ABCpdf .NET PDF Component Documentation - Signature DocumentSecurityStorePolicy Property. Indicates the desired format of the Validation Related Information (VRI) to be added to the Document Security Store (DSS) for long-term validation of the signature.

DocumentSecurityStorePolicy Property

Type	Default Value	Read Only	Description
[C#] `RevocationCheckingPolicy` [Visual Basic] `RevocationCheckingPolicy`	RevocationCheckingPolicy.PreferOCSP	No	Indicates the desired format of the Validation Related Information (VRI) to be added to the Document Security Store (DSS) for long-term validation of the signature.

Notes

This property only has meaning when adding long-term validation information to a signature such as when you call one of the Sign methods with a CompliancePades level of PAdES_B_LT or PAdES_B_LTA; or when using the AddLongTermValidation FormOperation

Most certificates contain information on how to check for the revocation of the certificate which may be in the form of: an Online Certificate Status Protocol (OCSP) URI; and/or a Certificate Revocation Lists (CRLs) Distribution Point URI. OCSP servers provide a signed and timestamped response indicating only if the certificate has been revoked or not. CRLs however are signed lists of all certificates that have been revoked by the Certification Authority. OCSP is generally preferred for its succintness.

The RevocationCheckingPolicy enumeration can take one of the following values:

PreferOCSP - if a certificate contains an OCSP URI in the Authority Info Access extension, just use that response to indicate non-revocation. If the OCSP query fails for some reason then attempt CRL checking instead.
PreferCRL - Where the certificate contains a CRL URI in the CRL Distribution Points extension of the certificate. If that call fails then fall back to OCSP checking.
PreferOCSPAndCRL - attempt to add OCSP responses and CRL where the appropriate URIs are available within the certificate.

For an overview of long-term validation and the Document Security Store see Annex A.1 in ETSI TS 102 778-4 V1.1.1.

ABCpdf always creates a VRI dictionary in the DSS for the signature.

Example

The following example shows how to prefer CRLs and include a timestamp when adding long-term validation for a PAdES_B_LT signature.

[C#]
using(Doc doc = new Doc()) { doc.Read("BlankSignature.pdf"); Signature sig = (Signature)doc.Form.Fields["Signature1"]; sig.Reason = "Final Version"; sig.Location = "New York"; sig.CompliancePades = Signature.PadesLevel.PAdES_B_LT; sig.DocumentSecurityStorePolicy = Signature.RevocationCheckingPolicy.PreferCRL; // Prefer CRLs - could make the file much larger. sig.TimestampServiceUrl = new Uri("http://timestamp.digicert.com"); // Setting a Timestamp URI will add a timestamp to the VRI dictionary. X509Certificate2 cert = new X509Certificate2("certificate.p12", "1234", X509KeyStorageFlags.Exportable); sig.Sign(cert, null, new Oid(CryptoConfig.MapNameToOID("SHA256"))); doc.Save("SignedDoc.pdf"); }
[Visual Basic]
Dim doc As Doc = New Doc() doc.Read("BlankSignature.pdf") Dim sig As Signature = CType(doc.Form.Fields("Signature1"), Signature) sig.Reason = "Final Version" sig.Location = "New York" sig.CompliancePades = Signature.PadesLevel.PAdES_B_LT sig.DocumentSecurityStorePolicy = Signature.RevocationCheckingPolicy.PreferCRL ' Prefer CRLs - could make the file much larger. sig.TimestampServiceUrl = New Uri("http://timestamp.digicert.com") ' Setting a Timestamp URI will add a timestamp to the VRI dictionary. Dim cert As X509Certificate2 = New X509Certificate2("certificate.p12", "1234", X509KeyStorageFlags.Exportable) sig.Sign(cert, Nothing, New Oid(CryptoConfig.MapNameToOID("SHA256"))) doc.Save("SignedDoc.pdf")