Help web extraparams en US - ctt-gob-es/clienteafirma GitHub Wiki

Configuration properties of signature formats

Signatures CAdES

The configuration properties supported by CAdES signatures are listed below. Some of these options may have no effect in signing cases where they do not apply, such as in the case of counter-signatures.

    >
  • mode:
    • >
    • explicit:The resulting signature will not include the signed data. If the mode parameter is not specified, this behavior is automatically configured.
    • implicit:The resulting signature will not include the signed data. The resulting signature will internally include a copy of the signed data. Using this value could generate large signatures. In cosignatures, this parameter will be ignored if the data was already contained in the original signature or if the data is not provided.
  • contentTypeOid:
    • >
    • Identifier of the type of data signed.
  • contentDescription:
    • >
    • Textual description of the type of data signed.
  • policyIdentifier:
    • >
    • Signature policy identifier, needed to generate CAdES-EPES signatures.
  • policyIdentifier Hash:
    • >
    • Base Chain 64 with signature policy fingerprint. It is mandatory to indicate this parameter if policyIdentifier was also indicated, as it is also mandatory to give value to the policyIdentifier HashAlgorithm parameter.
  • policyIdentifier HashAlgorithm:
    • >
    • SHA1: Indicates that the fingerprint indicated in the policyIdentifier Hash parameter was calculated by the SHA1 algorithm.
    • SHA-256: Indicates that the fingerprint indicated in the policyIdentifier Hash parameter was calculated by the SHA-256 algorithm.
    • SHA-384: Indicates that the fingerprint indicated in the policyIdentifier Hash parameter was calculated by the SHA-384 algorithm.
    • SHA-512: Indicates that the fingerprint indicated in the policyIdentifier Hash parameter was calculated by the SHA-512 algorithm.
  • policyQualifier:
    • >
    • URL accessible to the document (usually PDF) that contains a textual description of the signing policy. This parameter is optional even if you want to generate CAdES-EPES signatures.
  • SelectSignningCertificate:
    • >
    • true:Indicates that only the signer's certificate should be included in the signature.
    • false:Indicates that the entire certification chain of the signing certificate should be included in the signature. Default value.
  • policyQualifier:
    • >
    • URL accessible to the document (usually PDF) that contains a textual description of the signing policy. This parameter is optional even if you want to generate CAdES-EPES signatures.
  • firmProductionCity:
    • >
    • Add to the signature a field with the city in which the signature is made. The encoding must be UTF-8.
  • firmProductionPostalCode:
    • >
    • Add to the signature a field with the postal code where the signature is made. The encoding must be UTF-8.
  • firmProductionCountry:
    • >
    • Add a field to the signature with the country in which the signature is made. The encoding must be UTF-8.
  • signerOnRoles:
    • >
    • Add fields to the signature with the charges attributed to the signer. The charges should be separated with the "|" character (and this cannot be in the text itself of any charge).
  • disentTypeIndications:
    • >
    • Number of RelationshipTypeIndications to be declared. These are the reasons that are stated for the signature. The particular values are specified with both disclaimer TypeIndicationnIdentifier and disclaimer TypeIndicationnDescription, where ‘n’ goes from 0 to the value indicated in this property minus 1.
  • discTypeIndicationnIdentifier:
    • >
    • 1:Sets the number n (counting from zero) Disclaimer to be "Proof of Origin".
    • 2:Sets the number n (counting from zero) Disclaimer to "Receipt test".
    • 3:States that the number n (counting from zero) is "Proof of Delivery".
    • 4:Sets the n-number (counting from zero) PresenceTypeIndications to be "Test Submission".
    • 5:States that the number n (counting from zero) is "Approval test".
    • 6:Sets the number n (counting from zero) Disclaimer to be "Creation test".
  • discounttypeIndicationnDiscounttypeQualifiers:
    • >
    • List of textual indicators separated by the '|' character that are provided as additional qualifiers of the ExperienceTypeIndication number n (optional attribute). They are usually OID. The items in the list cannot contain the '|' character (as this is used as a separator).
