Pdftools SDK
Loading...
Searching...
No Matches
Macros | Functions
PdfTools_PdfToolsCryptoProvidersPkcs11.h File Reference
#include "PdfTools_Types.h"
#include "PdfTools_PdfToolsSys.h"

Go to the source code of this file.

Macros

#define PDFTOOLS_CALL
 
#define PdfToolsCryptoProvidersPkcs11_Module_Load   PdfToolsCryptoProvidersPkcs11_Module_LoadA
 
#define PdfToolsCryptoProvidersPkcs11_Device_CreateSession   PdfToolsCryptoProvidersPkcs11_Device_CreateSessionA
 
#define PdfToolsCryptoProvidersPkcs11_Device_GetDescription   PdfToolsCryptoProvidersPkcs11_Device_GetDescriptionA
 
#define PdfToolsCryptoProvidersPkcs11_Device_GetManufacturerID   PdfToolsCryptoProvidersPkcs11_Device_GetManufacturerIDA
 
#define PdfToolsCryptoProvidersPkcs11_Session_Login   PdfToolsCryptoProvidersPkcs11_Session_LoginA
 
#define PdfToolsCryptoProvidersPkcs11_Session_CreateSignatureFromName    PdfToolsCryptoProvidersPkcs11_Session_CreateSignatureFromNameA
 
#define PdfToolsCryptoProvidersPkcs11_Session_CreateSignatureFromKeyLabel    PdfToolsCryptoProvidersPkcs11_Session_CreateSignatureFromKeyLabelA
 
#define PdfToolsCryptoProvidersPkcs11_Session_GetTimestampUrl   PdfToolsCryptoProvidersPkcs11_Session_GetTimestampUrlA
 
#define PdfToolsCryptoProvidersPkcs11_Session_SetTimestampUrl   PdfToolsCryptoProvidersPkcs11_Session_SetTimestampUrlA
 

Functions

PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_AddCertificate (TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration *pSignatureConfiguration, const TPdfToolsSys_StreamDescriptor *pCertificate)
 Add a certificate Add a certificate to the signature configuration. Adding certificates of the trust chain is often required, if they are missing in the PKCS#11 device's store and validation information is added (see PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_GetValidationInformation). For example, if this object has been created using PdfToolsCryptoProvidersPkcs11_Session_CreateSignatureFromKeyId.
 
PDFTOOLS_EXPORT TPdfToolsCrypto_HashAlgorithm PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_GetHashAlgorithm (TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration *pSignatureConfiguration)
 The message digest algorithm.
 
PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_SetHashAlgorithm (TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration *pSignatureConfiguration, TPdfToolsCrypto_HashAlgorithm iHashAlgorithm)
 The message digest algorithm.
 
PDFTOOLS_EXPORT TPdfToolsCrypto_SignaturePaddingType PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_GetSignaturePaddingType (TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration *pSignatureConfiguration)
 The padding type of the cryptographic signature Default: ePdfToolsCrypto_SignaturePaddingType_RsaSsaPss for RSA and ePdfToolsCrypto_SignaturePaddingType_Default for ECDSA certificates.
 
PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_SetSignaturePaddingType (TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration *pSignatureConfiguration, TPdfToolsCrypto_SignaturePaddingType iSignaturePaddingType)
 The padding type of the cryptographic signature Default: ePdfToolsCrypto_SignaturePaddingType_RsaSsaPss for RSA and ePdfToolsCrypto_SignaturePaddingType_Default for ECDSA certificates.
 
PDFTOOLS_EXPORT TPdfToolsCrypto_SignatureFormat PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_GetSignatureFormat (TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration *pSignatureConfiguration)
 The format (encoding) of the cryptographic signature Default: ePdfToolsCrypto_SignatureFormat_EtsiCadesDetached.
 
PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_SetSignatureFormat (TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration *pSignatureConfiguration, TPdfToolsCrypto_SignatureFormat iSignatureFormat)
 The format (encoding) of the cryptographic signature Default: ePdfToolsCrypto_SignatureFormat_EtsiCadesDetached.
 
PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_GetAddTimestamp (TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration *pSignatureConfiguration)
 Whether to add a trusted time-stamp to the signature.
 
PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_SetAddTimestamp (TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration *pSignatureConfiguration, BOOL bAddTimestamp)
 Whether to add a trusted time-stamp to the signature.
 
PDFTOOLS_EXPORT TPdfToolsCrypto_ValidationInformation PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_GetValidationInformation (TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration *pSignatureConfiguration)
 Whether to add validation information (LTV)
 
PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_SetValidationInformation (TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration *pSignatureConfiguration, TPdfToolsCrypto_ValidationInformation iValidationInformation)
 Whether to add validation information (LTV)
 
PDFTOOLS_EXPORT TPdfToolsCrypto_HashAlgorithm PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_TimestampConfiguration_GetHashAlgorithm (TPdfToolsCryptoProvidersPkcs11_TimestampConfiguration *pTimestampConfiguration)
 The message digest algorithm.
 
PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_TimestampConfiguration_SetHashAlgorithm (TPdfToolsCryptoProvidersPkcs11_TimestampConfiguration *pTimestampConfiguration, TPdfToolsCrypto_HashAlgorithm iHashAlgorithm)
 The message digest algorithm.
 
PDFTOOLS_EXPORT TPdfToolsCryptoProvidersPkcs11_Module *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Module_LoadA (const char *szLibrary)
 Load a PKCS#11 driver module.
 
PDFTOOLS_EXPORT TPdfToolsCryptoProvidersPkcs11_Module *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Module_LoadW (const WCHAR *szLibrary)
 Load a PKCS#11 driver module.
 
PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Module_GetEnableFullParallelization (TPdfToolsCryptoProvidersPkcs11_Module *pModule)
 Enable full parallelization.
 
PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Module_SetEnableFullParallelization (TPdfToolsCryptoProvidersPkcs11_Module *pModule, BOOL bEnableFullParallelization)
 Enable full parallelization.
 
PDFTOOLS_EXPORT TPdfToolsCryptoProvidersPkcs11_DeviceList *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Module_GetDevices (TPdfToolsCryptoProvidersPkcs11_Module *pModule)
 The list of devices managed by this module Most often there is only a single device, so the method PdfToolsCryptoProvidersPkcs11_DeviceList_GetSingle can be used.
 
PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Module_Close (TPdfToolsCryptoProvidersPkcs11_Module *pObject)
 Close object.
 
PDFTOOLS_EXPORT TPdfToolsCryptoProvidersPkcs11_Session *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Device_CreateSessionA (TPdfToolsCryptoProvidersPkcs11_Device *pDevice, const char *szPassword)
 Create a session.
 
