5 Replies Latest reply on Aug 31, 2011 1:30 PM by roggeheflin

    Certify a Document using a Windows Digital ID in the Certificate Store

    roggeheflin

      How does one reference or use an installed certificate (*.pfx) in the Windows Certificate Store rather than using a certificate on a hard drive?

       

      Control Panel -> Internet Properties -> Content (tab) -> Certificates -> Trusted Root Certification Authorities

      Acrobat -> Menu Bar -> Advanced -> Security Settings... -> Digital IDs -> Windows Digital IDs

       

      Snippit:

      var myEngine = security.getHandler("Adobe.PPKLite");
      myEngine.login("PassWord", "/C/MyCert.pfx"); // use certificate in teh store, no on the drive

       

       

       

       

       

      if (typeof strVersion == "undefined") var strVersion = "1.0.2";                   // 2011.08.01

      if (typeof cerSolomon == "undefined") var cerSolomon = {};

       

          cerS.sigUserPwd = "";

          cerS.sigDigitalIDPath = "/C/RoggeHeflin.pfx";

          cerS.sigFieldname = "Signature";

          cerS.sigReason = "This document has been digitally signed by MyCompany.";

          cerS.sigLegal = "© 2011 MyCompany.";

          cerS.sigLocation = "Dallas, Texas, USA";

          cerSsigContactInfo = "www.MyCompany.com";

       

          cerS.MPDValue = "allowNone";

          cerS.sigHandlerName = "Adobe.PPKLite";

          cerS.TimeStamp = "http://tsa.starfieldtech.com/";

       

      function CertifyDocument()

      {

          if (typeof curDoc == "undefined") var curDoc = this;

          if (typeof sigField == "undefined") var sigField = curDoc.addField(cerS.sigFieldname, "signature", 0, [0, 0, 0, 0]);

          CertifyDoc(sigField, cerS);

      };

       

      ////////////////////////////////////////////////////////////////////////////////////////// /////////

       

      // Trusted Functions

       

      if (typeof CertifyDoc == "undefined")

      var CertifyDoc = app.trustedFunction(function (SignatureField, CertificateInfo)

          {

              app.beginPriv();

              var myEngine = security.getHandler(CertificateInfo.sigHandlerName);

              myEngine.login(CertificateInfo.sigUserPwd, CertificateInfo.sigDigitalIDPath);

              SignatureField.signatureSign(

                  {

                      oSig: myEngine,

                      bUI: 1,

                      cLegalAttest: CertificateInfo.sigLegal,

                      oInfo: {

                          password: CertificateInfo.sigUserPwd,

                          reason: CertificateInfo.sigReason,

                          location: CertificateInfo.sigLocation,

                          contactInfo: CertificateInfo.sigContactInfo,

                          timeStamp: CertificateInfo.TimeStamp,

                          mdp: CertificateInfo.MPDValue

                      }

                  }

              );

              app.endPriv();

          }

      );

        • 1. Re: Certify a Document using a Windows Digital ID in the Certificate Store
          Steven.Madwin Adobe Employee

          Hi roggeheflin,

           

          I know it's not what you want to hear, but when using JavaScript to create a digital signature, the digital ID must be in the P12/PFX file on disk. You cannot get access to the digital IDs stored in the Windows Certificate Store.

           

          Steve

          1 person found this helpful
          • 2. Re: Certify a Document using a Windows Digital ID in the Certificate Store
            roggeheflin Level 1

            Steve,

            thanks for the response.  that is acceptable.  I can keep the certificate in a "secure" place on the server.

            -r

            • 3. Re: Certify a Document using a Windows Digital ID in the Certificate Store
              roggeheflin Level 1

              now what if one has logged into a DigitalId file? Acrobat 9.0 Pro Ext Menu Bar -> Advanced -> Security Settings... -> Digital ID Files

               

              How does one reference a logged into a DigitalId file?

               

              (I am trying to avoid placing the password in plain text in a JavaScript file.)

              • 4. Re: Certify a Document using a Windows Digital ID in the Certificate Store
                Steven.Madwin Adobe Employee

                You can omit the password if the file's Password Timeout is set to Never Expire. See http://livedocs.adobe.com/acrobat_sdk/9.1/Acrobat9_1_HTMLHelp/JS_API_AcroJS.88.758.html for notes on this.

                 

                Steve

                • 5. Re: Certify a Document using a Windows Digital ID in the Certificate Store
                  roggeheflin Level 1

                  the following is returned in the JS debugger:

                   

                  [ Creation of this signature could not be completed. ] -> [ You have not selected a valid digital ID. Try again. ]

                   

                  Here is my code... I think LoginParams needs to be adjusted to use an already-logged-into digital id.  When the PW and fulle root (\c\roggeheflind(sa).pfx) is supplied then the certification/encryptions works... the two requirements I have are 1) avoid have the PW in code, 2) not entering the PW each time (this is part of a batch sequence)

                   

                   

                      var myEngine = security.getHandler(CertificateInfo.sigHandlerName);
                  
                  //    var policyOptions = {
                  //        cHandler: security.PPKLiteHandler,
                  //        cTarget: "RoggeHeflin(SA).pfx"
                  //    };
                  
                  //    var policyArray = security.getSecurityPolicies(
                  //        {
                  //            oOptions: policyOptions
                  //        }
                  //        );
                  
                  //    var LoginParams = {
                  //        oEndUserSignCert: policyArray
                  //    };
                  
                      var LoginParams = {
                          cDIPath: CertificateInfo.sigDigitalIDPath,
                          cPassword: CertificateInfo.sigUserPwd
                      };
                  
                      // Login into the security hander (*.pfx file)
                      myEngine.login(
                          {
                              oParams: LoginParams,
                              bUI: 0
                          }
                          );
                  
                      // Set the properties for the signature
                      var SignatureInfo = {
                          reason: CertificateInfo.sigReason,
                          location: CertificateInfo.sigLocation,
                          contactInfo: CertificateInfo.sigContactInfo,
                          timeStamp: CertificateInfo.TimeStamp,
                          mdp: CertificateInfo.MPDValue,
                          digestMethod: CertificateInfo.Hash
                      };
                  
                      // Certify and save the document
                      SignatureField.signatureSign(
                          {
                              oSig: myEngine,
                              bUI: 0,
                              cLegalAttest: CertificateInfo.sigLegal,
                              oInfo: SignatureInfo
                          }
                          );