  • discTypeIndicationnIdentifier:
    • >
    • true:The ⦅⦆ CertificateV2 attribute will be included in the signature.
    • false (or other value): The ⦅⦆ Certificate attribute will be included in the signature.
    • Unspecified: The signature will be included if the signature uses a SHA1 signature algorithm and if the signature uses a SHA1 signature algorithm and if the signature uses a SHA1 signature algorithm.

Signatures XAdES

The configuration properties supported by the XAdES signatures are listed below. Some of these options may have no effect in signing cases where they do not apply, such as in the case of counter-signatures.

    >
  • insertEnvelopedFirmOnNodeByXPath:
    • >
    • XPath expression (v1) indicating the node under which the signature node is to be inserted in the case of an Enveloped signature. If the expression returns more than one node, only the first one is used. If the expression does not return nodes or is poorly constructed, an exception will be thrown. This parameter only has effect on Enveloped signatures.
  • useManifest:
    • >
    • true: Use an XMLDSig Manifest with the signature references instead of signing these references directly. It is ignored in the co-signing operation. This allows the destination check and fingerprints of the references to be optional.
    • false: Generates the signatures normally, without Manifest (default behavior).
  • urin:
    • >
    • URI that refers to the data that is desired to be signed within a manifest signature. ‘n’ indicates the reference number of those to be signed, starting with ‘1’.
  • pre HashAlgorithm:
    • >
    • SHA1: Indicates that fingerprints of the data referenced in the manifest were calculated by the SHA1 algorithm.
    • SHA-256: Indicates that fingerprints of the data referenced in the manifest were calculated by the SHA-256 algorithm.
    • SHA-384: Indicates that fingerprints of the data referenced in the manifest were calculated by the SHA-284 algorithm.
    • SHA-512: Indicates that fingerprints of the data referenced in the manifest were calculated by the SHA-512 algorithm.
  • mdn:
    • >
    • Base 64 with the fingerprint of the data associated with the reference ‘n’. The fingerprint algorithm will be the one indicated in HashAlgorithm
  • mimetypen:
    • >
    • MIME-Type of the data associated with the reference ‘n’ in a manifest signature. If this parameter is not indicated, the ‘application/octet-stream’ type will be used.
  • contentTypeOidn:
    • >
    • OID or URN of the signed datatype for reference number ‘n’ in a manifest signature. This parameter is complementary (not exclusive) to the parameter mimetypen.
  • encodingn:
    • > Encoding the data associated with reference number ‘n’ in a manifest signature. Incorrect use of this parameter may result in the generation of an invalid signature.
  • addKeyInfoKeyValue:
    • >
    • true: Includes the KeyValue node within XAdES KeyInfo (default behavior).
    • false: Does not include the KeyValue node within XAdES KeyInfo.
  • addKeyInfoKeyName:
    • >
    • true: Includes the KeyName node within XAdES KeyInfo.
    • false: Does not include the KeyName node within XAdES KeyInfo (default behavior).
  • avoidXpathExtraTransformsOnEnveloped:
    • >
    • true: Avoids the inclusion of the XPATH2 transformation that is usually added to enable cosignatures and that removes all signatures from the document to leave only the content. WARNING: Co-signing a document in which at least one of the signatures does not include the XPATH transformation will result in a signature document that will potentially be incorrectly validated by the signature validators. For this reason, only the use of this parameter is allowed in the signing operation (not the co-signing operation).
    • false: Includes XPATH2 transformation enables co-signatures by removing all signatures from the document to leave only the content (default behavior).
  • format:
    • >
    • XAdES Enveloping: Generates signatures in Enveloping format. This is the format that is used by default when none is indicated.
    • XAdES Enveloped: Generate signatures in Enveloped format.
    • XAdES Detached: Generates signatures in Internally Detached format.
    • XAdES Externally Detached:Generates signatures in Externally Detached format.
  • SelectSignningCertificate:
    • >
    • true: Indicates that only the signer's certificate should be included in the signature.
