This page is used to configure the PDF/PAdES signature settings that will be used by Go>Sign applet:

The configuration items are as follows:

Items

Description

PDF Signature Settings

A mandatory field that selects the type of signature to be produced by this Go>Sign profile. The following types  of signatures are supported:

PDF Signatures based on ISO 32000-1:

  • Standard PDF Signature.
  • PDF signature with embedded timestamp.
  • PDF signature with embedded timestamp and revocation information.


PAdES Signatures based on ETSI standards:

Baseline Signatures:

  • PAdES-B-B
  • PAdES-B-T
  • PAdES-B-LT
  • PAdES-B-LTA

Extended Signatures:

  • PAdES-E-BES
  • PAdES-E-BES with embedded timestamp.
  • PAdES-E-LTV with document timestamp

Select the signature format to be produced. For more details see the section Supported Signature Types

Note: The ISO 32000-1 based PDF signatures are verifiable in Adobe Reader 7+ and PAdES signatures based on ETSI Standard are verifiable in Adobe Reader 10+.
For more details see the section Supported Signature Types.

Create visible signature

Check this checkbox if you want to create Visible PDF Signatures. If unchecked then Invisible PDF Signatures will be created. The possible values are:

  • Use an existing blank signature field in the target document:

If the document already has a blank signature field, then the name of the signature field can be specified using this option. When ADSS Server signs a PDF document using this signing profile it will then search for this signing field and embed the signature details within that field. This is also a good way of positioning the signature in an exact location rather than just the default locations mentioned above. 

Note: Signature field names are case-sensitive so ensure you enter a valid field name as used in your documents, e.g. field1 and Field1 are not the same.


Signature Appearance

Select one of the PDF Signature Appearances already generated as mentioned in the section PDF Visible Signatures.


Target Signature Field Name

Specify the name of a blank signature field (already existing in the document). If the filed name is specified in the request then that field will be signed but if field name is missing in the document signing request then a field name mentioned in this text box will be signed. If a field name not specified in the request nor found the one specified in this text box then an error will be returned.


Use this prefix to generate the incremental field names

If this option is turned on in the Go>Sign Profile then service uses an algorithm to automatically identify a field name to be signed i.e. Go>Sign service automatically checks field name e.g. " Signature1", if it is a blank field then enforces user to sign it and if already signed then enforce user to sign another field which is "Signature2" and so on.


Note: This feature only works when SharePoint server is integrated with the Go>Sign Service.

  • Use a PDF editor to draw signature field(s) as required:

Create empty field signatures using the PDF. Sig Locations. These configurations will then be used while signing the document, ADSS Server Go>Sign Service will create the empty signature fields with field names and the signature appearance allocated to those empty signature fields. Set the PDF Signature Locations settings to create the empty signature fields with names as mentioned and located in the PDF editor. Set the Default Appearance Name which will embed the appearance and signer's details on the signature field when signed.

Embed font to be used for PDF signature appearance text objects

Optionally select the fonts used in the signature appearance to be embedded in the signed PDF document. Using this option, PDF/A compliant documents will retain PDF/A compliancy after signing. Note the following rules:

  • If you want some other font to embed then you need to put the font in the [ADSS-Server-Installation-Dir]/fonts directory and then refer it in the signature appearance designer.
  • For optimization reasons, only those characters which are used in the Signature Appearance are taken from the Font file and embedded
  • If font is already embedded in the document prior to the signing then the font is not re-embedded
  • In order to use non-English characters this option should be enabled for visible signatures so that those characters are shown properly in the signature appearance.

User signature tablet device

Enable this checkbox if you want to place the hand signature image for visible PDF signatures using signature tablet device.

Note: Only Wacom and Signotec tablet devices are supported yet.

Use a font-based hand signature image

Go>Sign Service uses these configuration to create hand signature image for the signer in case of visible signature. This option will be available only when document viewer is marked disabled.

Signature Produced At

This defines where the signature will be produced. Possible values are:

  • Server: If the Server is selected then signature will be produced on the server side by the signing service configured in Service Settings tab.
  • Client: If the Client is selected then signature will be produced by the Go>Sign applet on the client machine.
  • Mobile: If the Mobile is selected then signature will be produced on the mobile device by the Mobile signature service configured in Service Settings tab.

Signature/Document Relationship

This defines how the signature and document exist i.e. one inside the other or do they exist separately. Following options are supported for PDF signatures:

  • Enveloping
  • Detached

Note: In case of remote signing the "Signature/Document Relationship" selected in the Go>Sign Service and the Signing Service should be same i.e. if the option selected in the Go>Sign profile is "Enveloping" then the same should be configured in the Signing profile as well.  The same goes for the "Detached" signatures.

Hashing Algorithm

The selected hashing algorithm is used as part of the signature generation process. Following hashing algorithms are supported:

  • SHA1
  • SHA2 (SHA224, SHA256, SHA384, SHA512)
  • SHA3 (SHA224, SHA256, SHA384, SHA512)

Note: In case of remote signing the "Hashing Algorithm" selected in the Go>Sign Service and the Signing Service should be same i.e. if the option selected in the Go>Sign profile is "SHA256" then the same should be configured in the Signing profile as well.

Default signing reason

This defines the default signing reason that should be shown on the signature dialogue during the signing operation.

Default signing location

This defines the default signing location that should be shown on the signature dialogue during the signing operation.

Default signer's contact information

This defines the default signer's contact information that should be shown on the signature dialogue during the signing operation.

EPES Signatures

Explicit Policy Based Electronic (EPES) signature settings are only available for the PAdES Signature types. By enabling the check box Add Signature Policy Identifier, the Go>Sign profile can be used to produce (EPES) signatures where a signature policy OID, URI and user notice are added in the digital signature as specified below:


1. Signature Policy Object ID

Provide the Signature Policy OID to be added for EPES signatures


2. Signature Policy URI

Provide the Signature Policy URI to be added for EPES signatures.

If there is no Policy URI defined inside the Go>Sign profile then EPES configurations should be made in policy.properties file located at: [ADSS Installation Directory]/service/

Open this file in any text editor and enter policy OID and path to the policy document

e.g. 1.2.3.4.5 = "F:/Policy_File"

The ADSS Go>Sign Service can retrieve the signature policy document in either one of the following ways:

  • Using Policy URI defined in Go>Sign profile. The ADSS Go>Sign Service will use this policy URI to retrieve the online available policy document and its hash value will be calculated and embedded in the signed properties of the signature.
  • Using locally configured signature policy document. The ADSS Go>Sign Service will use this text file pointer to retrieve the locally saved policy document, hash and embed it in the signed properties of the signature.


3. Signature Policy User Notice

Provide the user notice to be added to the EPES signatures.

Apply certify (author) signature

Allows you to certify+sign the document and select one of the following document protection options:

  • No changes allowed:

This means that no further changes can be made to the document or its fields.

  • Form fill-in and digital signatures:

This option allows any existing forms fields to be filled and any existing signature fields to be signed.

  • Annotations, form fill-in and digital signatures:

This option allows annotations to be made on the document and any existing forms fields to be filled and any existing signature fields to be signed.

Note: If the document to be signed already has a certify signature on it then this would normally lead to an error.  This option is intelligent and ignores the request for a "certify" type of signature a standard signature is applied instead. This means that one profile can be used to sign a document multiple times - the first will be certify signed and the other signatures will be standard signatures.


See also

PDF/PAdES Hash Signing Attributes
CMS/CAdES Signing Attributes
XML/XAdES Signing Attributes
MS Office Signing Attributes