PDFTOOLS_EXPORT TPdfToolsCryptoProvidersPkcs11_Session *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Device_CreateSessionW (TPdfToolsCryptoProvidersPkcs11_Device *pDevice, const WCHAR *szPassword)
 Create a session.
 
PDFTOOLS_EXPORT size_t PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Device_GetDescriptionA (TPdfToolsCryptoProvidersPkcs11_Device *pDevice, char *pBuffer, size_t nBufferSize)
 Description of the device.
 
PDFTOOLS_EXPORT size_t PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Device_GetDescriptionW (TPdfToolsCryptoProvidersPkcs11_Device *pDevice, WCHAR *pBuffer, size_t nBufferSize)
 Description of the device.
 
PDFTOOLS_EXPORT size_t PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Device_GetManufacturerIDA (TPdfToolsCryptoProvidersPkcs11_Device *pDevice, char *pBuffer, size_t nBufferSize)
 ID of the device's manufacturer.
 
PDFTOOLS_EXPORT size_t PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Device_GetManufacturerIDW (TPdfToolsCryptoProvidersPkcs11_Device *pDevice, WCHAR *pBuffer, size_t nBufferSize)
 ID of the device's manufacturer.
 
PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Session_LoginA (TPdfToolsCryptoProvidersPkcs11_Session *pSession, const char *szPassword)
 Log in user into the cryptographic device.
 
PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Session_LoginW (TPdfToolsCryptoProvidersPkcs11_Session *pSession, const WCHAR *szPassword)
 Log in user into the cryptographic device.
 
PDFTOOLS_EXPORT TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Session_CreateSignature (TPdfToolsCryptoProvidersPkcs11_Session *pSession, TPdfToolsCryptoProviders_Certificate *pCertificate)
 Create a signature configuration based on signing certificate.
 
PDFTOOLS_EXPORT TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Session_CreateSignatureFromNameA (TPdfToolsCryptoProvidersPkcs11_Session *pSession, const char *szName)
 Create a signature configuration based on certificate name.
 
PDFTOOLS_EXPORT TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Session_CreateSignatureFromNameW (TPdfToolsCryptoProvidersPkcs11_Session *pSession, const WCHAR *szName)
 Create a signature configuration based on certificate name.
 
PDFTOOLS_EXPORT TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Session_CreateSignatureFromKeyId (TPdfToolsCryptoProvidersPkcs11_Session *pSession, const unsigned char *pId, size_t nIds, const TPdfToolsSys_StreamDescriptor *pCertificate)
 Create a signature configuration based on the private key's ID and an external certificate.
 
PDFTOOLS_EXPORT TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Session_CreateSignatureFromKeyLabelA (TPdfToolsCryptoProvidersPkcs11_Session *pSession, const char *szLabel, const TPdfToolsSys_StreamDescriptor *pCertificate)
 Create a signature configuration based on the private key's label (name) and an external certificate.
 
PDFTOOLS_EXPORT TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Session_CreateSignatureFromKeyLabelW (TPdfToolsCryptoProvidersPkcs11_Session *pSession, const WCHAR *szLabel, const TPdfToolsSys_StreamDescriptor *pCertificate)
 Create a signature configuration based on the private key's label (name) and an external certificate.
 
PDFTOOLS_EXPORT TPdfToolsCryptoProvidersPkcs11_TimestampConfiguration *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Session_CreateTimestamp (TPdfToolsCryptoProvidersPkcs11_Session *pSession)
 Create a time-stamp configuration Note that to create time-stamps, the PdfToolsCryptoProvidersPkcs11_Session_GetTimestampUrl must be set.
 
PDFTOOLS_EXPORT size_t PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Session_GetTimestampUrlA (TPdfToolsCryptoProvidersPkcs11_Session *pSession, char *pBuffer, size_t nBufferSize)
 The URL of the trusted time-stamp authority (TSA) from which time-stamps shall be acquired.
 
PDFTOOLS_EXPORT size_t PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Session_GetTimestampUrlW (TPdfToolsCryptoProvidersPkcs11_Session *pSession, WCHAR *pBuffer, size_t nBufferSize)
 The URL of the trusted time-stamp authority (TSA) from which time-stamps shall be acquired.
 
PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Session_SetTimestampUrlA (TPdfToolsCryptoProvidersPkcs11_Session *pSession, const char *szTimestampUrl)
 The URL of the trusted time-stamp authority (TSA) from which time-stamps shall be acquired.
 
PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Session_SetTimestampUrlW (TPdfToolsCryptoProvidersPkcs11_Session *pSession, const WCHAR *szTimestampUrl)
 The URL of the trusted time-stamp authority (TSA) from which time-stamps shall be acquired.
 
PDFTOOLS_EXPORT TPdfToolsCryptoProviders_CertificateList *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Session_GetCertificates (TPdfToolsCryptoProvidersPkcs11_Session *pSession)
 The cerfificates of the device The certificates available in this device. Note that some certificates or their private keys (see PdfToolsCryptoProviders_Certificate_GetHasPrivateKey) might only be visible after PdfToolsCryptoProvidersPkcs11_Session_Login.
 
PDFTOOLS_EXPORT TPdfToolsCryptoProvidersPkcs11_Device *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_DeviceList_GetSingle (TPdfToolsCryptoProvidersPkcs11_DeviceList *pDeviceList)
 Get the single device.
 
PDFTOOLS_EXPORT int PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_DeviceList_GetCount (TPdfToolsCryptoProvidersPkcs11_DeviceList *pDeviceList)
 Get the number of elements in the list.
 
PDFTOOLS_EXPORT TPdfToolsCryptoProvidersPkcs11_Device *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_DeviceList_Get (TPdfToolsCryptoProvidersPkcs11_DeviceList *pDeviceList, int iIndex)
 Returns the element at the specified position in the given list.
 