    • false: Indicates that the entire certification chain of the signing certificate should be included in the signature. Default value.
  • policyIdentifier:
    • >
    • Signature policy identifier (usually a URL to the policy in processible XML format), needed to generate XAdES-EPES signatures.
  • policyIdentifier Hash:
    • >
    • Base Chain 64 with signature policy fingerprint. It is mandatory to indicate this parameter if policyIdentifier was also indicated, as it is also mandatory to give value to the policyIdentifier HashAlgorithm parameter.
  • policyIdentifier HashAlgorithm:
    • >
    • SHA1: Indicates that the fingerprint indicated in the policyIdentifier Hash parameter was calculated by the SHA1 algorithm.
    • SHA-256: Indicates that the fingerprint indicated in the policyIdentifier Hash parameter was calculated by the SHA-256 algorithm.
    • SHA-384: Indicates that the fingerprint indicated in the policyIdentifier Hash parameter was calculated by the SHA-384 algorithm.
    • SHA-512: Indicates that the fingerprint indicated in the policyIdentifier Hash parameter was calculated by the SHA-512 algorithm.
  • policyQualifier:
    • >
    • URL accessible to the document (usually PDF) that contains a textual description of the signing policy. This parameter is optional even if you want to generate XAdES-EPES signatures.
  • policyDescription:
    • >
    • Textual description of the signature policy. In the event that an XML is signed, the encoding of the used text must conform to the signed XML. This parameter is optional even if you want to generate XAdES-EPES signatures.
  • signerOnRoles:
    • >
    • Add fields to the signature with the charges attributed to the signer. The charges must be separated with the "|" character (and this cannot be in the text itself of any charge). In the event that an XML is signed, the encoding of the used text must conform to the signed XML.
  • firmProductionCity:
    • >
    • Add to the signature a field with the city in which the signature is made. In the event that an XML is signed, the encoding of the used text must conform to the signed XML.
  • firmProductionProvince:
    • >
    • Add to the signature a field with the province in which the signature is made. In the event that an XML is signed, the encoding of the used text must conform to the signed XML.
  • firmProductionPostalCode:
    • >
    • Add to the signature a field with the postal code in which the signature is made. In the event that an XML is signed, the encoding of the used text must conform to the signed XML.
  • firmProductionCountry:
    • >
    • Add a field to the signature with the country in which the signature is made. In the event that an XML is signed, the encoding of the used text must conform to the signed XML.
  • DigestMethod:
    • >
    • http://www.w3.org/2000/09/xmldsig#sha1:Uses the SHA1 algorithm to compute fingerprints of signed XML references.
    • http://www.w3.org/2001/04/xmlenc#sha256:Uses the SHA-256 algorithm to compute fingerprints of signed XML references.
    • http://www.w3.org/2001/04/xmlenc#sha512:Uses the SHA-512 algorithm to compute fingerprints of signed XML references. This is the default behavior.
  • mimeType:
    • >
    • MIME-Type of the data to be signed. If this parameter is not indicated, the system tries to self-detect the type, setting the closest one (which may not be the strictly correct one).
  • encoding:
    • >
    • URI with the encoding of the data to be signed (see the documentation of the Object element of XMLDSig for more information). An incorrect use of this parameter can lead to the generation of an invalid signature. If previously encoded data to be signed is provided in Base64 but is desired to be considered as its decoded form, this value must be set to http://www.w3.org/2000/09/xmldsig#base64 and the actual type specified in the mimeType parameter. For example, to sign a PNG image by having the signature refer to its direct binary form, the image directly encoded in Base64 can be provided with the encoding as http://www.w3.org/2000/09/xmldsig#base64 and the mimeType as image/png. The value should always be a URI.
  • outputXmlEncoding:
    • >
    • Encoding the output XML. If this value is not indicated, try to auto-detect from the input XML (if the data to be signed is an XML).
  • contentTypeOid:
    • >
    • OID or URN type OID with the identifier of the type of data signed. This parameter is complementary (not exclusive) to the parameter mimeType.
