Type: | boolean |
---|---|
Inherited: | no |
Used By: | input |
See: | algorithm alias handler keypassword keystoretype location pades password reason signer timestampurl |
Causes the signature to run an ocsp and CRL verification against the Certificates at the time of signing. This step involves network traffic to several remote servers, and when used with the timestampurl attribute the result is a signature that has "long-term validation". This is only used by the input type="signature" element, and is not mandatory.
This shows how to digitally sign a document
<input type="signature" handler="acrobat6" // handler used to verify this signature keystore="file:/privatekey.jks" // URL of the keystore keystoretype="JKS-SUN" // type of keystore password="storepassword" // password to unlock the keystore alias="secretkey" // key from the keystore to use keypassword="secretkeypassword" // password to unlock the key, if required certify="nochanges" // allow no changes after signing signer="John Smith" // name to place on the signature reason="I am the author" // reason you're signing the document />
Same as the above example but showing the additional keys that might be used to create a signature with "long-term validation".
<input type="signature" handler="acrobat6" // handler used to verify this signature keystore="file:/privatekey.jks" // URL of the keystore keystoretype="JKS-SUN" // type of keystore password="storepassword" // password to unlock the keystore alias="secretkey" // key from the keystore to use keypassword="secretkeypassword" // password to unlock the key, if required signer="John Smith" // name to place on the signature reason="I am the author" // reason you're signing the document timestampurl="http://timestamp.entrust.net/TSS/RFC3161sha1TS" // URL of the RFC3161 Timestamp service pades="true" // Mark the signature as PAdES compatible ocsp="true" // Perform OCSP and CRL verification at time of signing algorithm="SHA256" // Set the digest algorithm to SHA-256 (optional). />