PEM
webPDF uses the PEM format to use an individual certificate (public key) together with the private key for the digital signature when calling the Signature web service.
PEM (originally "Privacy Enhanced Mail") is the most common format for X.509 certificates and cryptographic keys. A PEM file is a text file containing one or more elements in BASE64 ASCII encoding. The structure is clearly organized by plain text headers and footers.
-----BEGIN CERTIFICATE-----
...
... <BASE64> ...
...
-----END CERTIFICATE-----
A single PEM file can contain a single certificate, a private key, or multiple certificates that form a complete certificate chain. PEM files are usually stored with .crt, .pem, .cer, and .key (for private keys) extensions.
webPDF currently supports passing X.509 certificates, public and private keys (encrypted and unencrypted) using a PEM file.
webPDF currently supports only private keys based on the RSA cryptosystem.
Below are some examples of supported headers and footers in the PEM file:
Certificates
...
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
...
Public keys
...
-----BEGIN PUBLIC KEY-----
...
-----END PUBLIC KEY-----
...
Private keys and key pairs
...
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA KEY-----
...
...
-----BEGIN ENCRYPTED PRIVATE KEY-----
...
-----END ENCRYPTED KEY-----
...
...
-----BEGIN ENCRYPTED PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,1E87EA600D9065EEB8CA7FB87DBF5870
...
-----END ENCRYPTED KEY-----
...
There can be any number of entries in a PEM file in any order. When reading the content, webPDF maps the certificates, public and private keys to each other.
Transfer during web service call
The contents of the PEM file can be passed as parameters when accessing the "Signature" web service to digitally sign a PDF document with a certificate and associated private key.