Version 4 of PDFing allows you to "sign" the PDF files that it produces. The digital signature that PDFing creates conforms to Internet standard: PKCS#7 and proves that the signed PDF was created by the person who claims to be its author, and ensures that the PDF has not been changed in any way since it was signed. You will need to purchase a license-key for the "Printing and Digital-Signing" components of PDFing, in order to have full-control of signing.

Signing requires that PDFing can access "certificates" containing public and private key-pairs. In order to secure the private-keys in these certificates from unauthorised access, PDFing imports your certificate-files to its own section of a user's windows certificate store, in such a way that the certificate's private-key information can never be exported.

Because imported certificates are accessible only to the user who imported them, you must run PDFing under the importer's user-name. If you run PDFing as a service, and you want to sign PDF files, then you should not run the service using the "local system account" log-in, but instead you should specify the user-name and password for the "PDFingMailer" service log-in.

To import a certificate, you must have a certificate-file that conforms to the PKCS#12 standard. In windows files conforming to this standard are generally referred to as "Personal Information Exchange" files. The certificate file must contain the public and private key-pairs and you must know the password which allows the file to be opened.

When you are ready to import, open the [Security] page of the PDFing configuration form. At the bottom of this page, you should see the following controls:

If you do not see these "certificate" controls, you will need to download the full version of PDFing, which installs all the necessary files. If you can see these controls, press the "Import" button and the following dialog will be displayed.

The controls on this dialog allow you to browse for your certificate-file, enter the password and (optionally) allows you to delete the certificate file after it is imported. When you have selected the file and entered its password, select the "To storage" number and press the "Finish" button to complete the import process.

After a successful import, the number and "common name" of the certificate is added to the list in the "Certificates"list-box control. You can remove a listed certificate, by un-checking its name. You may also use the certificates "snap-in" for MMC (Microsoft Management Console) to manage the certificates you have imported in store: Certificates - Current User\PDFing.

You can control which PDF files are signed, either by selecting a "markup" file which specifies a storage-number containing a signing-certificate, or by using the following OS400 "tag":

EEC=0

EEC=1

PDFing (version 3.1.05 and later) allows you to customize the appearance of the signature "widget".

The default background image of the widget can be replaced by your own image, which must be in JPEG2000 format. The image file must be copied to the: \PDFing\Markup\ directory and you must create file: \PDFing\Markup\Custom.sig containing the following keyword/value pairs:

IMAGEFILE=Test.jp2
IMAGEHEIGHT=72
IMAGEWIDTH=72

Where the keys specify the JPEG2000 image file and its height and width. You must also specify that you want to use this image, using the control described below.

The control labelled "Widget" on the [SECURITY] page of the markup form provides four flags which switch the following options on or off.

• position 1 - Switches the signature and algorithm strings on (1) or off (0).
• position 2 - Switches widget visibility on the printed PDF on (1) or off (0).
• position 3 - Switches the background image on (1) or off (0).
• position 4 - Switches the customized image (see above) on (1) or off (0).

When viewing a digitally-signed PDF in Acrobat Reader, the viewer may verify the signature manually by right clicking it. Alternatively the viewer may modifying the advanced security settings of acrobat reader.

If you ask PDFing to sign a PDF, but you have not purchased the necessary NT Service license-key, then a "signature-widget" will always appear at the top-left of the first PDF page.

In this third release of the "digital-signing" feature, please note the following general limitation.

• Only one certificate at a time can be used for signing.