/** * DOCX Digital Signatures (OPC Package Digital Signature) * * DOCX documents may contain digital signatures stored in: * _xmlsignatures/origin.sigs * _xmlsignatures/sig1.xml, sig2.xml, ... * _xmlsignatures/_rels/origin.sigs.rels * * The signatures use W3C XML Digital Signature (XMLDSig) format with * Office-specific OfficeObject extensions per MS-OFFCRYPTO. * * This module provides: * - Detection and extraction of signature metadata * - Preservation of signatures through round-trip (via opaqueParts) * * Note: This module does NOT validate signature integrity (would require * full XMLDSig + Canonical XML implementation). Signatures are preserved * verbatim but become invalid if the package contents change. * * References: * - MS-OFFCRYPTO §3.2.6 Digital Signatures * - XMLDSig: https://www.w3.org/TR/xmldsig-core/ */ /** Parsed digital signature metadata. */ export interface DigitalSignatureInfo { /** Signer's display name (from OfficeObject > SignatureInfoV1 > SignatureText). */ readonly signer?: string; /** Sign date (ISO 8601). */ readonly signDate?: string; /** Signature commitment type URI. */ readonly commitmentType?: string; /** Signature comments/reason. */ readonly signatureComments?: string; /** Signature purpose. */ readonly purpose?: string; /** Signature provider URL. */ readonly providerUrl?: string; /** Certificate subject CN. */ readonly certificateSubject?: string; /** Certificate issuer CN. */ readonly certificateIssuer?: string; /** Certificate serial number. */ readonly certificateSerialNumber?: string; /** Hash of the signature (base64). */ readonly signatureValue?: string; /** * Cryptographic verification status. * * `"not-verified"` is the only value this module ever produces — full * verification requires a complete XMLDSig + Canonical XML implementation * which is intentionally out of scope. The field is exposed so callers * are not tempted to interpret a missing value as "valid". */ readonly cryptographicStatus: "not-verified"; /** Raw XML for preservation. */ readonly rawXml: string; /** Signature file name (e.g. "sig1.xml"). */ readonly fileName: string; } /** * Check if a document has digital signatures. * * @param opaquePaths - Set of paths in the package (typically from opaqueParts). * @returns True if signatures are present. */ export declare function hasDigitalSignatures(opaquePaths: readonly string[]): boolean; /** * Extract digital signature metadata from sig XML content. * * @param xmlStr - The signature XML content. * @param fileName - The file name (e.g. "sig1.xml"). * @returns Parsed signature info. */ export declare function parseSignatureXml(xmlStr: string, fileName: string): DigitalSignatureInfo; /** * Extract all digital signatures from opaque parts of a document. * * @param opaqueParts - Opaque parts (from DocxDocument.opaqueParts). * @returns Array of parsed signature info. */ export declare function extractSignatures(opaqueParts: readonly { path: string; data: Uint8Array; }[] | undefined): DigitalSignatureInfo[]; /** * Check that a parsed signature has the structural elements XMLDSig * requires (`Signature`, `SignedInfo`, `SignatureValue`, `KeyInfo`). * * This is **not** a cryptographic check — see `cryptographicStatus`. It is * also tolerant of namespace prefixes (`` etc.) which the * previous implementation missed. * * @returns True if the signature XML carries the required elements. */ export declare function isWellFormedSignature(info: DigitalSignatureInfo): boolean;