DLI Implementation and Reference Guide - Datalogics

Digital Signatures 15.5
dlpdfsignaturesetx509cert
This call associates an x.509 v3 certificate with a DLPDFSIGNATURE object created as
a dlpdfsigacrox509-certificate digital signature. Do not call this with a
DLPDFSIGNATURE object created as a different certificate type.
The certificate is passed as a binary buffer in the certificate parameter; DLI will read
certLen bytes from this buffer and make a copy for the PDF file's digital signature.
The last parameter is a required callback function, to be called during the
dlpdfdocwritepdf function call. It will be passed a character string containing the
SHA-1 hash for the PDF file being written, as a NULL-terminated string of
hexadecimal digits using PKCS #1 padding, containing a BER OID (object identifier)
for the SHA-1 algorithm. The buffer is 256 bytes long (not including the NULL
terminator), and formatted as
0001FFFF .. FF003021300906052B0E03021A05000414
[ 40 hex digits for SHA-1 hash ]
The callback function must encrypt this hash value with the private key corresponding
to the public key in the signature's x.509 certificate, and fill the buffer passed in with
256 hexadecimal digits representing the encrypted value for the supplied BER
formatted hash. A 1024-bit key is used for encryption operations.
NOTE: The signed hash will not have padding, and must be exactly 256
hexadecimal digits. If necessary, use zeros to pad it to the required length.
dlpdfsignaturesetpkcs7cert
This function sets the certificate generation callback for DLPDFSIGNATUREs of type
dlpdfsigacropkcs7 and dlpdfsigverisign. For these signature types, the
application using DLI is required to generated a fully-formed PKCS #7 certificate
with an MD5 checksum of the PDF document, encrypted with the private key