XFRX version 14.0

Owned by martinajindrova
Jun 01, 2014

Release date: 19 July 2010

New features

Digital signatures in PDF

The digital signature can be used to validate the document content and the identity of the signer. (You can find more at http://en.wikipedia.org/wiki/Digital_signature). XFRX implements the "MDP (modification detection and prevention) signature" based on the PDF specification version 1.7, published in November 2006.

The signing algorithm in XFRX computes the encrypted document digest and places it, together with the user certificate, into the PDF document. When the PDF document is opened, the Adobe Acrobat (Reader) validates the digest to make sure the document has not been changed since it was signed. It also checks to see if the certificate is a trusted one and complains if it is not. The signature dictionary inside PDF can also contain additional information and user rights - see below.

At this moment XFRX supports invisible signatures only (Acrobat will show the signature information, but there is no visual element on the document itself linking to the digital signature). We will support visible signatures in future versions.

In the current version, XFRX is using the CMS/PKCS #7 detached messages signature algorithm in the .net framework to calculate the digest - which means the .NET framework 2.0 or newer is required. The actual process is run via an external exe - "xfrx.sign.net.exe", that is executed during the report conversion process. In future, we can alternatively use the OpenSSL library instead.

How to invoke the digital signing

(Note: the syntax is the same for VFP 9.0 and pre-VFP 9.0 calling methods)

To generate a signed PDF document, call the DigitalSignature method before calling SetParams. The DigitalSignature method has 7 parameter:

cSignatureFileThe .pfx file. pfx, the "Personal Information Exchange File". This file contains the public certificate and (password protected) private key. You get this file from a certificate authority or you can generate your own for testing, which for example, OpenSSL (http://www.slproweb.com/products/Win32OpenSSL.html). XFRX comes with a sample pfx that you can use for testing.cPasswordThe password protecting the private key stored in the .pfx filenAccessPermissionsper PDF specification:
1 - No changes to the document are permitted; any change to the document invalidates the signature.
2 - Permitted changes are filling in forms, instantiating page templates, and signing; other changes invalidate the signature. (this is the default value)
3 - Permitted changes are the same as for 2, as well as annotation creation, deletion and modification; other changes invalidate the signature.cSignatureNameper PDF specification: The name of the person or authority signing the document. This value should be used only when it is not possible to extract the name from the signature; for example, from the certificate of the signer.cSignatureContactInfoper PDF specification: Information provided by the signer to enable a recipient to contact the signer to verify the signature; for example, a phone number.cSignatureLocationper PDF specification: The CPU host name or physical location of the signing.cSignatureReasonper PDF specification: The reason for the signing, such as ( I agree ... ).

Demo

The demo application that is bundled with the package (demo.scx/demo9.scx) contains a testing self-signed certificate file (TestEqeus.pfx) and a sample that creates a signed PDF using the pfx. Please note Acrobat will confirm the file has not changed since it was signed, but it will complaing the certificate is not trusted - you would either need to add the certificate as a trusted one or you would need to use a real certificate from a certification authority (such as VeriSign).

Feedback

Your feedback is very important for us. Please let us if you find this feature useful and what features you're missing.