Adobe 22002486 Digital Signature User Guide - Page 84
Specifying Certificates by Policy
View all Adobe 22002486 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 84 highlights
Acrobat 9 Family of Products Security Feature User Guide Controlling Signing with Seed Values Specifying Certificates by Policy 84 1. Specify 00, 01, 10, or 11 for each of the keyUsage values beginning with the least significant bit (the last one in the list in Table 11). For example: digitalSignature is disallowed and non repudiation is required, and other values don't matter: 111111111111110100. Convert to HEX: 3FFF4 digitalSignature is required and non repudiation is disallowed, and other values don't matter: 111111111111110001. Convert to HEX: 3FFF1 2. Remove the 3 and prepend the HEX value with 0x7FFF so it is in the correct HEX 32-bit format such as 0x7FFFFFF1. 3. Enter a flag value to indicate whether the value is required or not. Set 32 if keyUsage is required and there are no other certspec properties. 4. Run the JavaScript, save the document, and test the field. Example 5.10 Certificate key usage seed value // Obtain the signature field object: var f = this.getField("mySigFieldName"); f.signatureSetSeedValue({ certspec: { keyUsage: [0x7FFFFFF1], //Set KeyUsage to "digitalSignature" flags: 32 //Require keyUsage }, }); 5.10.3 Specifying Certificates by Policy For legal reasons, policies are often associated with certificates. One way policies are identified is through an object identifier (OID), a unique series of numbers in the certificate policies' field that identifies the policy. Since an oid is always used with the issuer, authors can use this seed value pair when a company issues different certificates with different policies and it is necessary to restrict signing to certificates associated with a certain policy. To restrict signing to a certificate containing a specific policy: 1. Create a signature field with an intuitive name and tooltip. 2. Create the JavaScript that gets the field object and uses the seed value method (Example 5.11). 3. Specify the issuer. 4. Specify the oid. A policy OID is part of the value of the certificate's certificate policy field (Figure 62). 5. Enter a flag value to indicate whether the value is required or not. A value of 6 is recommended since issuer and oid must be specified together. 6. Run the JavaScript, save the document, and test the field.