Hello,
I am trying to have my PDF’s certification LTV enabled along with the document permission of PDF::DigitalSignatureField::e_no_changes_allowed since this two requirements are a MUST HAVE on the app we are building. As far as I have learned, there is no way to do this if the necessary data for LTV enabling (OCSPs, CRLs, Certs) is not included in the signed attributes of the certification BEFORE signing/certifying de PDF. My guess is that, it should be around this classic line of the certification examples from Apryse:
// Optionally, you can add a custom signed attribute at this point, such as one of the PAdES ESS attributes.
vector<UChar> pades_versioned_stuff(digsig_field.GenerateESSSigningCertPAdESAttribute(signer_cert, Crypto::DigestAlgorithm::e_SHA256));
So I am thinking that there should be a way of doing this by adding the BER encoded CRLs, OCSPs and Certs to the pades_versioned_stuff array and then:
vector<UChar> signedAttrs(DigitalSignatureField::GenerateCMSSignedAttributes(pdf_digest, pades_versioned_stuff));
All this sounds good in theory but doing so in C++ it’s quite the challenge and I have very little idea how to begin with this. Questions arisen are:
- How do I BER encode anything really? does it have to be in an ASN.1 format before encoding?
- What exactly needs BER encoding, other resources say OCSP and CRL response, but what exactly is that?
- How do I add the BER encoded data gather somewhere else to the
vector<UChar> pades_versioned_stuffvariable?
Apryse Community (hopefully Ryan can help with this, he seems to know a lot about signing) Is there anyway I can achieve this? Is there a better way to go about this? any pointers or suggestions are welcomed.
Thank you
Santiago G.