Signing requires that PDFing can access "certificates" containing public
and private key-pairs. In order to secure the private-keys in these certificates
from unauthorised access, PDFing imports your certificate-files to its own section of
a user's windows certificate store, in such a way that the certificate's private-key
information can never be exported.
Because imported certificates are accessible only to the user who imported them, you
must run PDFing under the importer's user-name. If you run PDFing as a service, and
you want to sign PDF files, then you should not run the service using
the "local system account" log-in, but instead you should specify the user-name
and password for the "PDFingMailer" service log-in.
To import a certificate, you must have a certificate-file that conforms to the
PKCS#12
standard. In windows files conforming to this standard are generally referred
to as "Personal Information Exchange" files. The certificate file
must contain the public and private key-pairs and you must know
the password which allows the file to be opened.
When you are ready to import, open the [Security] page of the PDFing configuration
form. At the bottom of this page, you should see the following controls:
If you do not see these "certificate" controls, you will need to download
the full version of PDFing, which installs all the necessary files.
If you can see these controls, press the "Import" button and
the following dialog will be displayed.
The controls on this dialog allow you to browse for your certificate-file, enter the
password and (optionally) allows you to delete the certificate file after it is imported.
When you have selected the file and entered its password, select the "To storage"
number and press the "Finish" button to complete the import process.
After a successful import, the number and "common name" of the certificate is
added to the list in the "Certificates"list-box control. You can
remove a listed certificate, by un-checking its name. You may also use
the certificates "snap-in" for MMC (Microsoft Management Console) to manage
the certificates you have imported in store: Certificates - Current User\PDFing.
You can control which PDF files are signed, either by selecting a
"markup" file which specifies a storage-number containing a
signing-certificate, or by using the following OS400
"tag":
EEC=0
EEC=1
Where 0 requests that the PDF should not be signed, and
greater than 0 selects a storage-number containing a signing-certificate.
When using either of these methods, you must ensure that the configuration
control labelled: "Allow signing ?" is set to YES.
PDFing (version 3.1.05 and later) allows you to customize the appearance of
the signature "widget".
The default background image of the widget can be replaced by your own image,
which must be in JPEG2000 format. The image file must be copied to the:
\PDFing\Markup\
directory and you must create file:
\PDFing\Markup\Custom.sig
containing the following keyword/value pairs:
IMAGEFILE=Test.jp2
IMAGEHEIGHT=72
IMAGEWIDTH=72
Where the keys specify the JPEG2000 image file and its height and width. You
must also specify that you want to use this image, using the control
described below.
The control labelled "Widget" on the
[SECURITY] page of the markup form provides four flags which switch
the following options on or off.
-
position 1 - Switches the signature and algorithm strings on (1) or off (0).
-
position 2 - Switches widget visibility on the printed PDF on (1) or off (0).
-
position 3 - Switches the background image on (1) or off (0).
-
position 4 - Switches the customized image (see above) on (1) or off (0).
When viewing a digitally-signed PDF in Acrobat Reader,
the viewer may verify the signature manually by right clicking it.
Alternatively the viewer may modifying the advanced security settings
of acrobat reader.
If you ask PDFing to sign a PDF, but you have not purchased the necessary
NT Service license-key,
then a "signature-widget" will always appear at the top-left
of the first PDF page.
In this third release of the "digital-signing" feature, please note the
following general limitation.
-
Only one certificate at a time can be used for signing.