTimestampUrlW | ( | TPdfToolsCryptoProvidersPkcs11_Session * | pSession, |
| WCHAR * | pBuffer, | ||
| size_t | nBufferSize ) |
The URL of the trusted time-stamp authority (TSA) from which time-stamps shall be acquired.
The TSA must support the time-stamp protocol as defined in RFC 3161.
The property’s value must be a URL with the following elements:
http[s]://[‹user›[:‹password›]@]‹host›[:‹port›][/‹resource›]
Where:
http/https: Protocol for connection to TSA.‹user›:‹password› (optional): Credentials for connection to TSA (basic authorization).‹host›: Hostname of TSA.‹port›: Port for connection to TSA.‹resource›: The resource.Applying a time-stamp requires an online connection to a time server; the firewall must be configured accordingly. If a web proxy is used (see PdfTools_Sdk_GetProxy), make sure the following MIME types are supported:
application/timestamp-queryapplication/timestamp-reply| [in,out] | pSession | Acts as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Session. |
| [out] | pBuffer | Retrieved value. To determine the required buffer size, the function has to be called with NULL. The return value of this function specifies the buffer size. |
| [in] | nBufferSize | The buffer size of the retrieved string pBuffer. |
pBuffer. 0 if either an error occurred or the returned buffer is actually NULL. To determine if an error has occurred, check the error code as described in the note section below. 0 is returned and the error code returned by PdfTools_GetLastError is different from ePdfTools_Error_Success. The error message can be obtained by calling PdfTools_GetLastErrorMessage. | PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Session_LoginA | ( | TPdfToolsCryptoProvidersPkcs11_Session * | pSession, |
| const char * | szPassword ) |
Log in user into the cryptographic device.
Login is typically required to enable cryptographic operations. Furthermore, some of the device's objects such as certificates or private keys might only be visible when logged in.
Note that many devices are locked after a number of failed login attempts. Therefore, it is crucial to not retry this method using the same szPassword after a failed attempt.
| [in,out] | pSession | Acts as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Session. |
| [in] | szPassword | The user's password |
| PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Session_LoginW | ( | TPdfToolsCryptoProvidersPkcs11_Session * | pSession, |
| const WCHAR * | szPassword ) |
Log in user into the cryptographic device.
Login is typically required to enable cryptographic operations. Furthermore, some of the device's objects such as certificates or private keys might only be visible when logged in.
Note that many devices are locked after a number of failed login attempts. Therefore, it is crucial to not retry this method using the same szPassword after a failed attempt.
| [in,out] | pSession | Acts as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Session. |
| [in] | szPassword | The user's password |
| PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Session_SetTimestampUrlA | ( | TPdfToolsCryptoProvidersPkcs11_Session * | pSession, |
| const char * | szTimestampUrl ) |
The URL of the trusted time-stamp authority (TSA) from which time-stamps shall be acquired.
The TSA must support the time-stamp protocol as defined in RFC 3161.
The property’s value must be a URL with the following elements:
http[s]://[‹user›[:‹password›]@]‹host›[:‹port›][/‹resource›]
Where:
http/https: Protocol for connection to TSA.‹user›:‹password› (optional): Credentials for connection to TSA (basic authorization).‹host›: Hostname of TSA.‹port›: Port for connection to TSA.‹resource›: The resource.Applying a time-stamp requires an online connection to a time server; the firewall must be configured accordingly. If a web proxy is used (see PdfTools_Sdk_GetProxy), make sure the following MIME types are supported:
application/timestamp-queryapplication/timestamp-reply| [in,out] | pSession | Acts as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Session. |
| [in] | szTimestampUrl | Set value. |
| PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Session_SetTimestampUrlW | ( | TPdfToolsCryptoProvidersPkcs11_Session * | pSession, |
| const WCHAR * | szTimestampUrl ) |
The URL of the trusted time-stamp authority (TSA) from which time-stamps shall be acquired.
The TSA must support the time-stamp protocol as defined in RFC 3161.
