@qrcommunication/gigapdf-lib — SDK API reference - v0.110.3
    Preparing search index...

    Interface SignTsaOptions

    Options for GigaPdfDoc.signTimestamped — a PAdES-B-T signature with an RFC 3161 trusted timestamp embedded in the SignerInfo (ETSI.CAdES.detached subfilter, signing-certificate-v2 signed attribute, id-aa-timeStampToken unsigned attribute).

    The signing identity is either an imported PKCS#12 (p12 + password) or, if p12 is omitted, a freshly generated self-signed digital ID (random + notBefore/notAfter).

    interface SignTsaOptions {
        name?: string;
        reason?: string;
        date?: string;
        location?: string;
        contactInfo?: string;
        tsaUrl: string;
        tsaFetch?: (
            req: Uint8Array,
            url: string,
        ) => Promise<Uint8Array<ArrayBufferLike>>;
        p12?: Uint8Array<ArrayBufferLike>;
        password?: string;
        random?: Uint8Array<ArrayBufferLike>;
        keyBits?: number;
        notBefore?: string;
        notAfter?: string;
        nonce?: Uint8Array<ArrayBufferLike>;
    }

    Hierarchy (View Summary)

    Index

    Properties

    name?: string

    /Name — human-readable signer name.

    reason?: string

    /Reason — why the document is being signed.

    date?: string

    /M — signing time as a PDF date string, e.g. D:20260616120000Z.

    location?: string

    /Location — physical or logical signing location.

    contactInfo?: string

    /ContactInfo — how to reach the signer.

    tsaUrl: string

    TSA endpoint URL, e.g. "https://freetsa.org/tsr".

    tsaFetch?: (
        req: Uint8Array,
        url: string,
    ) => Promise<Uint8Array<ArrayBufferLike>>

    Optional override for the TSA round trip — lets the host add auth headers, proxies, retries, and apply its own SSRF allow-list (the engine only emits the request; the URL is host-supplied). Receives the TimeStampReq DER and the URL, must resolve to the raw TimeStampResp bytes. When omitted, defaultTsaPost POSTs application/timestamp-query via fetch.

    p12?: Uint8Array<ArrayBufferLike>

    PKCS#12 identity bytes. Omit to sign with a generated self-signed ID.

    password?: string

    PKCS#12 passphrase.

    random?: Uint8Array<ArrayBufferLike>

    Self-signed path: ≥ 256 bytes from crypto.getRandomValues.

    keyBits?: number

    Self-signed path: RSA modulus size in bits (default 2048).

    notBefore?: string

    Self-signed path: certificate notBefore, UTCTime YYMMDDHHMMSSZ.

    notAfter?: string

    Self-signed path: certificate notAfter, UTCTime YYMMDDHHMMSSZ.

    nonce?: Uint8Array<ArrayBufferLike>

    Optional 8–16 random bytes echoed by the TSA (request/response correlation).