  • canonicalizationAlgorithm:
    • >
    • http://www.w3.org/TR/2001/REC-xml-c14n-20010315:XML is signed with inclusive XML 1.0 canonization (default value).
    • http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments:XML is signed with inclusive XML 1.0 canonization with comments.
    • http://www.w3.org/2001/10/xml-exc-c14n#: The XML is signed with exclusive XML 1.0 canonization.
    • http://www.w3.org/2001/10/xml-exc-c14n#WithComments: The XML is signed with exclusive XML 1.0 canonization with comments.
  • xadesNamespace:
    • >
    • http://uri.etsi.org/01903/v1.3.2#:XAdES namespace definition URL corresponding to XAdES version 1.3.2. This is the default value.
    • http://uri.etsi.org/01903/v1.4.1#:XAdES namespace definition URL corresponding to XAdES version 1.4.1. If you set this parameter you may also need to set the signedPropertiesTypeUrl parameter to avoid inconsistencies in the XAdES version.
  • signedPropertiesTypeUrl:
    • >
    • http://uri.etsi.org/01903#SignedProperties:Signed Properties type definition URL of XAdES. This is the default value.
    • http://uri.etsi.org/01903/1.3.2#SignedProperties:Signed Properties type definition URL of XAdES v1.3.2.
    • http://uri.etsi.org/01903/1.4.1#SignedProperties:Signed Properties type definition URL of XAdES v1.4.1. If this parameter is set, the xadesNamespace parameter may also need to be set to avoid inconsistencies in the XAdES version.
  • ⦅⦆ StyleSheets:
    • >
    • true: If you sign an XML with stylesheets, ignore them by leaving them unsigned.
    • false: If you sign an XML with stylesheets, also sign the stylesheets (default value, refer to additional notes on stylesheets signing).
  • avoidBase64Transforms:
    • >
    • true: Does not declare Base64 transformations even if they are needed.
    • false: Declares Base64 transformations when the data to be signed in Base64 has been encoded internally (default value).
  • headless:
    • >
    • true: Prevents additional graphical dialogs from being displayed to the user (such as for referencing style sheets linked to relative paths).
    • false: Allows additional graphical dialogs to be displayed to the user.
  • xmlTransforms:
    • >
    • Number of transformations to apply to signed content. The same number of xmlTransformnType parameters should be indicated later, replacing n with a consecutive ordinal, starting with 0 (see additional notes on indication of additional transformations).
  • xmlTransformnType:
    • >
    • http://www.w3.org/2000/09/xmldsig#base64: Indicates that the data provided for signing is already encoded in Base64 and this additional transformation must be declared so that it is decoded before signing. This Base64 transformation is in addition to the transformation needed to pass the data through the AutoSign signature methods.
    • http://www.w3.org/TR/1999/REC-xpath-19991116:Content must be processed by this XPATH transformation before being signed. only applies when signing XML content.
    • http://www.w3.org/2002/06/xmldsig-filter2:Content must be processed by this XPATH2 transformation before being signed. only applies when signing XML content.
  • xmlTransformnSubtype:
    • >
    • Transformation subtype n. Accepted values and their functionalities depend on the value indicated in xmlTransformnType.
  • xmlTransformnBody:
    • >
    • Body of transformation n. Accepted values and their functionalities depend on the values indicated in xmlTransformnType and xmlTransformnSubtype.
  • nodeToSign:
    • >
    • Node identifier (set by the "Id" attribute) to be signed within an XML.
  • disentTypeIndications:
    • >
    • Number of RelationshipTypeIndications to be declared. These are the reasons that are stated for the signature. The particular values are specified with both diskTypeIndicationnIdentifier and diskTypeIndicationnDescription, where ‘n’ goes from 0 to the minus 1 value indicated in this property.
  • discTypeIndicationnIdentifier:
    • >
    • 1:Sets the number (counting from zero) to be "Proof of origin".
    • 2:Sets the number (counting from zero) to "Proof of receipt".
    • 3:Sets the number (counting from zero) to "Proof of Delivery".