The property’s value must be a URL with the following elements:
http[s]://[‹user›[:‹password›]@]‹host›[:‹port›][/‹resource›]
Where:
http/https: Protocol for connection to TSA.‹user›:‹password› (optional): Credentials for connection to TSA (basic authorization).‹host›: Hostname of TSA.‹port›: Port for connection to TSA.‹resource›: The resource.Applying a time-stamp requires an online connection to a time server; the firewall must be configured accordingly. If a web proxy is used (see PdfTools_Sdk_GetProxy), make sure the following MIME types are supported:
application/timestamp-queryapplication/timestamp-reply| [in,out] | pSession | Acts as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Session. |
| [in] | szTimestampUrl | Set value. |
| PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_AddCertificate | ( | TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration * | pSignatureConfiguration, |
| const TPdfToolsSys_StreamDescriptor * | pCertificate ) |
Add a certificate Add a certificate to the signature configuration. Adding certificates of the trust chain is often required, if they are missing in the PKCS#11 device's store and validation information is added (see PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_GetValidationInformation). For example, if this object has been created using PdfToolsCryptoProvidersPkcs11_Session_CreateSignatureFromKeyId.
| [in,out] | pSignatureConfiguration | Acts as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration. |
| [in] | pCertificate | The certificate in either PEM (.pem, ASCII text) or DER (.cer, binary) form |
| PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_GetAddTimestamp | ( | TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration * | pSignatureConfiguration | ) |
Whether to add a trusted time-stamp to the signature.
If TRUE, the PdfToolsCryptoProvidersPkcs11_Session_GetTimestampUrl must be set.
Default: FALSE
| [in,out] | pSignatureConfiguration | Acts as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration. |
May indicate an error in certain scenarios. For further information see the note section below.
| PDFTOOLS_EXPORT TPdfToolsCrypto_HashAlgorithm PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_GetHashAlgorithm | ( | TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration * | pSignatureConfiguration | ) |
The message digest algorithm.
The algorithm used to hash the document and from which the cryptographic signature is created.
Default: ePdfToolsCrypto_HashAlgorithm_Sha256
| [in,out] | pSignatureConfiguration | Acts as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration. |
May indicate an error in certain scenarios. For further information see the note section below.
0 is returned. The specific error code can be retrieved by calling PdfTools_GetLastError. The error message can be obtained by calling PdfTools_GetLastErrorMessage. Possible error codes:| PDFTOOLS_EXPORT TPdfToolsCrypto_SignatureFormat PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_GetSignatureFormat | ( | TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration * | pSignatureConfiguration | ) |
The format (encoding) of the cryptographic signature Default: ePdfToolsCrypto_SignatureFormat_EtsiCadesDetached.
| [in,out] | pSignatureConfiguration | Acts as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration. |
May indicate an error in certain scenarios. For further information see the note section below.
0 is returned. The specific error code can be retrieved by calling PdfTools_GetLastError. The error message can be obtained by calling PdfTools_GetLastErrorMessage. | PDFTOOLS_EXPORT TPdfToolsCrypto_SignaturePaddingType PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_GetSignaturePaddingType | ( | TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration * | pSignatureConfiguration | ) |
The padding type of the cryptographic signature Default: ePdfToolsCrypto_SignaturePaddingType_RsaSsaPss for RSA and ePdfToolsCrypto_SignaturePaddingType_Default for ECDSA certificates.
| [in,out] | pSignatureConfiguration | Acts as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration. |
May indicate an error in certain scenarios. For further information see the note section below.
0 is returned. The specific error code can be retrieved by calling PdfTools_GetLastError. The error message can be obtained by calling PdfTools_GetLastErrorMessage. Possible error codes:| PDFTOOLS_EXPORT TPdfToolsCrypto_ValidationInformation PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_GetValidationInformation | ( | TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration * | pSignatureConfiguration | ) |
Whether to add validation information (LTV)
For signing certificates that do not offer validation (revocation) information (OCSP or CRL), this property is ignored.
If downloading validation information fails, an error ePdfTools_Error_NotFound or ePdfTools_Error_Http is generated. See ePdfToolsSign_WarningCategory_AddValidationInformationFailed for a description of possible error causes and solutions.
Default: ePdfToolsCrypto_ValidationInformation_EmbedInDocument if the signing certificate offers validation information and ePdfToolsCrypto_ValidationInformation_None otherwise
| [in,out] | pSignatureConfiguration | Acts as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration. |
May indicate an error in certain scenarios. For further information see the note section below.
