Previous Next

                                                  701
           SECTION 8.6                                                           Interactive Forms



KEY              TYPE       VALUE

KeyUsage         array of   (Optional; PDF 1.7) An array of ASCII strings, where each string specifies an
                 ASCII      acceptable key-usage extension that must be present in the signing certificate.
                 strings    Multiple strings specify a range of acceptable key-usage extensions. The key-
                            usage extension is described in RFC 3280 (see the Bibliography).
                            Each character in a string represents a key-usage type, where the order of the
                            characters indicates the key-usage extension it represents. The first through
                            ninth characters in the array, from left to right, represent the required value for
                            the following key-usage extensions:
                               1    digitalSignature        4    dataEncipherment 7         cRLSign
                               2    non-Repudiation         5     keyAgreement        8     encipherOnly
                               3    keyEncipherment         6    keyCertSign          9     decipherOnly
                            Any additional characters are ignored. Any missing characters or characters
                            that are not one of the following values, should be set to ‘X’. The following
                            character values are supported:
                               0          Corresponding key-usage must not be set.
                               1          Corresponding key-usage must be set.
                               X          State of the corresponding key-usage does not matter.
                            For example, the string values ‘1’ and ‘1XXXXXXXX’ represent settings where the
                            key-usage type digitalSignature must be set and the state of all other key-usage
                            types do not matter.
                            The value of the corresponding flag in the Ff entry indicates whether this is a
                            required constraint.

Issuer           array      (Optional) An array of byte strings containing DER-encoded X.509v3 certifi-
                            cates of acceptable issuers. If the signer’s certificate chains up to any of the
                            specified issuers (either directly or indirectly), the certificate is considered ac-
                            ceptable for signing. The value of the corresponding flag in the Ff entry indi-
                            cates whether this is a required constraint.

OID              array      (Optional) An array of byte strings that contain Object Identifiers (OIDs) of
                            the certificate policies that must be present in the signing certificate. An exam-
                            ple of such a string is (2.16.840.1.113733.1.7.1.1). This field is only applicable if
                            the value of Issuer is not empty. The certificate policies extension is described
                            in RFC 3280 (see the Bibliography). The value of the corresponding flag in the
                            Ff entry indicates whether this is a required constraint.

Previous Next