Macro Definition Documentation

◆ PDFTOOLS_CALL

#define PDFTOOLS_CALL

◆ PdfToolsCryptoProvidersPkcs11_Device_CreateSession

#define PdfToolsCryptoProvidersPkcs11_Device_CreateSession   PdfToolsCryptoProvidersPkcs11_Device_CreateSessionA

◆ PdfToolsCryptoProvidersPkcs11_Device_GetDescription

#define PdfToolsCryptoProvidersPkcs11_Device_GetDescription   PdfToolsCryptoProvidersPkcs11_Device_GetDescriptionA

◆ PdfToolsCryptoProvidersPkcs11_Device_GetManufacturerID

#define PdfToolsCryptoProvidersPkcs11_Device_GetManufacturerID   PdfToolsCryptoProvidersPkcs11_Device_GetManufacturerIDA

◆ PdfToolsCryptoProvidersPkcs11_Module_Load

#define PdfToolsCryptoProvidersPkcs11_Module_Load   PdfToolsCryptoProvidersPkcs11_Module_LoadA

◆ PdfToolsCryptoProvidersPkcs11_Session_CreateSignatureFromKeyLabel

#define PdfToolsCryptoProvidersPkcs11_Session_CreateSignatureFromKeyLabel    PdfToolsCryptoProvidersPkcs11_Session_CreateSignatureFromKeyLabelA

◆ PdfToolsCryptoProvidersPkcs11_Session_CreateSignatureFromName

#define PdfToolsCryptoProvidersPkcs11_Session_CreateSignatureFromName    PdfToolsCryptoProvidersPkcs11_Session_CreateSignatureFromNameA

◆ PdfToolsCryptoProvidersPkcs11_Session_GetTimestampUrl

#define PdfToolsCryptoProvidersPkcs11_Session_GetTimestampUrl   PdfToolsCryptoProvidersPkcs11_Session_GetTimestampUrlA

◆ PdfToolsCryptoProvidersPkcs11_Session_Login

#define PdfToolsCryptoProvidersPkcs11_Session_Login   PdfToolsCryptoProvidersPkcs11_Session_LoginA

◆ PdfToolsCryptoProvidersPkcs11_Session_SetTimestampUrl

#define PdfToolsCryptoProvidersPkcs11_Session_SetTimestampUrl   PdfToolsCryptoProvidersPkcs11_Session_SetTimestampUrlA

Function Documentation

◆ PdfToolsCryptoProvidersPkcs11_Device_CreateSessionA()

PDFTOOLS_EXPORT TPdfToolsCryptoProvidersPkcs11_Session *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Device_CreateSessionA ( TPdfToolsCryptoProvidersPkcs11_Device * pDevice,
const char * szPassword )

Create a session.

Parameters
[in,out]pDeviceActs as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Device.
[in]szPasswordIf this parameter is not NULL, the session is created and PdfToolsCryptoProvidersPkcs11_Session_Login executed.
Returns
NULL if there is an error.
Note
An error occurred when NULL was returned. Retrieve specific error code by calling PdfTools_GetLastError. Get the error message with PdfTools_GetLastErrorMessage.

◆ PdfToolsCryptoProvidersPkcs11_Device_CreateSessionW()

PDFTOOLS_EXPORT TPdfToolsCryptoProvidersPkcs11_Session *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Device_CreateSessionW ( TPdfToolsCryptoProvidersPkcs11_Device * pDevice,
const WCHAR * szPassword )

Create a session.

Parameters
[in,out]pDeviceActs as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Device.
[in]szPasswordIf this parameter is not NULL, the session is created and PdfToolsCryptoProvidersPkcs11_Session_Login executed.
Returns
NULL if there is an error.
Note
An error occurred when NULL was returned. Retrieve specific error code by calling PdfTools_GetLastError. Get the error message with PdfTools_GetLastErrorMessage.

◆ PdfToolsCryptoProvidersPkcs11_Device_GetDescriptionA()

PDFTOOLS_EXPORT size_t PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Device_GetDescriptionA ( TPdfToolsCryptoProvidersPkcs11_Device * pDevice,
char * pBuffer,
size_t nBufferSize )

Description of the device.

Parameters
[in,out]pDeviceActs as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Device.
[out]pBufferRetrieved value. To determine the required buffer size, the function has to be called with NULL. The return value of this function specifies the buffer size.
[in]nBufferSizeThe buffer size of the retrieved string pBuffer.
Returns
The amount of data written to the buffer pBuffer. 0 if either an error occurred or the returned buffer is actually NULL. To determine if an error has occurred, check the error code as described in the note section below.
Note
An error occurred when 0 was returned and the error code returned by PdfTools_GetLastError is different from ePdfTools_Error_Success. Get the error message with PdfTools_GetLastErrorMessage.

◆ PdfToolsCryptoProvidersPkcs11_Device_GetDescriptionW()

PDFTOOLS_EXPORT size_t PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Device_GetDescriptionW ( TPdfToolsCryptoProvidersPkcs11_Device * pDevice,
WCHAR * pBuffer,
size_t nBufferSize )

Description of the device.

Parameters
[in,out]pDeviceActs as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Device.
[out]pBufferRetrieved value. To determine the required buffer size, the function has to be called with NULL. The return value of this function specifies the buffer size.
[in]nBufferSizeThe buffer size of the retrieved string pBuffer.
Returns
The amount of data written to the buffer pBuffer. 0 if either an error occurred or the returned buffer is actually NULL. To determine if an error has occurred, check the error code as described in the note section below.
Note
An error occurred when 0 was returned and the error code returned by PdfTools_GetLastError is different from ePdfTools_Error_Success. Get the error message with PdfTools_GetLastErrorMessage.

◆ PdfToolsCryptoProvidersPkcs11_Device_GetManufacturerIDA()

PDFTOOLS_EXPORT size_t PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Device_GetManufacturerIDA ( TPdfToolsCryptoProvidersPkcs11_Device * pDevice,
char * pBuffer,
size_t nBufferSize )

ID of the device's manufacturer.

Parameters
[in,out]pDeviceActs as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Device.
[out]pBufferRetrieved value. To determine the required buffer size, the function has to be called with NULL. The return value of this function specifies the buffer size.
[in]nBufferSizeThe buffer size of the retrieved string pBuffer.
Returns
The amount of data written to the buffer pBuffer. 0 if either an error occurred or the returned buffer is actually NULL. To determine if an error has occurred, check the error code as described in the note section below.
Note
An error occurred when 0 was returned and the error code returned by PdfTools_GetLastError is different from ePdfTools_Error_Success. Get the error message with PdfTools_GetLastErrorMessage.

◆ PdfToolsCryptoProvidersPkcs11_Device_GetManufacturerIDW()

PDFTOOLS_EXPORT size_t PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Device_GetManufacturerIDW ( TPdfToolsCryptoProvidersPkcs11_Device * pDevice,
WCHAR * pBuffer,
size_t nBufferSize )

ID of the device's manufacturer.

Parameters
[in,out]pDeviceActs as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Device.
[out]pBufferRetrieved value. To determine the required buffer size, the function has to be called with NULL. The return value of this function specifies the buffer size.
[in]nBufferSizeThe buffer size of the retrieved string pBuffer.
Returns
The amount of data written to the buffer pBuffer. 0 if either an error occurred or the returned buffer is actually NULL. To determine if an error has occurred, check the error code as described in the note section below.
Note
An error occurred when 0 was returned and the error code returned by PdfTools_GetLastError is different from ePdfTools_Error_Success. Get the error message with PdfTools_GetLastErrorMessage.

