Modify Signature Field operation

Modifies the field lock and seed value options and field MDP options of an unsigned signature field in a PDF document. A field lock value specifies a list of fields that are locked when a signature field is signed. A locked field prevents users from making changes to the field. A seed value contains constraining information that is used at the time the signature is applied, such as the actions that can occur without invalidating the signature.

For example, your application must lock all the fields after the PDF document is signed. The existing signature field might lock only one field after a digital signature is applied. You use the Modify Signature Field operation to change the signature field so that all fields are locked after a signature is applied.

For information about the General and Route Evaluation property groups, see Common operation properties.

Some properties of this operation provide the following buttons to manage entries in lists:

A green plus sign.Add A List Entry:
Adds an entry to the list. Depending on the option, you type the information, select an item from a drop-down list, or select a file from a network location or computer. When you select a file from a location on your computer, during run time, the file must exist in the same location on the LiveCycle Server.

A red "X".Delete Selected List Entry:
Removes an entry from the list.

A blue arrowhead pointing up.Move Selected List Entry Up One Row:
Moves the selected entry up in the list.

A blue arrowhead pointing down.Move Selected List Entry Down One Row:
Moves the selected entry down in the list.

Input properties

Properties to specify the PDF document with an unsigned signature field, the name of the signature field, and the signature field properties.

Input PDF

A document value that represents the PDF document where the signature field is modified.

If you provide a literal value, clicking the ellipsis button opens the Select Asset dialog box. (See About Select Asset.)

When you provide a PDF document that has unsigned signature fields, it populates the Signature Field Name property as a list. The list contains fully qualified names of unsigned signature fields in the PDF document.

Signature Field Name

A string value that represents the name of the signature field in the PDF document that contains a signature. The fully qualified name of the signature field must be specified. When using a PDF document based on a form created in Designer, the partial name of the signature field can be used. For example, form1[0].#subform[1].SignatureField3[3] can be specified as SignatureField3[3].

If you are modifying signature fields in a PDF document, the partial name of the signature field can also be used. For example, form1[0].#subform[1].SignatureField3[3] can be specified as SignatureField3[3]. If multiple signature fields exist with a similar partial name, the first signature field enumerated with the same partial name is signed. It is recommended that a fully qualified name is used to avoid these situations.

If you provide a literal value for Signature Name Field and a literal value is provided in the Input PDF property, a list appears. Select one of the values from the list of fully qualified names. Each fully qualified name represents an unsigned signature field in the provided PDF document.

Field MDP Options Spec

(Optional) A FieldMDPOptionSpec value that specifies the PDF document fields that are locked after the signature field is signed.

If you provide a literal value, you can set the following options.

Field Locking Action:
A list that sets the type of action to use to lock fields in a PDF document. Select one of these values:
  • All Fields: Lock all fields in the PDF document.

  • Include Fields: Lock only the fields specified in the Application To Form Fields option.

  • Exclude Fields: Lock all fields except for those specified in the Applicable To Form Fields option.

Applicable to Form Fields:
Sets a comma-separated list of fully qualified field names that indicate which fields the action is applicable or not applicable to. This option is available when the Field Locking Action option is set to a value of Include Fields or Exclude Fields.

Seed Value Options Spec

(Optional) A PDFSeedValueOptionSpec value that represents the seed value dictionary that is associated with a signature field. A seed value dictionary contains entries that constrain information that is used at the time the signature is applied. The options are used for specifying the document signature settings.

If you provide a literal value, you can set the following options:

Signature Handler Options:
Options for specifying the filters and subfilters that are used for validating a signature field. The signature field is embedded in a PDF document and the seed value dictionary is associated with a signature field.
  • Signature Handler: A list of handlers to use for the digital signatures. Adobe.PPKLite is a valid value that can be selected to represent the creation and validation of Adobe-specific signatures. You can use other signature handlers by typing string values, such as Entrust.PPEF, CIC.SignIt, and VeriSign.PPKVS. For information about supported signature handlers, see PDF Utilities Service. No default value is selected. The following signature handler is available to be selected from the list:

    • Adobe.PPKLite: The recommended handler for signing PDF documents.

      Required: Select to specify that the signature handler is used for the seed value. It is not selected by default.

  • Signature SubFilter: The supported subfilter names, which describe the encoding of the signature value and key information. Signature handlers must support the listed subfilters; otherwise, the signing fails. These string values, which you must type, are valid for public-key cryptographic (see PDF Utilities Service):

    • adbe.x509.rsa_sha1: The key contains a DER-encoded PKCS#1 binary data object. The binary objects represent the signature that is obtained as the RSA encryption of the byte range SHA-1 digest with the private key of the signer. Use this value when signing PDF documents using PKCS#1 signatures.

    • adbe.pkcs7.detached: The key is a DER-encoded PKCS#7 binary data object that contains the signature. No data is encapsulated in the PKCS#7-signed data field.

    • adbe.pkcs7.sha1: The key is a DER-encoded PKCS#7 binary object that represents the signature value. The SHA-1 digest of the byte range digest is encapsulated in the PKCS#7 signed data.

    Required: Select to specify that signature subfilters are used for the seed value. It is not selected by default.

  • Digest Methods: The list of acceptable hashing algorithms to use. Add an item to the list and select an encryption algorithm. Select one of these values:

    • SHA1: (Default) The Secure Hash Algorithm that has a 160-bit hash value.

