SetSignProcessDigestAlgorithm
Security and Signatures
Description
Selects the message-digest algorithm used during signing. ETSI EN 319 142-1 v1.2.1 clause 6.2.1 forbids MD5 and defers to ETSI TS 119 312 for the recommended cryptographic suites; SHA-256 or stronger is the modern minimum.
Algorithm codes:
| 0 | Auto. SHA-1 is used only for the legacy adbe.pkcs7.sha1 SubFilter to preserve historical bytes; every other SubFilter (adbe.pkcs7.detached, ETSI.CAdES.detached, custom) defaults to SHA-256. |
|---|---|
| 1 | SHA-1 (deprecated; use only for compatibility with legacy validators). |
| 2 | SHA-256 (recommended default for PAdES-B-B and CMS detached signatures). |
| 3 | SHA-384. |
| 4 | SHA-512. |
The chosen algorithm is reflected in the SignerInfo.digestAlgorithm OID inside the PKCS#7 / CMS payload that goes into /Contents: 2.16.840.1.101.3.4.2.1 for SHA-256, 2.16.840.1.101.3.4.2.2 for SHA-384, 2.16.840.1.101.3.4.2.3 for SHA-512 (RFC 5754), or 1.3.14.3.2.26 for SHA-1 (legacy).
Syntax
Delphi
function TPDFlib.SetSignProcessDigestAlgorithm(SignProcessID, DigestAlgorithm: Integer): Integer;Parameters
| SignProcessID | Value returned by one of the NewSignProcessFrom* functions. |
|---|---|
| DigestAlgorithm | Algorithm code 0..4 as documented above. Returns 0 for any other value. |
Returns
1 on success, 0 if the process id is invalid or the algorithm code is out of range.