You can attach digital signatures to .dwg files and validate a .dwg file’s digital signature. A digital signature indicates who the file came from and the file’s state when the digital signature was created, and validation confirms this information.
Attaching digital signatures
To attach a digital signature, you should have a Digital Certificate (Digital ID) issued from a recognized vendor. The Certification Authority (CA) generally issues a PFX file and password which are required to register in a certificate store. Additionally, you need to install a root CA certificate as trusted.
To install Digital Certificates on Microsoft® Windows® use the Certificate Import Wizard from the Certificates tool that can be accessed via the Internet Options (Control Panel\Internet Options\Content\Certificates\Import...).
The Certificates tool can also be accessed from most Internet browsers. For example, in Internet Explorer® (Tools\Internet Options\Content\Certificates).
In Mozilla® Firefox® you can also use a Certificate Import Wizard (Tools\Preferences\Advanced\Certificates) to import certificates.
To use Digital signature on Mac/Linux and other Unix-based operating systems organize your local certificate store. The certificate store should be a folder with following structure:
On this scheme:
ca-bundle.pem— file containing root certificates of the trusted Certification Authority.MyCert.crt— file containing the personal Digital Certificate in PEM format with no key.MyPrivatKey.pem— file containing a private key of your personal Digital Certificate.
To register certificates in the operating system, add a new environment
variable named SSLBaseDir containing path to your local
certificate store. For example:
/Users/user1/MyCertStore
After registering certificates in a store, you can sign .dwg files using the Drawings SDK.
First of all, the DbCryptModule extension module must be
initialized as follows.
//load DbCryptModule
::odrxDynamicLinker()->loadModule(DbCryptModuleName);
To sign a drawing while saving it, first set the corresponding
parameters to an object of the OdSecurityParams class and use the
OdDbDatabase::setSecurityParams() method to pass the parameters
to the database you want to save. The OdSecurityParams class has
the following members:
| Member | Description |
|---|---|
| OdUInt32 nFlags | Flags that indicate the operation and can have the following values:
|
| OdPassword password | User password. |
| OdUInt32 nProvType | ID of the cryptography provider. |
| OdString provName | Name of the cryptography provider. |
| OdUInt32 nAlgId | ID of the algorithm. |
| OdUInt32 nKeyLength | Encryption key length. |
| OdString sCertSubject | Certificate subject name. |
| OdString sCertIssuer | Certificate issuer name. |
| OdString sCertSerialNum | Certificate serial number. |
| OdString sComment | User comment. |
| OdString sTimeServer | Time server name. |
For example:
// Create an object of security parameters class
OdSecurityParams secParam;
// Create some parameters
OdString certSubject, certIssuer, certSerialNum, commentString;
// Set the data to the variables
certSubject = L"sect";
certIssuer = L"ADMIN";
certSerialNum = L"00b75e4531ff033982";
commentString = L"Test sign";
// Set the data to the security parameters object
secParam.sCertSubject = certSubject;
secParam.sCertIssuer = certIssuer;
secParam.sCertSerialNum = certSerialNum;
secParam.sComment = commentString;
secParam.nFlags = SECURITYPARAMS_SIGN_DATA|SECURITYPARAMS_ADD_TIMESTAMP;
// Apply security parameters to the database
pDb->setSecurityParams(secParam);
Note: If the SECURITYPARAMS_ADD_TIMESTAMP
flag is set and no time server is specified by the sTimeServer
property of the corresponding OdSecurityParams instance,
time from a local computer will be taken for a digital signature time stamp.
After these actions, open a target stream for reading and writing:
OdString filePath = L"C:\DWG\Example.dwg";
OdStreamBufPtr pTargetFileBuf = createFile(filePath, (Oda::FileAccessMode)(Oda::kFileRead | Oda::kFileWrite),
Oda::kShareDenyReadWrite, Oda::kCreateAlways);
And then call the OdDbDatabase::writeFile() method:
pDb->writeFile(pTargetFileBuf, OdDb::kDwg, OdDb::vAC27);The certificate parameters you set to the OdSecurityParams
fields must correspond to the certificate for which a complete certificate
chain can be built (the chain from your certificate to the root certificate).
To obtain the parameters of a suitable certificate, your custom application
should use the OdCryptoServices::getPersonalCertsWithTrustedStatus()
method. See the related source code of the following sample
applications for details:
- OdDwgSignEx — Digital Signature Sample for Windows (Drawing\Examples\win\OdDwgSignEx).
- OdSignEx — Digital Signature Sample (Drawing\Examples\OdSignEx).
Note: The OdCryptoServices class
provides the interface to the core functionality of ODA Cryptography Services
(Kernel\Include\OdCryptoServices).
Validating digital signatures
To validate a digital signature attached to a drawing file, use the corresponding global function:
OdResult validateDrawingSignature(const OdString& drawingFullPath,
OdCryptoServices::OdSignatureVerificationResult& verificationResult,
OdSignatureDescription& signatureDesc);
Where:
drawingFullPath— a full path to the drawing file.verificationResult— the verification result.signatureDesc— a data structure which the signature description data is placed into.
The function returns the verification result and fills the
OdSignatureDescription fields.
The verification result can be one of the following:
OdCryptoServices::kSuccess— The digital signature is valid.OdCryptoServices::kHasNoSignature— The drawing has no signature.OdCryptoServices::kBadSignature— Bad signature.OdCryptoServices::kCertificateChainProblem— A problem with one of the certificates in the chain.
Also, it returns one of the following OdResult values:
eOk— The verification process completed without errors, andverifResultMsgcontains the verification result.eCantOpenFile— Can't open the drawing file specified bydrawingFullPath.eInvalidInput— The drawing file has a version for which the verification process cannot be performed.
For example:
OdCryptoServices::OdSignatureVerificationResult validationRes;
OdSignatureDescriptionData sigData;
OdResult res;
res = validateDrawingSignature(filePath, validationRes, sigData);
See the related source code of the following sample applications for details:
- OdDwgSignEx — Digital Signature Sample for Windows (Drawing\Examples\win\OdDwgSignEx).
- OdSignEx — Digital Signature Sample (Drawing\Examples\OdSignEx).
OdDwgSignEx sample application and related source code
The OdDwgSignEx sample application works with the digital signature API and is available on the Windows platform.
To start the sample, first import your certificates in a store as described above. The next pictures illustrate how to use the OdDwgSignEx sample to attach and validate a digital signature for a .dwg file.
OdSignEx sample application and related source code
OdSignEx is a CLI cross-platform sample application that works with the ODA Drawings digital signature API and is available on most platforms, including Windows, Linux and MacOS.
Before using the sample, make sure your local certificate storage is properly configured and contains all needed certificates and keys as described above. To run the application, provide a full path of a .dwg file as a parameter, and then follow prompts to attach or validate a digital signature of the file.
The next picture illustrates how to use the OdSignEx sample to attach a digital signature to a .dwg file.
The next picture illustrates how to use the OdSignEx sample to validate a digital signature of a .dwg file.
