If Microsoft Office signatures were selected then the following screen is shown. Each of the options is discussed in the table below:



The configuration items are as follows:

Items

Description

Signature Settings

Select the signature format to be produced. For more details see the section Supported Signature types. 

Timestamp (TSA) Settings

Select the required timestamp authority (or potentially several authorities) from the list of pre-registered TSAs. The configuration of TSA address(es) is described in this section: Configuring Time Stamp Authorities (TSA).

Note: If the signing certificate Issuer CA (defined in Trust Manager) has one or more associated TSAs then these settings override the TSAs defined in this signing profile.

Revocation Status   Information Unavailable Error

If one of following signature types are selected:

  • XAdES-C
  • XAdES-X
  • XAdES-X-L

Then an extra check box is offered to decide if ADSS Server should return an error if it cannot embed the revocation information when creating the Long-Term signature.

Such signatures  require embedded status/ revocation information for the signer's certificate chain. This is useful to stop basic signatures being created when a communication failure prevents revocation information being obtained from external resources.  If this check box is not selected then the signature will be produced but it may not contain the embedded revocation if this was unavailable at the time of signing, e.g. if the relevant OCSP is not responding or if the dynamic CRL is unavailable. ADSS Server is generally configured to cache CA CRLs locally and it also has a short-life cache for dynamic CRLs and OCSP responses.

Note: It is recommended you always tick this box.

Signature Line

A Signature line is an empty signature field inside an Office document.  The signature line will have been defined using either an "email address" or "signature id". 

When ADSS Server signs an Office document using this signing profile it will then search for this signature line and embed the signature details within that field. This information is passed via the signing service API.  A default value can be provided as shown in the example above - tick the box to allow the API call to override this value. 

Note: If the signature line is being referred to using an email addresses then be aware that this information is case-sensitive so ensure you enter the correct signature line email address using the correct case sensitivity as used within the Office document.

Note: If there are two signature lines in the document with the same email address then ADSS Server signs both signature lines at the same time (in one service call).

Hashing Algorithm

Select which hash algorithm to use as part of the signature creation process. The following algorithms are supported: 

  • SHA1
  • SHA2 (SHA256, SHA384, SHA512)

Note: SHA256 is recommended.


See also

PDF/PAdES Signing Attributes

PDF/PAdES Hash Signing Attributes
Microsoft Office Signing Attributes
PKCS7 Signing Attributes
CMS/CAdES Signing Attributes
XML/XAdES Signing Attributes
S/MIME Signing Attributes