    • SHA256: The Secure Hash Algorithm that has a 256-bit hash value.

    • SHA384: The Secure Hash Algorithm that has a 384 bit-hash value.

    • SHA512: The Secure Hash Algorithm that has a 512 bit-hash value.

    • RIPEMD160: The RACE Integrity Primitives Evaluation Message Digest that has a 160-bit message digest algorithm and is not FIPS-compliant.

    Required: Select to specify that the signature encryption algorithms are used for the seed value. It is not selected by default.

  • Minimum Signature Compatibility Level: The minimum PDF version to use to sign the signature field. Select one of these values:

    • PDF 1.5: Use PDF Version 1.5.

    • PDF 1.7: Use PDF Version 1.7.

    Required: Select to specify the minimum signature compatibility level is used for the seed value. It is not selected by default.

Signature Information:
A group of options for specifying the reasons, timestamp, and details of the digital signature.
  • Include Revocation Information in Signature: Select to specify that revocation information must be embedded as part of the signature for long-term validation support. When you deselect this option, the revocation information is not embedded as part of the signature. By default, this option is deselected.

    Required: Select to specify that revocation checking is required for the seed value. It is not selected by default.

  • Signing Reasons: The list of reasons that are associated with the seed value dictionary used for signing the PDF document. Add an item to the list and type a reason.

    Required: Select to specify that the associated reasons are included for the seed value. It is not selected by default.

  • TimeStamp Server URL: The URL that specifies the location of the timestamp server to use when signing a PDF document.

    Required: Select to specify that the timestamp server is required for the seed value. It is not selected by default.

  • Signing/Enrollment Server URL: The location of the server that provides a web service. The web service digitally signs a PDF document or enrolls for new credentials.

    Required: Select to specify that the signing or enrollment server is used for the seed value. It is not selected by default.

  • Server Type: The type of server to use for the value specified for the Signing/Enrollment Server URL option. Select one of these values:

    • Browser: (Default) The URL references content that is displayed in a web browser to allow enrolling for a new credential if a matching credential is not found.

    • ASSP: The URL references a signature web service. The web service is used to digitally sign the PDF document on a server. The server is specified in the Signing/Enrollment Server URL option in this operation.

    Required: Select to use the web service to sign the PDF document. It is not selected by default.

Signature Type:
The changes that are permitted after the signature is added and legal attestations are provided.
  • Type of Signature: The list representing the type of signatures that can be applied to the signature field. Select one of these values:

    Any: (Default) Any type of signature can be applied when filling forms, instantiating page templates, or creating, deleting, and modifying annotations.

    Recipient Signature: Restricts the signer to apply a Four Corner security model on the signature field.

    Certification Signature: Constrains the signer to apply a certification signature on the signature field with specified permissions. The specified permissions are configured in the Field MDP Options Spec property for this operation. Select one of these values:

    • No changes allowed: The end user is not permitted to change the form. Any change invalidates the signature.

    • Form fill-in and digital signatures: The end user is permitted to fill the form, instantiate page templates, and sign the form.

    • Annotations, form fill-in, and digital signatures: The end user is permitted to fill the form, instantiate page templates, sign the form, and create annotations, deletions and modifications.

  • Legal Attestations: The list of legal attestations that are associated with the seed value. Legal attestation constraints affect only a certification signature. When you select Any or Certificate Signature option for the Type of Signature, you can add a legal attestation to the list by typing it.

    Required: Select to specify that legal attestations are used for the seed value. It is not selected by default.

Signing Certificates:
The list of certificates, keys, issuers, and policies that are used for a digital signature. Add certificates, keys, issuers, and policies to the list by using the Open dialog box.
  • Signing Certificates: A list of certificates that are used for certifying and verifying a signature.

    Required: Select to specify that signing certificates are used for the seed value. It is not selected by default.

  • Subject Distinguished Name: The list of dictionaries, where each dictionary contains key value pairs that specify the subject distinguished name (DN). The DN must be present within the certificate for it to be acceptable for signing. Add DNs to the list by using the Add Subject DN dialog box. (See Add Subject DN.)

    Required: Select to specify that subject distinguished names are used for the seed value. It is not selected by default.

  • KeyUsage: The list of key usage extensions that must be present for signing a certificate. Add an entry to the list and select the key usage. Additional key usage entries are available in PDF Utilities Service. Select one of these key usage values for each entry:

    • Don’t Care: (Default) The key usage extension is optional.

    • Require Key Usage: The key usage extension must be present.

    • Exclude Key Usage: The key usage extension must not be present.

    Required: Select to specify that key usage extensions are used for the seed value. It is not selected by default.

Issuers and Policies:
The list of certificate issuers, policies, and associated object identifiers.
  • Certificate Issuers: The list of certificate issuers. Add certificate issuers to the list by using the Open dialog box.

    Required: Select to specify that certificate issuers are used for the seed value. It is not selected by default.

  • Certificate Policies And Associated Object Identifiers: The list of certificate policies that are associated with the certificate seed value. Add certificate policies to the list by typing it.

    Required: Select to specify that certificate policies and associated identifies are used for the seed value. It is not selected by default.

Outputproperties

Property to specify the PDF document.

Output PDF

The location in the process data model to store the modified PDF document. The data type is document.