    • 4:Sets the number (counting from zero) to "Sending test".
    • 5:States that the number n (counting from zero) is "Approval test".
    • 6:Sets the number (counting from zero) to the number (counting from zero) to be "Creation test".
  • discTypeIndicationnDescription:
    • >
    • Sets the description of the number n RangeTypeIndications. This attribute is optional.
  • discTypeIndicationnDocumentation References:
    • >
    • List of URLs separated by the '|' character that are provided as documentary references of the RelationshipTypeIndication number n (optional attribute). The URLs in the list cannot contain the '|' character (as this is used as a separator).
  • discounttypeIndicationnDiscounttypeQualifiers:
    • >
    • List of textual indicators separated by the '|' character that are provided as additional qualifiers of the RelationshipTypeIndication number n (optional attribute). They are usually OID. The items in the list cannot contain the '|' character (as this is used as a separator).

Signatures Electronic Invoice

The configuration properties supported by electronic invoice signatures (Invoice E) are listed below.

    >
  • firmProductionCity:
    • >
    • Add to the signature a field with the city in which the signature is made. In the event that an XML is signed, the encoding of the used text must conform to the signed XML.
  • firmProductionProvince:
    • >
    • Add to the signature a field with the province in which the signature is made. In the event that an XML is signed, the encoding of the used text must conform to the signed XML.
  • firmProductionPostalCode:
    • >
    • Add to the signature a field with the postal code in which the signature is made. In the event that an XML is signed, the encoding of the used text must conform to the signed XML.
  • firmProductionCountry:
    • >
    • Add a field to the signature with the country in which the signature is made. In the event that an XML is signed, the encoding of the used text must conform to the signed XML.
  • xadesNamespace:
    • >
    • XAdES namespace definition URL (the use of this parameter may condition the XAdES version statement). If you set this parameter you may also need to set the signedPropertiesTypeUrl parameter to avoid inconsistencies in the XAdES version.
  • signedPropertiesTypeUrl:
    • >
    • URL definition of the type of the signed properties (Signed Properties) of XAdES. If you set this parameter, you may also need to set the xadesNamespace parameter to avoid inconsistencies in the XAdES version. If it is not set, the default value is used: http://uri.etsi.org/01903#SignedProperties.
  • signerOnRoles:
    • >
    • issuer:Declares that the signer is the issuer of the invoice. This is the default value.
    • receiver:Declares that the signer is the recipient of the invoice.
    • third:Declares that the signer is a third party with respect to the invoice.
    • supplier:Declares that the signer is the issuer of the invoice.
    • customer:Declares that the signer is the recipient of the invoice.
    • third party:Declares that the signer is a third party with respect to the invoice.
  • policyIdentifier:
    • >
    • http://www.facturae.es/politica_de_firma_formato_facturae/politica_de_firma_formato_facturae_v3_1.pdf:Signature policy identifier 3.1. This is the default value.
  • policyIdentifier Hash:
    • >
    • Ohixl6upD6av8N7pEvDABhEL6hM=:Fingerprint to configure signing policy 3.1. This is the default value.
  • policyIdentifier HashAlgorithm:
    • >
    • SHA1: Indicates that the fingerprint indicated in the policyIdentifier Hash parameter was calculated by the SHA1 algorithm.
    • SHA-256: Indicates that the fingerprint indicated in the policyIdentifier Hash parameter was calculated by the SHA-256 algorithm.
    • SHA-384: Indicates that the fingerprint indicated in the policyIdentifier Hash parameter was calculated by the SHA-384 algorithm.
    • SHA-512: Indicates that the fingerprint indicated in the policyIdentifier Hash parameter was calculated by the SHA-512 algorithm.

Signatures PAdES

The configuration properties supported by the PAdES signatures are listed below.

    >
  • SelectSignningCertificate:
    • >
    • true: Indicates that only the signer's certificate should be included in the signature.
    • false: Indicates that the entire certification chain of the signing certificate should be included in the signature. Default value.
