Attaching and Validating Digital Signatures for .dwg Files
September 07, 2017
With the new release of Teigha 4.3.1, you can attach digital signatures to your .dwg files and validate a .dwg file’s digital signature. A digital signature indicates who the file came from and the file’s state when the digital signature was created, and validation confirms this information.
Attaching digital signatures
To attach a digital signature, you should have a Digital Certificate (Digital ID) issued from a recognized vendor. Certification Authority (CA) generally issues a PFX file and password which is required to register in a certificate store. Additionally, you need to install a root CA certificate as trusted.
For example, on Microsoft Windows you can use the Certificate Import Wizard available in Internet Explorer (Tools\Internet Options\Content\Certificates) to import certificates.
After registering certificates in a store, you can sign .dwg files using Teigha.
To sign a drawing while saving it, first set the corresponding parameters to OdSecurityParams and use the OdDbDatabase::setSecurityParams() method to pass the parameters to the database you want to save. For example:
OdSecurityParams secParam; secParam.sCertSubject = certSubject; secParam.sCertIssuer = certIssuer; secParam.sCertSerialNum = certSerialNum; secParam.nFlags = SECURITYPARAMS_SIGN_DATA; pDb->setSecurityParams(secParam);
Right after, open a target stream for read and write:
OdStreamBufPtr pTargetFileBuf = createFile(m_drawingFilePath, (Oda::FileAccessMode)(Oda::kFileRead | Oda::kFileWrite), Oda::kShareDenyReadWrite, Oda::kCreateAlways);
And then call the OdDbDatabase::writeFile() method:
pDb->writeFile(pTargetFileBuf, OdDb::kDwg, OdDb::kDHL_CURRENT);
The certificate parameters you set to the OdSecurityParams fields must correspond to the certificate for which a complete certificate chain can be built (the chain from your certificate to the root certificate).
To obtain the parameters of a suitable certificate, your custom application should access a certificate store using system-dependent mechanisms. See related source code of the OdDwgSignEx sample application for details (Drawing\Examples\win\OdDwgSignEx).
Validating digital signatures
To validate a digital signature attached to a .dwg file, use the corresponding global function from the Teigha API:
TOOLKIT_EXPORT OdResult validateDrawingSignature(const OdString& drawingFullPath, OdString& verifResultMsg, OdSignatureDescriptionData* pSignDesc);
The file’s full path should be passed to the function as the first parameter.
The function returns the verification result message (verifResultMsg string) and fills the OdSignatureDescriptionData structure located by the address passed as a parameter (pSignDesc).
Also, it returns one of the following OdResult values:
- eOk if the verification process completed without errors and verifResultMsg contains the verification result.
- eCantOpenFile if the drawing file specified by drawingFullPath can’t be opened.
- eInvalidInput if the drawing file has a version for which the verification process cannot be performed.
The call is as follows:
OdSignatureDescriptionData sigData; OdResult res; res = validateDrawingSignature(m_drawingFilePath, verifResultMsg, &sigData);
See related source code of the OdDwgSignEx sample application for details (Drawing\Examples\win\OdDwgSignEx).
OdDwgSignEx sample application and related source code
Teigha has the OdDwgSignEx sample application available on the Windows platform that works with the digital signature API.
The sample uses an implementation of the OdCrypt interface for Windows (OdWinNTCrypt) to operate with digital signature information (see the extension source code: Kernel\Extensions\win\Crypt).
To start the sample, first import your certificates in a store as described above.
The next pictures illustrate using the OdDwgSignEx sample to attach and validate a digital signature for a .dwg file.