Adobe 22002486 Digital Signature User Guide - Page 81
Property, Description
View all Adobe 22002486 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 81 highlights
Acrobat 9 Family of Products Security Feature User Guide Controlling Signing with Seed Values Specifying Certificate Properties for Signing 81 Table 11 Seed values: certSpec properties Property Type Description flags number issuer array of certificate objects keyUsage array of integers oid array of strings A set of bit flags controlling which of the following properties of this object are required. The value is the logical OR of the following values, which are set if the corresponding property is required: 1: subject 2: issuer 4: oid 8: subjectDN (Acrobat 8 and later) 16: issuerDN (Acrobat 8 and later) 32: keyUsage (Acrobat 8 and later) 64: url (Acrobat 8 and later) If this field is not present, all properties are optional. Usage: 1 specifies subject, 3 specifies subject and issuer, and 6 specifies issuer and oid. That is, values can be added. If this field is not present, all properties are optional. One or more issuers that are acceptable for signing. The issuer can be a root or intermediate root certificate. Access to the physical, DER-encoded certificate is required. It is identified by a path to a discrete file in the format of ["/c/test/root.cer"]. (Acrobat 8.0) Integers in HEX or decimal that specify the keyUsage extension that must be present in the signing certificate. Each integer is constructed as follows: There are two bits used for each keyUsage type (defined in RFC 3280) starting from the least significant bit: digitalSignature(bits 2,1) nonRepudiation(4,3) keyEncipherment(6,5) dataEncipherment(8,7) keyAgreement(10,9) keyCertSign(12,11) cRLSign(14,13) encipherOnly(16,15) decipherOnly(18,17) The value of the two bits have the following semantics: 00: The corresponding keyUsage is not allowed. 01: The corresponding keyUsage is required. 10 and 11: The state of the corresponding keyUsage doesn't matter. For example, if it's required that keyUsage must require digitalSignature and the state of all other's doesn't matter, then the corresponding integer would be 0x7FFFFFFD. That is, to represent digitalSignature, set 01 for bits 2 and 1 respectively, and set 11 for all other keyUsage types. One or more policy OIDs that must be present in the signing certificate's policy. The OID is part of the value of the certificate's certificate policy field. This property is only applicable if the issuer property is present. oid and issuer can be used together to specify a certificate that has the selected policy.