  • alwaysCreateRevision:
    • >
    • true: You will always create a revision when signing. Requires the document to meet the PDF 1.7 specification (ISO 32000-1:2008)
    • false: It will not create revision in the first signature and yes in the following ones.
  • firmField:
    • >
    • Name of the pre-existing signature field in which to insert the signature.
  • firmPages:
    • >
    • Indicates the pages where the signature should be visible.
    • Supports the following values:
      • >
      • all: To indicate that the visible signature appears on all pages of the document, you must give this value.
      • append: If the visible signature should appear on a new blank page added at the end of the document, it should be given this value.
      • Page or page listing: This option allows you to select the page or range of pages where the signature will appear Visible. If you want to indicate a page or several pages where you can print the visible signature, it is possible to indicate page by page with one comma separation (1,4,7: Stamped on pages 1, 4 and 7) or indicating a range of pages through a hyphen (1-8: Stamped on pages from 1 to 8). As explained in the previous paragraph, it is allowed to indicate the pages with a negative value, where it will start from the end (1,-1: It will be printed on the first and last page).
  • firmPositionOnPageLowerLeftX:
    • > Integer with the horizontal coordinate from the bottom left corner of the page to the bottom left corner of the visible signature field.
  • firmPositionOnPageLowerLeftY:
    • > Integer with the vertical coordinate from the bottom left corner of the page to the bottom left corner of the visible signature field.
  • firmPositionOnPageUpperRightX:
    • >
    • Integer with horizontal coordinate from the bottom left corner of the page to the top right corner of the visible signature field.
  • firmPositionOnPageUpperRightY:
    • > Integer with the vertical coordinate from the bottom left corner of the page to the top right corner of the visible signature field.
  • RubricImage:
    • >
    • File path with the JPEG image of the image to be displayed apply in the visible PDF signature. The Base 64 of the image can also be indicated directly.
  • layer2Text:
    • >
    • Text to display in the visible signature field.
  • layer2FontFamily:
    • >
    • 0: Visible signature text will be displayed with Courier font. This is the default value.
    • 1: Visible signature text will be displayed with Helvetic font.
    • 2: Visible signature text will be displayed with Times Roman font.
    • 3: Visible signature text will be displayed with Symbol font.
    • 4: Visible signature text will be displayed with ZapfDingBats font.
  • layer2FontSize:
    • >
    • Visible signature text font size.
  • layer2FontStyle:
    • >
    • 0: Signature text visible without style. Default value.
    • 1: Signature text visible in bold.
    • 2: Signature text visible in italics.
    • 4: Signature text visible underlined.
    • 8: Visible signature text crossed out.
  • layer2FontColor:
    • >
    • black: Signature text visible without style. Default value.
    • white: The visible signature text will be white.
    • gray: The visible signature text will be gray.
    • lightGray: The visible signature text will be light gray.
    • darkGray: The visible signature text will be dark gray.
    • red: The visible signature text will be red.
    • pink: The visible signature text will be pink.
  • obfuscatCertText:
    • >
    • true: The user identifiers extracted from the CN or DN of the certificate and displayed in the visible signature PDF are obfuscated. The data of the pseudonym certificates is not obfuscated. This is the default value.
    • false: Certificate information is not obfuscated.
  • obfuscationMask:
    • >
    • Obfuscation criteria of user identifiers in visible signatures PDF. It should show the following pattern:
      • character;lengthDigits;positions;offset
    • In this pattern:
      • >
      • character: Is the character to use to obfuscate characters.
      • length Digits: Minimum number of digits a text string must have to be considered to be obfuscated.
      • positions: List of positions indicating which characters should be displayed. The listing is expressed as a string of true/false separated by commas (','), where true indicates that the character should be displayed and false that it does not.
      • offset: Indicates whether the offset of mask positions is supported to show all the characters indicated (true) or whether this should be respected (false).
  • displaySignature:
    • >
    • default: Visible PDF signature will be performed if parameters have been provided with the signature area and page. This is the default value.
    • want: The user must select the visible signature area. If you cancel the process:
      • > If the request also includes the visible signature area parameters (position and page), those parameters will be used and the signature process will continue.
