External CMS Signer Properties
The External CMS Signer signs the hash of the data and produce CMS signature that is PAdES compatible. You can embed the CMS signature into the PDF file. This is useful when the complete PDF document cannot be completely send for signature processing and you want to sign only the hash of the document (network bandwidth optimization, sensitive information protection, etc.). When the External CMS is embedded into the PDF file, the signature is visible in the PDF viewer and is PAdES compliant.
See the Common Properties for configuration options of the AdES Signer.
The implementation class of the External CMS Signer is:
com.czertainly.signserver.module.pades.signer.cms.ExternalCMSSigner
It contains the integration with the DSS framework and extends the Worker interface of the SignServer. If you want to use the External CMS Signer, you must specify this property. The External CMS Signer will check the basic configuration properties of SIGNATURE_LEVEL that can be one of the following values: PADES_BASELINE_B or PADES_BASELINE_T.
When PADES_BASELINE_T is used, the External CMS Signer will need to have configured properties for the TSA.
Metadata
The External CMS Signer requires the following metadata to be set for each request:
CLIENTSIDE_HASHDIGESTALGORITHM: Specifies the digest algorithm used to digest the data provided for the hash signing.