Type Default Value Read Only Description

[Visual Basic]
ValidationFlags.UseOCSPResponses | ValidationFlags.UseOnlineCRLs | ValidationFlags.UseTimestamp No Flags specifying what resources to use when validating the signing certificate chain for the signature.




This property specifies what information to enter into the Document Security Store (DSS) and Validation Related Information (VRI) dictionaries.

This property only has meaning when adding long-term validation information to a signature such as when you call one of the Sign methods with a CompliancePades level of PAdES_B_LT or PAdES_B_LTA.

The ValidationFlags enumeration can take a combination of the following values:

  • UseOCSPResponses - add available OCSP server responses for certificates in the signing certificate's chain. Requires an OCSP server URI to be specified in the Authority Info Access extension of the certificate(s).
  • UseOnlineCRLs - add available Certificate Revocation Lists (CRLs) obtained from a URI pecified in the CRL Distribution Points extension of the certificate(s).
  • UseTimestamp - add a timestamp authority generated timestamp (/TS) to the VRI. Requires a TimestampServiceUrl to be specified (either explicitly or in a certificate(s) extension).

By default ABCpdf adds the maximum amount of available information obtainable from the certificate chain - including both CRL and OCSP.

Unsetting UseOnlineCRLs from the default setting will likely result in smaller file sizes as CRLs can become quite large.

Setting neither UseOnlineCRLs nor UseOCSPResponses will result in an exception when a Commit or Save is performed as no revocation information can be added.

For an overview of long-term validation and the Document Security Store see Annex A.1 in ETSI TS 102 778-4 V1.1.1.




The following example shows how ignore CRLs when adding long-term validation for a PAdES_B_LT signature.

using(Doc doc = new Doc()) {
  Signature sig = (Signature)doc.Form.Fields["Signature1"];
  sig.Reason = "Final Version";
  sig.Location = "New York";
  sig.TimestampServiceUrl = new Uri("http://timestamp.digicert.com");
  sig.CompliancePades = Signature.PadesLevel.PAdES_B_LT;
  sig.LongTermValidationInfo &= ~Signature.ValidationFlags.UseOnlineCRLs; // Ignore CRLs - reduces file size
  X509Certificate2 cert = new X509Certificate2("certificate.p12", "1234", X509KeyStorageFlags.Exportable);
  sig.Sign(cert, null, new Oid(CryptoConfig.MapNameToOID("SHA256")));

[Visual Basic]
Dim doc As Doc = New Doc()
Dim sig As Signature = CType(doc.Form.Fields("Signature1"),Signature)
sig.Reason = "Final Version"
sig.Location = "New York"
sig.TimestampServiceUrl = New Uri("http://timestamp.digicert.com")
sig.Compliance = Signature.PadesLevel.PAdES_B_LT
sig.LongTermValidationInfo = sig.LongTermValidationInfo And Not ValidationFlags.UseOnlineCRLs 'Ignore CRLs
Dim cert As X509Certificate2 = New X509Certificate2("certificate.p12", "1234", X509KeyStorageFlags.Exportable)
sig.Sign(cert, Nothing, New Oid(CryptoConfig.MapNameToOID("SHA256")))