◆ PdfToolsCryptoProvidersPkcs11_DeviceList_Get()

PDFTOOLS_EXPORT TPdfToolsCryptoProvidersPkcs11_Device *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_DeviceList_Get ( TPdfToolsCryptoProvidersPkcs11_DeviceList * pDeviceList,
int iIndex )

Returns the element at the specified position in the given list.

Parameters
[in,out]pDeviceListActs as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_DeviceList.
[in]iIndex
Returns
NULL if there is an error.
Note
An error occurred when NULL was returned. Retrieve specific error code by calling PdfTools_GetLastError. Get the error message with PdfTools_GetLastErrorMessage. Possible error codes:

◆ PdfToolsCryptoProvidersPkcs11_DeviceList_GetCount()

PDFTOOLS_EXPORT int PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_DeviceList_GetCount ( TPdfToolsCryptoProvidersPkcs11_DeviceList * pDeviceList)

Get the number of elements in the list.

Parameters
[in,out]pDeviceListActs as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_DeviceList.
Returns
May indicate an error in certain scenarios. For further information see the note section below.
Note
An error occurred when 0 was returned. Retrieve specific error code by calling PdfTools_GetLastError. Get the error message with PdfTools_GetLastErrorMessage. Possible error codes:

◆ PdfToolsCryptoProvidersPkcs11_DeviceList_GetSingle()

PDFTOOLS_EXPORT TPdfToolsCryptoProvidersPkcs11_Device *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_DeviceList_GetSingle ( TPdfToolsCryptoProvidersPkcs11_DeviceList * pDeviceList)

Get the single device.

Parameters
[in,out]pDeviceListActs as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_DeviceList.
Returns
NULL if there is an error.
Note
An error occurred when NULL was returned. Retrieve specific error code by calling PdfTools_GetLastError. Get the error message with PdfTools_GetLastErrorMessage. Possible error codes:

◆ PdfToolsCryptoProvidersPkcs11_Module_Close()

PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Module_Close ( TPdfToolsCryptoProvidersPkcs11_Module * pObject)

Close object.

Close disposable objects by invoking this function.

Parameters
[in]pObjectDisposable object.
Returns
TRUE if the object was closed successfully; FALSE if an error occured while closing the object. Retrieve the error code by calling PdfTools_GetLastError .

◆ PdfToolsCryptoProvidersPkcs11_Module_GetDevices()

The list of devices managed by this module Most often there is only a single device, so the method PdfToolsCryptoProvidersPkcs11_DeviceList_GetSingle can be used.

Parameters
[in,out]pModuleActs as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Module.
Returns
Retrieved value.

NULL if there is an error.

Note
An error occurred when NULL was returned. Retrieve specific error code by calling PdfTools_GetLastError. Get the error message with PdfTools_GetLastErrorMessage.

◆ PdfToolsCryptoProvidersPkcs11_Module_GetEnableFullParallelization()

PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Module_GetEnableFullParallelization ( TPdfToolsCryptoProvidersPkcs11_Module * pModule)

Enable full parallelization.

The PKCS#11 standard specifies that "an application can specify that it will be accessing the library concurrently from multiple threads, and the library must [...] ensure proper thread-safe behavior." However, some PKCS#11 modules (middleware) implementations are not thread-safe. For this reason, the SDK synchronizes all access to the module. If the middleware is thread-safe, full parallel usage of the cryptographic device can be enabled by setting this property to TRUE and thereby improving the performance.

Default: FALSE

Parameters
[in,out]pModuleActs as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Module.
Returns
Retrieved value.

May indicate an error in certain scenarios. For further information see the note section below.

Note
An error occurred when FALSE was returned and the error code returned by PdfTools_GetLastError is different from ePdfTools_Error_Success. Get the error message with PdfTools_GetLastErrorMessage.

◆ PdfToolsCryptoProvidersPkcs11_Module_LoadA()

PDFTOOLS_EXPORT TPdfToolsCryptoProvidersPkcs11_Module *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Module_LoadA ( const char * szLibrary)

Load a PKCS#11 driver module.

Parameters
[in]szLibraryThe name or path to the driver module (middleware). This can be found in the documentation of your cryptographic device. Examples:
  • For Securosys SA Primus HSM or CloudsHSM use primusP11.dll on Windows and libprimusP11.so on Linux.
  • For Google Cloud HSM (Cloud KMS) use libkmsp11.so and PdfToolsCryptoProvidersPkcs11_Session_CreateSignatureFromKeyLabel
  • For SafeNet Luna HSM use cryptoki.dll on Windows or libCryptoki2_64.so on Linux/UNIX.
  • The CardOS API from Atos (Siemens) uses siecap11.dll
  • The IBM 4758 cryptographic coprocessor uses cryptoki.dll
  • Devices from Aladdin Ltd. use etpkcs11.dll
Returns
NULL if there is an error.
Note
An error occurred when NULL was returned. Retrieve specific error code by calling PdfTools_GetLastError. Get the error message with PdfTools_GetLastErrorMessage. Possible error codes:

◆ PdfToolsCryptoProvidersPkcs11_Module_LoadW()

PDFTOOLS_EXPORT TPdfToolsCryptoProvidersPkcs11_Module *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Module_LoadW ( const WCHAR * szLibrary)

Load a PKCS#11 driver module.

Parameters
[in]szLibraryThe name or path to the driver module (middleware). This can be found in the documentation of your cryptographic device. Examples:
  • For Securosys SA Primus HSM or CloudsHSM use primusP11.dll on Windows and libprimusP11.so on Linux.
  • For Google Cloud HSM (Cloud KMS) use libkmsp11.so and PdfToolsCryptoProvidersPkcs11_Session_CreateSignatureFromKeyLabel
  • For SafeNet Luna HSM use cryptoki.dll on Windows or libCryptoki2_64.so on Linux/UNIX.
  • The CardOS API from Atos (Siemens) uses siecap11.dll
  • The IBM 4758 cryptographic coprocessor uses cryptoki.dll
  • Devices from Aladdin Ltd. use etpkcs11.dll
Returns
NULL if there is an error.
Note
An error occurred when NULL was returned. Retrieve specific error code by calling PdfTools_GetLastError. Get the error message with PdfTools_GetLastErrorMessage. Possible error codes:

◆ PdfToolsCryptoProvidersPkcs11_Module_SetEnableFullParallelization()

PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Module_SetEnableFullParallelization ( TPdfToolsCryptoProvidersPkcs11_Module * pModule,
BOOL bEnableFullParallelization )

Enable full parallelization.

