2

I am trying to digitally sign a PDF using Aspose Pdf by using an external device to actually do the signing, in this case Azure Key Vault. iText has a very good mechanism for this. They provide IExternalSignature interface that you can implement which provides the Sign functionality, however I can't find anything similar with Aspose Pdf.

I am working with the examples from this blog post: https://rahulpnath.com/blog/signing-a-pdf-file-using-azure-key-vault/

Does anyone know how the third example (Non Exportable Certificate) can be implemented with Aspose Pdf?

shizik
  • 910
  • 6
  • 16
  • A feature request ticket with ID **PDFNET-21488** has already been logged in our issue management system for similar functionality. We have recorded your concerns and will let you know as soon as the ticket will be resolved. We are sorry for the inconvenience. **PS**: I work with Aspose as Developer Evangelist. – Farhan Raza Nov 26 '18 at 20:59
  • Hi @FarhanRaza, I have seen that ticket but it was opened 2010. I find it odd that after so long it still hasn't been implemented. – shizik Nov 26 '18 at 21:08
  • It has not been resolved owing to other critical issues and feature requests in the queue. Its priority has been raised to next level and it will hopefully be scheduled soon. We really appreciate your patience and comprehension in this regard. – Farhan Raza Nov 26 '18 at 21:15
  • @FarhanRaza I see that this has been release with Aspose.PDF 19.2. Any chance you can share a code example? – shizik Feb 27 '19 at 15:04
  • We are glad to inform you that **PDFNET-21488** has been resolved. An answer has been added below for the same. – Farhan Raza Feb 28 '19 at 21:40

1 Answers1

0

You can use ExternalSignature object that provides X509Certificate2 for signing document. Please use following code snippet. In these examples the Windows certificate store is used to get the certificate for signing:

// The System.Security.dll assembly should be added into References

// Signing 1. Using SignatureField
public void Sign_With_SmartCard_1()
{
    const string dataDir = @"c:\";

    File.Copy(dataDir + "blank.pdf", dataDir + "externalSignature1.pdf", true);
    using (FileStream fs = new FileStream(dataDir + "externalSignature1.pdf", FileMode.Open, FileAccess.ReadWrite))
    {
        using (Document doc = new Document(fs))
        {
            SignatureField field1 = new SignatureField(doc.Pages[1], new Rectangle(100, 400, 10, 10));

            // Sign with certificate selection in the windows certificate store
            X509Store store = new X509Store(StoreLocation.CurrentUser);
            store.Open(OpenFlags.ReadOnly);
            // Manually chose the certificate in the store
            X509Certificate2Collection sel = X509Certificate2UI.SelectFromCollection(store.Certificates, null, null, X509SelectionFlag.SingleSelection);

            Aspose.Pdf.Forms.ExternalSignature externalSignature = new Forms.ExternalSignature(sel[0])
            {
                Authority = "Me",
                Reason = "Reason",
                ContactInfo = "Contact"
            };

            field1.PartialName = "sig1";
            doc.Form.Add(field1, 1);
            field1.Sign(externalSignature);
            doc.Save();
        }
    }

    using (PdfFileSignature pdfSign = new PdfFileSignature(dataDir + "externalSignature1.pdf"))
    {
        IList<string> sigNames = pdfSign.GetSignNames();
        for (int index = 0; index <= sigNames.Count - 1; index++)
        {
            if (!pdfSign.VerifySigned(sigNames[index]) || !pdfSign.VerifySignature(sigNames[index]))
            {
                throw new ApplicationException("Not verified");
            }
        }
    }
}

// Signing 2. Using PdfFileSignature
public void Sign_With_SmartCard_2()
{
    const string dataDir = @"c:\";

    Document doc = new Document(dataDir + "blank.pdf");

    using (PdfFileSignature pdfSign = new PdfFileSignature())
    {
        pdfSign.BindPdf(doc);

        //Sign with certificate selection in the windows certificate store
        X509Store store = new X509Store(StoreLocation.CurrentUser);
        store.Open(OpenFlags.ReadOnly);
        //manually chose the certificate in the store
        X509Certificate2Collection sel = X509Certificate2UI.SelectFromCollection(store.Certificates, null, null, X509SelectionFlag.SingleSelection);

        Aspose.Pdf.Forms.ExternalSignature externalSignature = new Forms.ExternalSignature(sel[0]);
        pdfSign.SignatureAppearance = dataDir + "demo.png";
        pdfSign.Sign(1, "Reason", "Contact", "Location", true, new System.Drawing.Rectangle(100, 100, 200, 200), externalSignature);
        pdfSign.Save(dataDir + "externalSignature2.pdf");
    }

    using (PdfFileSignature pdfSign = new PdfFileSignature(dataDir + "externalSignature2.pdf"))
    {
        IList<string> sigNames = pdfSign.GetSignNames();
        for (int index = 0; index <= sigNames.Count - 1; index++)
        {
            if (!pdfSign.VerifySigned(sigNames[index]) || !pdfSign.VerifySignature(sigNames[index]))
            {
                throw new ApplicationException("Not verified");
            }
        }
    }
}

We hope this will be helpful. Please feel free to contact us if you need any further assistance.

Farhan Raza
  • 392
  • 1
  • 8
  • This doesn't solve the issue. The `X509Certificate2` certificate that needs to be passed as argument must contain the private key in order for this to work. Aspose should provide an interface that the developer can implement and therefore delegate the signing process. You can see how that works in iText in the blog post I provided in my original question (Example 3). – shizik Mar 19 '19 at 10:27
  • We have recorded your concerns and will update you once further information will be available in this regard. – Farhan Raza Mar 19 '19 at 22:05
  • @FarhanRaza : This is not working using a Belgian Electronic Identity Card -> https://stackoverflow.com/q/65580435/5789321 – Whiletrue Jan 05 '21 at 14:11
  • Aspose still does not support this, but I found ABCpdf that does as a cheaper alternative to iText. https://www.websupergoo.com/abcpdf-pdf-digital-signatures.aspx. Here is how I made it work https://learn.microsoft.com/answers/answers/458238/view.html – mike100111 Jun 30 '21 at 16:33