Configuration file allows to define the following settings:
- path to license file
- signers to be used in commands such as:
pdfsigner sign signerpdfsigner watch signerpdfsigner serve signerpdfsigner serve multiple-signerspdfsigner services
- services to be used with
pdfsigner services command
The configuration file could be in json, yaml, toml format config files.
licensePath allows to set the path to license file
The config file should contain multiple signers as an array.
name - name of the signer, to allow identify the signer for the commands and by consumers of the Web API.
type - type of the signer, allowed settings "pem" or "pksc11"
PEM specific settings:
crtPath - path to certificate file
keyPath - path to private key file
PKSC11 specifc settings:
libPath - path to library
pass - password
signature settings are provided inside signData.signature section
certType - defines certificate type. Allowed values:
1- Approval signature2- Certification signature (requires docmdp)3- Usage Rights signature4- TimeStamp signature
docmdp - defines certification signature restrictions:
1- No changes allowed2- Allow form filling and signatures3- Allow form filling, signatures and annotations
TSA settings (optional):
tsaUrl - URL of Time Stamping Authority
tsaUsername - TSA authentication username
tsaPassword - TSA authentication password
signature information settings are provided inside signData.signature.info section
name - name of the person creating signature
location - location of the person creating signature
reason - reason why the signature is created
contactInfo - contact finformation
Services setting is used only for pdfsigner services command.
The config file should contain multiple services as an array.
name - name of the service
validateSignature - defines weather to validate or not signature after sign, allowed values are: true and false
type - type of the service, allowed values are: watch and serve
Watch specific setting:
signer - signer name
in - folder to watch
out - folder where signed files going to be stored
Serve specific setting:
signers - array of signer names
addr - address to serve on
port - port to serve on
# Main configuration
licensePath: ./pdfsigner.lic
# Common signature settings (anchor)
.signature_defaults: &signature_defaults
docMDP: 1
certType: 1
# Common signature info (anchor)
.signature_info_defaults: &signature_info_defaults
name: Company Name
location: New York
reason: Document approval
contactInfo: support@example.com
# Services Configuration
services:
watch_incoming:
type: watch
signer: company_cert # Reference to the signer configuration below
in: ./incoming # Where to look for new PDFs
out: ./signed # Where to put signed PDFs
validateSignature: true # Verify signature after signing
api_endpoint:
type: serve
signers:
- company_cert # List of allowed signers
addr: 127.0.0.1 # Listen address
port: 3000 # Listen port
validateSignature: true
# Signers Configuration
signers:
company_cert:
type: pem
crtPath: /path/to/certificate.crt
keyPath: /path/to/private.key
crtChainPath: /path/to/chain.pem
signData:
signature:
<<: *signature_defaults # Reuse common signature settings
info:
<<: *signature_info_defaults # Reuse common info settings
hardware_token:
type: pkcs11
libPath: /usr/lib/softokn3.so
pass: token_password
crtChainPath: /path/to/chain.pem
signData:
signature:
<<: *signature_defaults # Reuse common signature settings
info:
name: Hardware Token
location: Secure Element
reason: Secure signing
contactInfo: security@company.com
Usage:
pdfsigner services --config config.example.yaml