PTVerificationOptions

@interface PTVerificationOptions : NSObject

Options pertaining to digital signature verification.

  • Constructs a set of options for digital signature verification.

    Declaration

    Objective-C

    - (instancetype)initWithImpl:(void *)impl;

    Swift

    init!(impl: UnsafeMutableRawPointer!)

    Parameters

    level

    – the general security level to use. Sets other security settings internally.

  • Undocumented

    Declaration

    Objective-C

    - (instancetype)initWithLevel: (PTVerificationOptionsSecurityLevel)level;
  • Adds a certificate to the store of trusted certificates inside this options object.

    Declaration

    Objective-C

    - (void)AddTrustedCertificateWithBuf:(NSData *)in_certificate_buf
                             in_buf_size:(unsigned long)in_buf_size;

    Swift

    func addTrustedCertificate(withBuf in_certificate_buf: Data!, in_buf_size: UInt)

    Parameters

    in_certificate_buf

    – a buffer consisting of the data of an X.509 public-key certificate encoded in binary DER (Distinguished Encoding Rules) format, or in PEM (appropriate Privacy-Enhanced Mail header+Base64 encoded DER+appropriate footer) format

    in_buf_size

    – buffer size

  • Adds a certificate to the store of trusted certificates inside this options object, by loading it from a file.

    Declaration

    Objective-C

    - (void)AddTrustedCertificateWithFilePath:(NSString *)in_filepath;

    Swift

    func addTrustedCertificate(withFilePath in_filepath: String!)

    Parameters

    in_filepath

    – a path to a file containing the data of an X.509 public-key certificate encoded in binary DER (Distinguished Encoding Rules) format, or in PEM (appropriate Privacy-Enhanced Mail header+Base64 encoded DER+appropriate footer) format.

  • Bulk trust list loading API. Attempts to decode the input data as binary DER and trust multiple trusted root certificates from it. Compatible with Acrobat’s .P7C format, which is a variation on PKCS #7/CMS that only contains certificates (i.e. no CRLs, no signature, etc.). If a certificate cannot be decoded, this is ignored and an attempt is made to decode the next certificate.

    Declaration

    Objective-C

    - (void)AddTrustedCertificates:
                (NSData *)in_P7C_binary_DER_certificates_file_data
                           in_size:(unsigned long)in_size;

    Swift

    func addTrustedCertificates(_ in_P7C_binary_DER_certificates_file_data: Data!, in_size: UInt)

    Parameters

    in_P7C_binary_DER_certificates_file_data

    – the P7C-format bulk certificate data, encoded in binary DER (Distinguished Encoding Rules).

    in_size

    – the size of the data, in bytes.

  • Sets a flag that can turn on or off the verification of the permissibility of any modifications made to the document after the signing of the digital signature being verified, in terms of the document and field permissions specified by the digital signature being verified.

    Declaration

    Objective-C

    - (void)EnableModificationVerification:(BOOL)in_on_or_off;

    Swift

    func enableModificationVerification(_ in_on_or_off: Bool)

    Parameters

    in_on_or_off

    – A boolean.

  • Sets a flag that can turn on or off the verification of the digest (cryptographic hash) component of a digital signature.

    Declaration

    Objective-C

    - (void)EnableDigestVerification:(BOOL)in_on_or_off;

    Swift

    func enableDigestVerification(_ in_on_or_off: Bool)

    Parameters

    in_on_or_off

    – A boolean.

  • Sets a flag that can turn on or off the verification of the trust status of a digital signature.

    Declaration

    Objective-C

    - (void)EnableTrustVerification:(BOOL)in_on_or_off;

    Swift

    func enableTrustVerification(_ in_on_or_off: Bool)

    Parameters

    in_on_or_off

    – A boolean.

  • Enables/disables online CRL revocation checking. The default setting is for it to be turned off, but this may change in future versions.

    Note

    CRL checking is off by default because the technology is inherently complicated and resource-intensive, but may help improve verification rate when files are verified against a recent reference-time (e.g. maximum security mode), because online CRLs will be valid within that time. This mode will not be useful for old archival-type (‘LTV’) documents verified in archiving-and-compatibility security mode, because their online OCSP and/or CRL responder servers may not be alive anymore. However, such LTV documents can be created (if the CRL responder servers are still active) by enabling online checking, verifying, and then embedding the data using DigitalSignatureField.EnableLTVOfflineVerification.

    Declaration

    Objective-C

    - (void)EnableOnlineCRLRevocationChecking:(BOOL)in_on_or_off;

    Swift

    func enableOnlineCRLRevocationChecking(_ in_on_or_off: Bool)

    Parameters

    in_on_or_off

    – what setting to use

  • Enables/disables online OCSP revocation checking. The default setting is for it to be turned on.

    Declaration

    Objective-C

    - (void)EnableOnlineOCSPRevocationChecking:(BOOL)in_on_or_off;

    Swift

    func enableOnlineOCSPRevocationChecking(_ in_on_or_off: Bool)

    Parameters

    in_on_or_off

    – what setting to use.

  • Enables/disables all online revocation checking modes. The default settings are that online OCSP is turned on and online CRL is turned off, but the default CRL setting may change in future versions.

    Note

    CRL checking is off by default because the technology is inherently complicated and resource-intensive, but may help improve verification rate when files are verified against a recent reference-time (e.g. maximum security mode), because online CRLs will be valid within that time. This mode will not be useful for old archival-type (‘LTV’) documents verified in archiving-and-compatibility security mode, because their online OCSP and/or CRL responder servers may not be alive anymore. However, such LTV documents can be created (if the CRL responder servers are still active) by enabling online checking, verifying, and then embedding the data using DigitalSignatureField.EnableLTVOfflineVerification.

    Declaration

    Objective-C

    - (void)EnableOnlineRevocationChecking:(BOOL)in_on_or_off;

    Swift

    func enableOnlineRevocationChecking(_ in_on_or_off: Bool)

    Parameters

    in_on_or_off

    – what setting to use