Drawings SDK Developer Guide > Working with .dwg Files > Working with Digital Signatures
Working with Digital Signatures in a .dwg File

You can attach digital signatures to .dwg files and validate a .dwg file’s digital signature. A digital signature indicates who the file came from and the file’s state when the digital signature was created, and validation confirms this information.

Attaching digital signatures

To attach a digital signature, you should have a Digital Certificate (Digital ID) issued from a recognized vendor. The Certification Authority (CA) generally issues a PFX file and password which are required to register in a certificate store. Additionally, you need to install a root CA certificate as trusted.

To install Digital Certificates on Microsoft® Windows® use the Certificate Import Wizard from the Certificates tool that can be accessed via the Internet Options (Control Panel\Internet Options\Content\Certificates\Import...).

The Certificates tool can also be accessed from most Internet browsers. For example, in Internet Explorer® (Tools\Internet Options\Content\Certificates).

In Mozilla® Firefox® you can also use a Certificate Import Wizard (Tools\Preferences\Advanced\Certificates) to import certificates.

To use Digital signature on Mac/Linux and other Unix-based operating systems organize your local certificate store. The certificate store should be a folder with following structure:

On this scheme:

  • ca-bundle.pem — file containing root certificates of the trusted Certification Authority.
  • MyCert.crt — file containing the personal Digital Certificate in PEM format with no key.
  • MyPrivatKey.pem — file containing a private key of your personal Digital Certificate.

To register certificates in the operating system, add a new environment variable named SSLBaseDir containing path to your local certificate store. For example:

/Users/user1/MyCertStore

After registering certificates in a store, you can sign .dwg files using the Drawings SDK.

First of all, the DbCryptModule extension module must be initialized as follows.


//load DbCryptModule
::odrxDynamicLinker()->loadModule(DbCryptModuleName);

To sign a drawing while saving it, first set the corresponding parameters to an object of the OdSecurityParams class and use the OdDbDatabase::setSecurityParams() method to pass the parameters to the database you want to save. The OdSecurityParams class has the following members:

Member Description
OdUInt32 nFlags Flags that indicate the operation and can have the following values:

SECURITYPARAMS_ENCRYPT_DATA  = 0x00000001
SECURITYPARAMS_ENCRYPT_PROPS = 0x00000002
SECURITYPARAMS_SIGN_DATA     = 0x00000010
SECURITYPARAMS_ADD_TIMESTAMP = 0x00000020
SECURITYPARAMS_ALGID_RC4     = 0x00006801
OdPassword password User password.
OdUInt32 nProvType ID of the cryptography provider.
OdString provName Name of the cryptography provider.
OdUInt32 nAlgId ID of the algorithm.
OdUInt32 nKeyLength Encryption key length.
OdString sCertSubject Certificate subject name.
OdString sCertIssuer Certificate issuer name.
OdString sCertSerialNum Certificate serial number.
OdString sComment User comment.
OdString sTimeServer Time server name.

For example:


// Create an object of security parameters class
OdSecurityParams secParam;

// Create some parameters
OdString certSubject, certIssuer, certSerialNum, commentString;

// Set the data to the variables
certSubject = L"sect";
certIssuer = L"ADMIN";
certSerialNum = L"00b75e4531ff033982";
commentString = L"Test sign";

// Set the data to the security parameters object
secParam.sCertSubject = certSubject;
secParam.sCertIssuer = certIssuer;
secParam.sCertSerialNum = certSerialNum;
secParam.sComment = commentString;
secParam.nFlags = SECURITYPARAMS_SIGN_DATA|SECURITYPARAMS_ADD_TIMESTAMP;

// Apply security parameters to the database
pDb->setSecurityParams(secParam);

Note: If the SECURITYPARAMS_ADD_TIMESTAMP flag is set and no time server is specified by the sTimeServer property of the corresponding OdSecurityParams instance, time from a local computer will be taken for a digital signature time stamp.

After these actions, open a target stream for reading and writing:


OdString filePath = L"C:\DWG\Example.dwg";
OdStreamBufPtr pTargetFileBuf = createFile(filePath, (Oda::FileAccessMode)(Oda::kFileRead | Oda::kFileWrite),
                                           Oda::kShareDenyReadWrite, Oda::kCreateAlways);

And then call the OdDbDatabase::writeFile() method:

pDb->writeFile(pTargetFileBuf, OdDb::kDwg, OdDb::vAC27);

The certificate parameters you set to the OdSecurityParams fields must correspond to the certificate for which a complete certificate chain can be built (the chain from your certificate to the root certificate). To obtain the parameters of a suitable certificate, your custom application should use the OdCryptoServices::getPersonalCertsWithTrustedStatus() method. See the related source code of the following sample applications for details:

  • OdDwgSignEx — Digital Signature Sample for Windows (Drawing\Examples\win\OdDwgSignEx).
  • OdSignEx — Digital Signature Sample (Drawing\Examples\OdSignEx).

Note: The OdCryptoServices class provides the interface to the core functionality of ODA Cryptography Services (Kernel\Include\OdCryptoServices).

Validating digital signatures

To validate a digital signature attached to a drawing file, use the corresponding global function:


OdResult validateDrawingSignature(const OdString& drawingFullPath,
  OdCryptoServices::OdSignatureVerificationResult& verificationResult, 
  OdSignatureDescription& signatureDesc);

Where:

  • drawingFullPath — a full path to the drawing file.
  • verificationResult — the verification result.
  • signatureDesc — a data structure which the signature description data is placed into.

The function returns the verification result and fills the OdSignatureDescription fields.

The verification result can be one of the following:

  • OdCryptoServices::kSuccess — The digital signature is valid.
  • OdCryptoServices::kHasNoSignature — The drawing has no signature.
  • OdCryptoServices::kBadSignature — Bad signature.
  • OdCryptoServices::kCertificateChainProblem — A problem with one of the certificates in the chain.

Also, it returns one of the following OdResult values:

  • eOk — The verification process completed without errors, and verifResultMsg contains the verification result.
  • eCantOpenFile — Can't open the drawing file specified by drawingFullPath.
  • eInvalidInput — The drawing file has a version for which the verification process cannot be performed.

For example:


OdCryptoServices::OdSignatureVerificationResult validationRes;
OdSignatureDescriptionData sigData;
OdResult res;
res = validateDrawingSignature(filePath, validationRes, sigData);

See the related source code of the following sample applications for details:

  • OdDwgSignEx — Digital Signature Sample for Windows (Drawing\Examples\win\OdDwgSignEx).
  • OdSignEx — Digital Signature Sample (Drawing\Examples\OdSignEx).

OdDwgSignEx sample application and related source code

The OdDwgSignEx sample application works with the digital signature API and is available on the Windows platform.

To start the sample, first import your certificates in a store as described above. The next pictures illustrate how to use the OdDwgSignEx sample to attach and validate a digital signature for a .dwg file.

OdSignEx sample application and related source code

OdSignEx is a CLI cross-platform sample application that works with the ODA Drawings digital signature API and is available on most platforms, including Windows, Linux and MacOS.

Before using the sample, make sure your local certificate storage is properly configured and contains all needed certificates and keys as described above. To run the application, provide a full path of a .dwg file as a parameter, and then follow prompts to attach or validate a digital signature of the file.

The next picture illustrates how to use the OdSignEx sample to attach a digital signature to a .dwg file.

The next picture illustrates how to use the OdSignEx sample to validate a digital signature of a .dwg file.

See Also

Digital Signature Sample

Digital Signature Sample for Windows

Copyright © 2002 – 2021. Open Design Alliance. All rights reserved.