0 is returned. The specific error code can be retrieved by calling PdfTools_GetLastError. The error message can be obtained by calling PdfTools_GetLastErrorMessage. | PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_SetAddTimestamp | ( | TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration * | pSignatureConfiguration, |
| BOOL | bAddTimestamp ) |
Whether to add a trusted time-stamp to the signature.
If TRUE, the PdfToolsCryptoProvidersPkcs11_Session_GetTimestampUrl must be set.
Default: FALSE
| [in,out] | pSignatureConfiguration | Acts as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration. |
| [in] | bAddTimestamp | Set value. |
| PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_SetHashAlgorithm | ( | TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration * | pSignatureConfiguration, |
| TPdfToolsCrypto_HashAlgorithm | iHashAlgorithm ) |
The message digest algorithm.
The algorithm used to hash the document and from which the cryptographic signature is created.
Default: ePdfToolsCrypto_HashAlgorithm_Sha256
| [in,out] | pSignatureConfiguration | Acts as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration. |
| [in] | iHashAlgorithm | Set value. |
| PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_SetSignatureFormat | ( | TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration * | pSignatureConfiguration, |
| TPdfToolsCrypto_SignatureFormat | iSignatureFormat ) |
The format (encoding) of the cryptographic signature Default: ePdfToolsCrypto_SignatureFormat_EtsiCadesDetached.
| [in,out] | pSignatureConfiguration | Acts as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration. |
| [in] | iSignatureFormat | Set value. |
| PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_SetSignaturePaddingType | ( | TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration * | pSignatureConfiguration, |
| TPdfToolsCrypto_SignaturePaddingType | iSignaturePaddingType ) |
The padding type of the cryptographic signature Default: ePdfToolsCrypto_SignaturePaddingType_RsaSsaPss for RSA and ePdfToolsCrypto_SignaturePaddingType_Default for ECDSA certificates.
| [in,out] | pSignatureConfiguration | Acts as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration. |
| [in] | iSignaturePaddingType | Set value. |
| PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_SetValidationInformation | ( | TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration * | pSignatureConfiguration, |
| TPdfToolsCrypto_ValidationInformation | iValidationInformation ) |
Whether to add validation information (LTV)
For signing certificates that do not offer validation (revocation) information (OCSP or CRL), this property is ignored.
If downloading validation information fails, an error ePdfTools_Error_NotFound or ePdfTools_Error_Http is generated. See ePdfToolsSign_WarningCategory_AddValidationInformationFailed for a description of possible error causes and solutions.
Default: ePdfToolsCrypto_ValidationInformation_EmbedInDocument if the signing certificate offers validation information and ePdfToolsCrypto_ValidationInformation_None otherwise
| [in,out] | pSignatureConfiguration | Acts as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration. |
| [in] | iValidationInformation | Set value. |
| PDFTOOLS_EXPORT TPdfToolsCrypto_HashAlgorithm PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_TimestampConfiguration_GetHashAlgorithm | ( | TPdfToolsCryptoProvidersPkcs11_TimestampConfiguration * | pTimestampConfiguration | ) |
The message digest algorithm.
The algorithm used to hash the document and from which the time-stamp signature is created.
Note: This algorithm must be supported by the time-stamp server; many support only SHA-256.
Default: ePdfToolsCrypto_HashAlgorithm_Sha256
| [in,out] | pTimestampConfiguration | Acts as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_TimestampConfiguration. |
May indicate an error in certain scenarios. For further information see the note section below.
0 is returned. The specific error code can be retrieved by calling PdfTools_GetLastError. The error message can be obtained by calling PdfTools_GetLastErrorMessage. Possible error codes:| PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_TimestampConfiguration_SetHashAlgorithm | ( | TPdfToolsCryptoProvidersPkcs11_TimestampConfiguration * | pTimestampConfiguration, |
| TPdfToolsCrypto_HashAlgorithm | iHashAlgorithm ) |
The message digest algorithm.
The algorithm used to hash the document and from which the time-stamp signature is created.
Note: This algorithm must be supported by the time-stamp server; many support only SHA-256.
Default: ePdfToolsCrypto_HashAlgorithm_Sha256
| [in,out] | pTimestampConfiguration | Acts as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_TimestampConfiguration. |
| [in] | iHashAlgorithm | Set value. |
1.10.0