      • If the request does not include visible signature area parameters, the signing process will be canceled.
    • optional: The user will be able to choose whether or not to include the visible signature area. If you cancel the process:
      • > If the request also includes the visible signature area parameters (position and page), those parameters will be used and the signature process will continue. If the request does not include the visible signature area parameters, a non-visible signature will be performed.
  • displayAppearance:
    • >
    • default: The default appearance will be applied for the visible PDF signature or, if the appearance parameters were provided, the configured appearance. This is the default value.
    • custom: The user can choose the appearance of the visible signature. If you cancel the process, the default appearance will be used.
  • firmRotation:
    • >
    • 0: Does not rotate the signature field text. This is the default value.
    • 90: Rotate the signature field text 90 degrees clockwise. Any signature image settings will be ignored.
    • 180: Rotate the signature field text 180 degrees clockwise. Any signature image settings will be ignored.
    • 270: Rotate 270 degrees clockwise the signature field text. Any signature image settings will be ignored.
  • Include questionMark:
    • >
    • true: Allow the PDF reader to display next to the visible signature a mark indicating the result obtained by validating it. The appearance of this brand completely depends on the PDF reader used and it is this one that decides if it is displayed. For example, the mark might not be displayed when a background image is defined in the signature.
    • false: Does not allow to display the mark with the result of the validation. This is the default value.
  • image:
    • >
    • Path of the JPEG image file to insert into the document before signing it. The Base 64 of the image can also be indicated directly. This parameter can only be used in the first signature of the document.
  • imagePage:
    • >
    • PDF document page number on which to insert the image.
    • 0: Insert into all pages
    • -1: Insert image on last page.
  • imagePositionOnPageLowerLeftX:
    • > Integer with the horizontal coordinate from the bottom left corner of the page to the bottom left corner of the image.
  • imagePositionOnPageLowerLeftY:
    • > Integer with the vertical coordinate from the bottom left corner of the page to the bottom left corner of the image.
  • imagePositionOnPageUpperRightX:
    • >
    • Integer with horizontal coordinate from the bottom left corner of the page to the top right corner of the image.
  • imagePositionOnPageUpperRightY:
    • >
    • Integer with vertical coordinate from the bottom left corner of the page to the top right corner of the image.
  • attach:
    • >
    • Path of the file with the content to be added as an attachment to the PDF. The Database 64 of the data may also be indicated directly. Requires you to set attachFileName.
  • attachFileName:
    • >
    • Name of the one to assign to the attached file.
  • attachDescription:
    • >
    • Description of the attached document.
  • certificlevel:
    • >
    • 0: Uncertified signature. This would be an approval signature. It is the default value.
    • 1: Certified author signature. After this type of certified signature, no subsequent changes to the document are allowed (you cannot add signatures, or fill out forms).
    • 2: Certified author signature for forms. After this type of certified signature, only the filling of the form fields is allowed (signatures cannot be added).
    • 3: Common certified signature. After this type of certified signature, only the filling of the form fields and the creation of approval signatures are allowed.
  • compressPdf:
    • >
    • true: Compresses the signed PDF to take up less size. It only applies if it is a PDF v4 or higher. This is the default value.
    • false: Never compress the signed PDF.
  • pdfVersion:
    • >
    • 2: The output PDF version is declared to be 1.2.
    • 3: The output PDF version is declared to be 1.3.
    • 4: The output PDF version is declared to be 1.4.
    • 5: The output PDF version is declared to be 1.5.
    • 6: The output PDF version is declared to be 1.6.
    • 7: The output PDF version is declared to be 1.7.
  • firmSubFilter:
    • >
    • Subfilter declared. By default, the basic signatures (adbe.pkcs7.detached) are used. The string "ETSI.CAdES.detached" can be used to create BES signatures.
  • signReason:
    • >
    • Reason why the signature is made.
  • firmProductionCity:
    • >
    • City in which the signature is made.
  • signerContact:
    • >
    • Contact information of the signer.