The PKCS#11 standard specifies that "an application can specify that it will be accessing the library concurrently from multiple threads, and the library must [...] ensure proper thread-safe behavior." However, some PKCS#11 modules (middleware) implementations are not thread-safe. For this reason, the SDK synchronizes all access to the module. If the middleware is thread-safe, full parallel usage of the cryptographic device can be enabled by setting this property to TRUE and thereby improving the performance.

Default: FALSE

Parameters
[in,out]pModuleActs as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Module.
[in]bEnableFullParallelizationSet value.
Returns
TRUE if the operation is successful; FALSE if there is an error.
Note
An error occurred when FALSE was returned. Retrieve specific error code by calling PdfTools_GetLastError. Get the error message with PdfTools_GetLastErrorMessage.

◆ PdfToolsCryptoProvidersPkcs11_Session_CreateSignature()

Create a signature configuration based on signing certificate.

Parameters
[in,out]pSessionActs as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Session.
[in,out]pCertificateThe signing certificate from PdfToolsCryptoProvidersPkcs11_Session_GetCertificates
Returns
NULL if there is an error.
Note
An error occurred when NULL was returned. Retrieve specific error code by calling PdfTools_GetLastError. Get the error message with PdfTools_GetLastErrorMessage. Possible error codes:

◆ PdfToolsCryptoProvidersPkcs11_Session_CreateSignatureFromKeyId()

PDFTOOLS_EXPORT TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Session_CreateSignatureFromKeyId ( TPdfToolsCryptoProvidersPkcs11_Session * pSession,
const unsigned char * pId,
size_t nIds,
const TPdfToolsSys_StreamDescriptor * pCertificate )

Create a signature configuration based on the private key's ID and an external certificate.

Create a signature configuration where only the private key is contained in the PKCS#11 device and the signing certificate is provided externally. This is intended for PKCS#11 devices that can only store private keys, e.g. the Google Cloud Key Management (KMS).

The private key object is identified using its ID, i.e. the CKA_ID object attribute in the PKCS#11 store.

The certificates of the trust chain should be added using PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_AddCertificate.

Parameters
[in,out]pSessionActs as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Session.
[in]pIdThe ID of the private key object in the PKCS#11 store
[in]nIdsSize of the array pId.
[in]pCertificateThe signing certificate in either PEM (.pem, ASCII text) or DER (.cer, binary) form
Returns
NULL if there is an error.
Note
An error occurred when NULL was returned. Retrieve specific error code by calling PdfTools_GetLastError. Get the error message with PdfTools_GetLastErrorMessage. Possible error codes:

◆ PdfToolsCryptoProvidersPkcs11_Session_CreateSignatureFromKeyLabelA()

PDFTOOLS_EXPORT TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Session_CreateSignatureFromKeyLabelA ( TPdfToolsCryptoProvidersPkcs11_Session * pSession,
const char * szLabel,
const TPdfToolsSys_StreamDescriptor * pCertificate )

Create a signature configuration based on the private key's label (name) and an external certificate.

Create a signature configuration where only the private key is contained in the PKCS#11 device and the signing certificate is provided externally. This is intended for PKCS#11 devices that can only store private keys, e.g. the Google Cloud Key Management (KMS).

The private key object is identified using its label, i.e. the CKA_LABEL object attribute in the PKCS#11 store.

The certificates of the trust chain should be added using PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_AddCertificate.

Parameters
[in,out]pSessionActs as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Session.
[in]szLabelThe label of the private key object in the PKCS#11 store
[in]pCertificateThe signing certificate in either PEM (.pem, ASCII text) or DER (.cer, binary) form
Returns
NULL if there is an error.
Note
An error occurred when NULL was returned. Retrieve specific error code by calling PdfTools_GetLastError. Get the error message with PdfTools_GetLastErrorMessage. Possible error codes:

◆ PdfToolsCryptoProvidersPkcs11_Session_CreateSignatureFromKeyLabelW()

PDFTOOLS_EXPORT TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Session_CreateSignatureFromKeyLabelW ( TPdfToolsCryptoProvidersPkcs11_Session * pSession,
const WCHAR * szLabel,
const TPdfToolsSys_StreamDescriptor * pCertificate )

Create a signature configuration based on the private key's label (name) and an external certificate.

Create a signature configuration where only the private key is contained in the PKCS#11 device and the signing certificate is provided externally. This is intended for PKCS#11 devices that can only store private keys, e.g. the Google Cloud Key Management (KMS).

The private key object is identified using its label, i.e. the CKA_LABEL object attribute in the PKCS#11 store.

The certificates of the trust chain should be added using PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_AddCertificate.

Parameters
[in,out]pSessionActs as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Session.
[in]szLabelThe label of the private key object in the PKCS#11 store
[in]pCertificateThe signing certificate in either PEM (.pem, ASCII text) or DER (.cer, binary) form
Returns
NULL if there is an error.
Note
An error occurred when NULL was returned. Retrieve specific error code by calling PdfTools_GetLastError. Get the error message with PdfTools_GetLastErrorMessage. Possible error codes:

◆ PdfToolsCryptoProvidersPkcs11_Session_CreateSignatureFromNameA()

PDFTOOLS_EXPORT TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Session_CreateSignatureFromNameA ( TPdfToolsCryptoProvidersPkcs11_Session * pSession,
const char * szName )

Create a signature configuration based on certificate name.

Parameters
[in,out]pSessionActs as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Session.
[in]szNameThe name of the signing certificate (PdfToolsCryptoProviders_Certificate_GetName)
Returns
NULL if there is an error.
Note
An error occurred when NULL was returned. Retrieve specific error code by calling PdfTools_GetLastError. Get the error message with PdfTools_GetLastErrorMessage. Possible error codes:

◆ PdfToolsCryptoProvidersPkcs11_Session_CreateSignatureFromNameW()

PDFTOOLS_EXPORT TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Session_CreateSignatureFromNameW ( TPdfToolsCryptoProvidersPkcs11_Session * pSession,
const WCHAR * szName )

Create a signature configuration based on certificate name.

Parameters
[in,out]pSessionActs as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Session.
[in]szNameThe name of the signing certificate (PdfToolsCryptoProviders_Certificate_GetName)
Returns
NULL if there is an error.
Note
An error occurred when NULL was returned. Retrieve specific error code by calling PdfTools_GetLastError. Get the error message with PdfTools_GetLastErrorMessage. Possible error codes:

◆ PdfToolsCryptoProvidersPkcs11_Session_CreateTimestamp()

Create a time-stamp configuration Note that to create time-stamps, the PdfToolsCryptoProvidersPkcs11_Session_GetTimestampUrl must be set.

