pdftools_sdk.crypto.providers.pkcs11.signature_configuration

Classes

SignatureConfiguration(handle)

The signature configuration
class pdftools_sdk.crypto.providers.pkcs11.signature_configuration.SignatureConfiguration(handle)[source]

Bases: SignatureConfiguration

The signature configuration

add_certificate(certificate: IOBase) None[source]

Add a certificate

Add a certificate to the signature configuration. Adding certificates of the trust chain is often required, if they are missing in the PKCS#11 device’s store and validation information is added (see pdftools_sdk.crypto.providers.pkcs11.signature_configuration.SignatureConfiguration.validation_information ). For example, if this object has been created using pdftools_sdk.crypto.providers.pkcs11.session.Session.create_signature_from_key_id() .

Parameters:

certificate (io.IOBase) – The certificate in either PEM (.pem, ASCII text) or DER (.cer, binary) form

Raises:

pdftools_sdk.corrupt_error.CorruptError – If the certificate is corrupt and cannot be read

property hash_algorithm: HashAlgorithm

The message digest algorithm

The algorithm used to hash the document and from which the cryptographic signature is created.

Default is pdftools_sdk.crypto.hash_algorithm.HashAlgorithm.SHA256

Returns:

pdftools_sdk.crypto.hash_algorithm.HashAlgorithm

property signature_padding_type: SignaturePaddingType

The padding type of the cryptographic signature

Default is pdftools_sdk.crypto.signature_padding_type.SignaturePaddingType.RSASSAPSS for RSA and pdftools_sdk.crypto.signature_padding_type.SignaturePaddingType.DEFAULT for ECDSA certificates

Returns:

pdftools_sdk.crypto.signature_padding_type.SignaturePaddingType

property signature_format: SignatureFormat

The format (encoding) of the cryptographic signature

Default is pdftools_sdk.crypto.signature_format.SignatureFormat.ETSICADESDETACHED

Returns:

pdftools_sdk.crypto.signature_format.SignatureFormat

property add_timestamp: bool

Whether to add a trusted time-stamp to the signature

If True, the pdftools_sdk.crypto.providers.pkcs11.session.Session.timestamp_url must be set.

Default is False

Returns:

bool

property validation_information: ValidationInformation

Whether to add validation information (LTV)

For signing certificates that do not offer validation (revocation) information (OCSP or CRL), this property is ignored.

If downloading validation information fails, an error pdftools_sdk.not_found_error.NotFoundError or pdftools_sdk.http_error.HttpError is generated. See pdftools_sdk.sign.warning_category.WarningCategory.ADDVALIDATIONINFORMATIONFAILED for a description of possible error causes and solutions.

Default is pdftools_sdk.crypto.validation_information.ValidationInformation.EMBEDINDOCUMENT if the signing certificate offers validation information and pdftools_sdk.crypto.validation_information.ValidationInformation.NONE otherwise

Returns:

pdftools_sdk.crypto.validation_information.ValidationInformation