  • signerOnRoles:
    • >
    • List of roles declared by the signer (separated by "|").
  • policyIdentifier:
    • >
    • Signature policy identifier (usually a URL to the policy in processible XML format), needed to generate XAdES-EPES signatures.
  • policyIdentifier Hash:
    • >
    • Text Base 64 with signature policy fingerprint. It is mandatory to indicate this parameter if the value indicated in policyIdentifier is not universally accessible. If this parameter is given value it is also mandatory to give value to the policyIdentifier HashAlgorithm parameter.
  • policyIdentifier HashAlgorithm:
    • >
    • SHA1: Indicates that the fingerprint indicated in the policyIdentifier Hash parameter was calculated by the SHA1 algorithm.
    • SHA-256: Indicates that the fingerprint indicated in the policyIdentifier Hash parameter was calculated by the SHA-256 algorithm.
    • SHA-384: Indicates that the fingerprint indicated in the policyIdentifier Hash parameter was calculated by the SHA-384 algorithm.
    • SHA-512: Indicates that the fingerprint indicated in the policyIdentifier Hash parameter was calculated by the SHA-512 algorithm.
  • policyQualifier:
    • >
    • URL to the document containing a textual description of the signing policy.
  • ownerPassword:
    • >
    • PDF opening password. Signing encrypted PDF documents with certificates or AES-256 algorithm is not supported.
  • headless:
    • >
    • true: Does not interrupt the signing process by requesting user interaction.
    • false: Shows dialogs to the user if he requires his authorization or some additional data to sign. This is the default value.
  • allowFirmPdfs:
    • >
    • true: Allows signing of certified PDF documents. The result could invalidate previous signatures of the PDF.
    • false: Creates an error when signing certified PDF documents.
    • Omitted: In case of detecting that the input PDF document is certified, the user will be warned that the signature could invalidate previous signatures and will be allowed to choose whether to sign or cancel the operation.
  • allowFirmPdfs:
    • >
    • true: Allows signing of certified PDF documents. The result could invalidate previous signatures of the PDF.
    • false: Creates an error when signing certified PDF documents.
    • Omitted: In case of detecting that the input PDF document is certified, the user will be warned that the signature could invalidate previous signatures and will be allowed to choose whether to sign or cancel the operation.
  • allowCo⦅⦆ Unregistered Signatures:
    • >
    • true: Allows you to sign PDF documents with previously unregistered signatures.
    • false: Does not allow signing PDF documents with previously unregistered signatures.
  • ⦅⦆ CertificateV2:
    • >
    • true: The attribute Certificate V2 is used in signatures.
    • false: The attribute of the signing is used.
    • Omitted: We use the attribute ⦅⦆ CertificateV1 in the signatures SHA1withRSA and SHA1withCertificate V2 in the rest.
  • signReservedSize:
    • >
    • Maximum size in bytes of the signature to be incorporated into the PDF. By default, 27000.
  • ⦅⦆ CertificateV2:
    • >
    • true: The attribute Certificate V2 is used in signatures.
    • false: The attribute of the signing is used.
    • Omitted: We use the attribute ⦅⦆ CertificateV1 in the signatures SHA1withRSA and SHA1withCertificate V2 in the rest.
  • allowShadowAttack:
    • >
    • true: PDF Shadow Attack check will not be performed during validation of previous signatures.
    • false: The PDF Shadow Attack check will be performed during the validation of the previous signatures and, if detected, the signature will be given as invalid.
    • Omitted: The PDF Shadow Attack check will be carried out during the validation of the previous signatures and, if detected, the user will be consulted if the operation should continue.
  • allowModified Form:
    • >
    • true: No change check will be performed on the document forms or PDF Shadow Attack during validation of previous signatures.
    • false: Changes will be checked on the document forms during the validation of the previous signatures and, if detected, the signature will be given as invalid.
    • Omitted: Changes to the document forms will be checked during the validation of the previous signatures and, if detected, the user will be consulted if the operation should continue.
⚠️ **GitHub.com Fallback** ⚠️