Parameters
[in,out]pSessionActs as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Session.
Returns
NULL if there is an error.
Note
An error occurred when NULL was returned. Retrieve specific error code by calling PdfTools_GetLastError. Get the error message with PdfTools_GetLastErrorMessage.

◆ PdfToolsCryptoProvidersPkcs11_Session_GetCertificates()

PDFTOOLS_EXPORT TPdfToolsCryptoProviders_CertificateList *PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Session_GetCertificates ( TPdfToolsCryptoProvidersPkcs11_Session * pSession)

The cerfificates of the device The certificates available in this device. Note that some certificates or their private keys (see PdfToolsCryptoProviders_Certificate_GetHasPrivateKey) might only be visible after PdfToolsCryptoProvidersPkcs11_Session_Login.

Parameters
[in,out]pSessionActs as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Session.
Returns
Retrieved value.

NULL if there is an error.

Note
An error occurred when NULL was returned. Retrieve specific error code by calling PdfTools_GetLastError. Get the error message with PdfTools_GetLastErrorMessage.

◆ PdfToolsCryptoProvidersPkcs11_Session_GetTimestampUrlA()

PDFTOOLS_EXPORT size_t PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Session_GetTimestampUrlA ( TPdfToolsCryptoProvidersPkcs11_Session * pSession,
char * pBuffer,
size_t nBufferSize )

The URL of the trusted time-stamp authority (TSA) from which time-stamps shall be acquired.

The TSA must support the time-stamp protocol as defined in RFC 3161.

The property’s value must be a URL with the following elements:

http[s]://[‹user›[:‹password›]@]‹host›[:‹port›][/‹resource›]

Where:

  • http/https: Protocol for connection to TSA.
  • ‹user›:‹password› (optional): Credentials for connection to TSA (basic authorization).
  • ‹host›: Hostname of TSA.
  • ‹port›: Port for connection to TSA.
  • ‹resource›: The resource.

Applying a time-stamp requires an online connection to a time server; the firewall must be configured accordingly. If a web proxy is used (see PdfTools_Sdk_GetProxy), make sure the following MIME types are supported:

  • application/timestamp-query
  • application/timestamp-reply
Parameters
[in,out]pSessionActs as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Session.
[out]pBufferRetrieved value. To determine the required buffer size, the function has to be called with NULL. The return value of this function specifies the buffer size.
[in]nBufferSizeThe buffer size of the retrieved string pBuffer.
Returns
The amount of data written to the buffer pBuffer. 0 if either an error occurred or the returned buffer is actually NULL. To determine if an error has occurred, check the error code as described in the note section below.
Note
An error occurred when 0 was returned and the error code returned by PdfTools_GetLastError is different from ePdfTools_Error_Success. Get the error message with PdfTools_GetLastErrorMessage.

◆ PdfToolsCryptoProvidersPkcs11_Session_GetTimestampUrlW()

PDFTOOLS_EXPORT size_t PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Session_GetTimestampUrlW ( TPdfToolsCryptoProvidersPkcs11_Session * pSession,
WCHAR * pBuffer,
size_t nBufferSize )

The URL of the trusted time-stamp authority (TSA) from which time-stamps shall be acquired.

The TSA must support the time-stamp protocol as defined in RFC 3161.

The property’s value must be a URL with the following elements:

http[s]://[‹user›[:‹password›]@]‹host›[:‹port›][/‹resource›]

Where:

  • http/https: Protocol for connection to TSA.
  • ‹user›:‹password› (optional): Credentials for connection to TSA (basic authorization).
  • ‹host›: Hostname of TSA.
  • ‹port›: Port for connection to TSA.
  • ‹resource›: The resource.

Applying a time-stamp requires an online connection to a time server; the firewall must be configured accordingly. If a web proxy is used (see PdfTools_Sdk_GetProxy), make sure the following MIME types are supported:

  • application/timestamp-query
  • application/timestamp-reply
Parameters
[in,out]pSessionActs as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Session.
[out]pBufferRetrieved value. To determine the required buffer size, the function has to be called with NULL. The return value of this function specifies the buffer size.
[in]nBufferSizeThe buffer size of the retrieved string pBuffer.
Returns
The amount of data written to the buffer pBuffer. 0 if either an error occurred or the returned buffer is actually NULL. To determine if an error has occurred, check the error code as described in the note section below.
Note
An error occurred when 0 was returned and the error code returned by PdfTools_GetLastError is different from ePdfTools_Error_Success. Get the error message with PdfTools_GetLastErrorMessage.

◆ PdfToolsCryptoProvidersPkcs11_Session_LoginA()

PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Session_LoginA ( TPdfToolsCryptoProvidersPkcs11_Session * pSession,
const char * szPassword )

Log in user into the cryptographic device.

Login is typically required to enable cryptographic operations. Furthermore, some of the device's objects such as certificates or private keys might only be visible when logged in.

Note that many devices are locked after a number of failed login attempts. Therefore, it is crucial to not retry this method using the same szPassword after a failed attempt.

Parameters
[in,out]pSessionActs as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Session.
[in]szPasswordThe user's password
Returns
TRUE if the operation is successful; FALSE if there is an error.
Note
An error occurred when FALSE was returned. Retrieve specific error code by calling PdfTools_GetLastError. Get the error message with PdfTools_GetLastErrorMessage. Possible error codes:

◆ PdfToolsCryptoProvidersPkcs11_Session_LoginW()

PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Session_LoginW ( TPdfToolsCryptoProvidersPkcs11_Session * pSession,
const WCHAR * szPassword )

Log in user into the cryptographic device.

Login is typically required to enable cryptographic operations. Furthermore, some of the device's objects such as certificates or private keys might only be visible when logged in.

Note that many devices are locked after a number of failed login attempts. Therefore, it is crucial to not retry this method using the same szPassword after a failed attempt.

Parameters
[in,out]pSessionActs as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Session.
[in]szPasswordThe user's password
Returns
TRUE if the operation is successful; FALSE if there is an error.
Note
An error occurred when FALSE was returned. Retrieve specific error code by calling PdfTools_GetLastError. Get the error message with PdfTools_GetLastErrorMessage. Possible error codes:

◆ PdfToolsCryptoProvidersPkcs11_Session_SetTimestampUrlA()

PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Session_SetTimestampUrlA ( TPdfToolsCryptoProvidersPkcs11_Session * pSession,
const char * szTimestampUrl )

The URL of the trusted time-stamp authority (TSA) from which time-stamps shall be acquired.

