@qrcommunication/gigapdf-lib — SDK API reference - v0.110.3
    Preparing search index...

    Interface SignLtvOptions

    Options for GigaPdfDoc.signLtv — a PAdES long-term validation signature: a B-T signature, then a /DSS (Document Security Store) carrying the certificate chain + OCSP/CRL revocation material the host fetched (B-LT), optionally finished with a document timestamp over the whole file (B-LTA).

    Extends SignTsaOptions: the B-T signature is produced exactly as GigaPdfDoc.signTimestamped, then the LTV material is added. The OCSP/CRL URLs come from the certificates, so the host fetches them — supply revocationFetch/crlFetch to add auth, proxies, or an SSRF allow-list (the engine only computes which URLs to fetch).

    interface SignLtvOptions {
        name?: string;
        reason?: string;
        date?: string;
        location?: string;
        contactInfo?: string;
        tsaUrl: string;
        tsaFetch?: (
            req: Uint8Array,
            url: string,
        ) => Promise<Uint8Array<ArrayBufferLike>>;
        p12?: Uint8Array<ArrayBufferLike>;
        password?: string;
        random?: Uint8Array<ArrayBufferLike>;
        keyBits?: number;
        notBefore?: string;
        notAfter?: string;
        nonce?: Uint8Array<ArrayBufferLike>;
        archiveTimestamp?: boolean;
        revocationFetch?: (
            req: Uint8Array,
            url: string,
        ) => Promise<Uint8Array<ArrayBufferLike>>;
        crlFetch?: (url: string) => Promise<Uint8Array<ArrayBufferLike>>;
    }

    Hierarchy (View Summary)

    Index

    Properties

    name?: string

    /Name — human-readable signer name.

    reason?: string

    /Reason — why the document is being signed.

    date?: string

    /M — signing time as a PDF date string, e.g. D:20260616120000Z.

    location?: string

    /Location — physical or logical signing location.

    contactInfo?: string

    /ContactInfo — how to reach the signer.

    tsaUrl: string

    TSA endpoint URL, e.g. "https://freetsa.org/tsr".

    tsaFetch?: (
        req: Uint8Array,
        url: string,
    ) => Promise<Uint8Array<ArrayBufferLike>>

    Optional override for the TSA round trip — lets the host add auth headers, proxies, retries, and apply its own SSRF allow-list (the engine only emits the request; the URL is host-supplied). Receives the TimeStampReq DER and the URL, must resolve to the raw TimeStampResp bytes. When omitted, defaultTsaPost POSTs application/timestamp-query via fetch.

    p12?: Uint8Array<ArrayBufferLike>

    PKCS#12 identity bytes. Omit to sign with a generated self-signed ID.

    password?: string

    PKCS#12 passphrase.

    random?: Uint8Array<ArrayBufferLike>

    Self-signed path: ≥ 256 bytes from crypto.getRandomValues.

    keyBits?: number

    Self-signed path: RSA modulus size in bits (default 2048).

    notBefore?: string

    Self-signed path: certificate notBefore, UTCTime YYMMDDHHMMSSZ.

    notAfter?: string

    Self-signed path: certificate notAfter, UTCTime YYMMDDHHMMSSZ.

    nonce?: Uint8Array<ArrayBufferLike>

    Optional 8–16 random bytes echoed by the TSA (request/response correlation).

    archiveTimestamp?: boolean

    Add a B-LTA document timestamp over the whole file (DSS included) after the DSS. Requires a second TSA round trip. Default false (B-LT only).

    revocationFetch?: (
        req: Uint8Array,
        url: string,
    ) => Promise<Uint8Array<ArrayBufferLike>>

    Override the OCSP round trip — receives the DER OCSPRequest and the responder URL, must resolve to the raw OCSPResponse bytes. When omitted, defaultOcspPost POSTs application/ocsp-request via fetch. Throw to skip an unreachable responder (the DSS is built from whatever succeeds).

    crlFetch?: (url: string) => Promise<Uint8Array<ArrayBufferLike>>

    Override the CRL fetch — receives the CRL distribution-point URL, must resolve to the raw CertificateList (CRL) bytes. When omitted, defaultCrlGet GETs the URL. Throw to skip an unreachable CRL.