The TSA must support the time-stamp protocol as defined in RFC 3161.

The property’s value must be a URL with the following elements:

http[s]://[‹user›[:‹password›]@]‹host›[:‹port›][/‹resource›]

Where:

  • http/https: Protocol for connection to TSA.
  • ‹user›:‹password› (optional): Credentials for connection to TSA (basic authorization).
  • ‹host›: Hostname of TSA.
  • ‹port›: Port for connection to TSA.
  • ‹resource›: The resource.

Applying a time-stamp requires an online connection to a time server; the firewall must be configured accordingly. If a web proxy is used (see PdfTools_Sdk_GetProxy), make sure the following MIME types are supported:

  • application/timestamp-query
  • application/timestamp-reply
Parameters
[in,out]pSessionActs as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Session.
[in]szTimestampUrlSet value.
Returns
TRUE if the operation is successful; FALSE if there is an error.
Note
An error occurred when FALSE was returned. Retrieve specific error code by calling PdfTools_GetLastError. Get the error message with PdfTools_GetLastErrorMessage.

◆ PdfToolsCryptoProvidersPkcs11_Session_SetTimestampUrlW()

PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_Session_SetTimestampUrlW ( TPdfToolsCryptoProvidersPkcs11_Session * pSession,
const WCHAR * szTimestampUrl )

The URL of the trusted time-stamp authority (TSA) from which time-stamps shall be acquired.

The TSA must support the time-stamp protocol as defined in RFC 3161.

The property’s value must be a URL with the following elements:

http[s]://[‹user›[:‹password›]@]‹host›[:‹port›][/‹resource›]

Where:

  • http/https: Protocol for connection to TSA.
  • ‹user›:‹password› (optional): Credentials for connection to TSA (basic authorization).
  • ‹host›: Hostname of TSA.
  • ‹port›: Port for connection to TSA.
  • ‹resource›: The resource.

Applying a time-stamp requires an online connection to a time server; the firewall must be configured accordingly. If a web proxy is used (see PdfTools_Sdk_GetProxy), make sure the following MIME types are supported:

  • application/timestamp-query
  • application/timestamp-reply
Parameters
[in,out]pSessionActs as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_Session.
[in]szTimestampUrlSet value.
Returns
TRUE if the operation is successful; FALSE if there is an error.
Note
An error occurred when FALSE was returned. Retrieve specific error code by calling PdfTools_GetLastError. Get the error message with PdfTools_GetLastErrorMessage.

◆ PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_AddCertificate()

PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_AddCertificate ( TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration * pSignatureConfiguration,
const TPdfToolsSys_StreamDescriptor * pCertificate )

Add a certificate Add a certificate to the signature configuration. Adding certificates of the trust chain is often required, if they are missing in the PKCS#11 device's store and validation information is added (see PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_GetValidationInformation). For example, if this object has been created using PdfToolsCryptoProvidersPkcs11_Session_CreateSignatureFromKeyId.

Parameters
[in,out]pSignatureConfigurationActs as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration.
[in]pCertificateThe certificate in either PEM (.pem, ASCII text) or DER (.cer, binary) form
Returns
TRUE if the operation is successful; FALSE if there is an error.
Note
An error occurred when FALSE was returned. Retrieve specific error code by calling PdfTools_GetLastError. Get the error message with PdfTools_GetLastErrorMessage. Possible error codes:

◆ PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_GetAddTimestamp()

PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_GetAddTimestamp ( TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration * pSignatureConfiguration)

Whether to add a trusted time-stamp to the signature.

If TRUE, the PdfToolsCryptoProvidersPkcs11_Session_GetTimestampUrl must be set.

Default: FALSE

Parameters
[in,out]pSignatureConfigurationActs as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration.
Returns
Retrieved value.

May indicate an error in certain scenarios. For further information see the note section below.

Note
An error occurred when FALSE was returned and the error code returned by PdfTools_GetLastError is different from ePdfTools_Error_Success. Get the error message with PdfTools_GetLastErrorMessage.

◆ PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_GetHashAlgorithm()

PDFTOOLS_EXPORT TPdfToolsCrypto_HashAlgorithm PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_GetHashAlgorithm ( TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration * pSignatureConfiguration)

The message digest algorithm.

The algorithm used to hash the document and from which the cryptographic signature is created.

Default: ePdfToolsCrypto_HashAlgorithm_Sha256

Parameters
[in,out]pSignatureConfigurationActs as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration.
Returns
Retrieved value.

May indicate an error in certain scenarios. For further information see the note section below.

Note
An error occurred when 0 was returned. Retrieve specific error code by calling PdfTools_GetLastError. Get the error message with PdfTools_GetLastErrorMessage. Possible error codes:

◆ PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_GetSignatureFormat()

PDFTOOLS_EXPORT TPdfToolsCrypto_SignatureFormat PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_GetSignatureFormat ( TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration * pSignatureConfiguration)

The format (encoding) of the cryptographic signature Default: ePdfToolsCrypto_SignatureFormat_EtsiCadesDetached.

Parameters
[in,out]pSignatureConfigurationActs as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration.
Returns
Retrieved value.

May indicate an error in certain scenarios. For further information see the note section below.

Note
An error occurred when 0 was returned. Retrieve specific error code by calling PdfTools_GetLastError. Get the error message with PdfTools_GetLastErrorMessage.

◆ PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_GetSignaturePaddingType()

PDFTOOLS_EXPORT TPdfToolsCrypto_SignaturePaddingType PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_GetSignaturePaddingType ( TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration * pSignatureConfiguration)

The padding type of the cryptographic signature Default: ePdfToolsCrypto_SignaturePaddingType_RsaSsaPss for RSA and ePdfToolsCrypto_SignaturePaddingType_Default for ECDSA certificates.

Parameters
[in,out]pSignatureConfigurationActs as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration.
Returns
Retrieved value.

May indicate an error in certain scenarios. For further information see the note section below.

Note
An error occurred when 0 was returned. Retrieve specific error code by calling PdfTools_GetLastError. Get the error message with PdfTools_GetLastErrorMessage. Possible error codes:

◆ PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_GetValidationInformation()

PDFTOOLS_EXPORT TPdfToolsCrypto_ValidationInformation PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_GetValidationInformation ( TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration * pSignatureConfiguration)

Whether to add validation information (LTV)

For signing certificates that do not offer validation (revocation) information (OCSP or CRL), this property is ignored.

If downloading validation information fails, an error ePdfTools_Error_NotFound or ePdfTools_Error_Http is generated. See ePdfToolsSign_WarningCategory_AddValidationInformationFailed for a description of possible error causes and solutions.

Default: ePdfToolsCrypto_ValidationInformation_EmbedInDocument if the signing certificate offers validation information and ePdfToolsCrypto_ValidationInformation_None otherwise

Parameters
[in,out]pSignatureConfigurationActs as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration.
Returns
Retrieved value.

May indicate an error in certain scenarios. For further information see the note section below.

Note
An error occurred when 0 was returned. Retrieve specific error code by calling PdfTools_GetLastError. Get the error message with PdfTools_GetLastErrorMessage.

◆ PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_SetAddTimestamp()

PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_SetAddTimestamp ( TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration * pSignatureConfiguration,
BOOL bAddTimestamp )

Whether to add a trusted time-stamp to the signature.

If TRUE, the PdfToolsCryptoProvidersPkcs11_Session_GetTimestampUrl must be set.

Default: FALSE

Parameters
[in,out]pSignatureConfigurationActs as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration.
[in]bAddTimestampSet value.
Returns
TRUE if the operation is successful; FALSE if there is an error.
Note
An error occurred when FALSE was returned. Retrieve specific error code by calling PdfTools_GetLastError. Get the error message with PdfTools_GetLastErrorMessage.

◆ PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_SetHashAlgorithm()

PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_SetHashAlgorithm ( TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration * pSignatureConfiguration,
TPdfToolsCrypto_HashAlgorithm iHashAlgorithm )

The message digest algorithm.

The algorithm used to hash the document and from which the cryptographic signature is created.

Default: ePdfToolsCrypto_HashAlgorithm_Sha256

Parameters
[in,out]pSignatureConfigurationActs as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration.
[in]iHashAlgorithmSet value.
Returns
TRUE if the operation is successful; FALSE if there is an error.
Note
An error occurred when FALSE was returned. Retrieve specific error code by calling PdfTools_GetLastError. Get the error message with PdfTools_GetLastErrorMessage. Possible error codes:

◆ PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_SetSignatureFormat()

PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_SetSignatureFormat ( TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration * pSignatureConfiguration,
TPdfToolsCrypto_SignatureFormat iSignatureFormat )

The format (encoding) of the cryptographic signature Default: ePdfToolsCrypto_SignatureFormat_EtsiCadesDetached.

Parameters
[in,out]pSignatureConfigurationActs as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration.
[in]iSignatureFormatSet value.
Returns
TRUE if the operation is successful; FALSE if there is an error.
Note
An error occurred when FALSE was returned. Retrieve specific error code by calling PdfTools_GetLastError. Get the error message with PdfTools_GetLastErrorMessage.

◆ PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_SetSignaturePaddingType()

PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_SetSignaturePaddingType ( TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration * pSignatureConfiguration,
TPdfToolsCrypto_SignaturePaddingType iSignaturePaddingType )

The padding type of the cryptographic signature Default: ePdfToolsCrypto_SignaturePaddingType_RsaSsaPss for RSA and ePdfToolsCrypto_SignaturePaddingType_Default for ECDSA certificates.

Parameters
[in,out]pSignatureConfigurationActs as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration.
[in]iSignaturePaddingTypeSet value.
Returns
TRUE if the operation is successful; FALSE if there is an error.
Note
An error occurred when FALSE was returned. Retrieve specific error code by calling PdfTools_GetLastError. Get the error message with PdfTools_GetLastErrorMessage. Possible error codes:

◆ PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_SetValidationInformation()

PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_SignatureConfiguration_SetValidationInformation ( TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration * pSignatureConfiguration,
TPdfToolsCrypto_ValidationInformation iValidationInformation )

Whether to add validation information (LTV)

For signing certificates that do not offer validation (revocation) information (OCSP or CRL), this property is ignored.

If downloading validation information fails, an error ePdfTools_Error_NotFound or ePdfTools_Error_Http is generated. See ePdfToolsSign_WarningCategory_AddValidationInformationFailed for a description of possible error causes and solutions.

Default: ePdfToolsCrypto_ValidationInformation_EmbedInDocument if the signing certificate offers validation information and ePdfToolsCrypto_ValidationInformation_None otherwise

Parameters
[in,out]pSignatureConfigurationActs as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_SignatureConfiguration.
[in]iValidationInformationSet value.
Returns
TRUE if the operation is successful; FALSE if there is an error.
Note
An error occurred when FALSE was returned. Retrieve specific error code by calling PdfTools_GetLastError. Get the error message with PdfTools_GetLastErrorMessage.

◆ PdfToolsCryptoProvidersPkcs11_TimestampConfiguration_GetHashAlgorithm()

PDFTOOLS_EXPORT TPdfToolsCrypto_HashAlgorithm PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_TimestampConfiguration_GetHashAlgorithm ( TPdfToolsCryptoProvidersPkcs11_TimestampConfiguration * pTimestampConfiguration)

The message digest algorithm.

The algorithm used to hash the document and from which the time-stamp signature is created.

Note: This algorithm must be supported by the time-stamp server; many support only SHA-256.

Default: ePdfToolsCrypto_HashAlgorithm_Sha256

Parameters
[in,out]pTimestampConfigurationActs as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_TimestampConfiguration.
Returns
Retrieved value.

May indicate an error in certain scenarios. For further information see the note section below.

Note
An error occurred when 0 was returned. Retrieve specific error code by calling PdfTools_GetLastError. Get the error message with PdfTools_GetLastErrorMessage. Possible error codes:

◆ PdfToolsCryptoProvidersPkcs11_TimestampConfiguration_SetHashAlgorithm()

PDFTOOLS_EXPORT BOOL PDFTOOLS_CALL PdfToolsCryptoProvidersPkcs11_TimestampConfiguration_SetHashAlgorithm ( TPdfToolsCryptoProvidersPkcs11_TimestampConfiguration * pTimestampConfiguration,
TPdfToolsCrypto_HashAlgorithm iHashAlgorithm )

The message digest algorithm.

The algorithm used to hash the document and from which the time-stamp signature is created.

Note: This algorithm must be supported by the time-stamp server; many support only SHA-256.

Default: ePdfToolsCrypto_HashAlgorithm_Sha256

Parameters
[in,out]pTimestampConfigurationActs as a handle to the native object of type TPdfToolsCryptoProvidersPkcs11_TimestampConfiguration.
[in]iHashAlgorithmSet value.
Returns
TRUE if the operation is successful; FALSE if there is an error.
Note
An error occurred when FALSE was returned. Retrieve specific error code by calling PdfTools_GetLastError. Get the error message with PdfTools_GetLastErrorMessage. Possible error codes: