As you know, signature validation helps promote document integrity and authenticity (signature validation mitigates risks associated with document tampering, unauthorized modifications, identity theft/impersonation, etc). Said simply, validation ensures that a digital signature matches the content it claims to authenticate - a vital element for secure electronic transactions.
Signature Validation with the DevExpress Office File API Suite
When using the DevExpress PDF Document API (v23.2+), you can obtain signature information and verify signature validity with relative ease.
Our new PdfDocumentSigner.GetPdfPkcs7Signature method allows you to retrieve signature info within a specific form field. You can use the retrieved PdfPkcs7Signature object's methods to obtain information on the certificate itself, certificate chain, and/or stamp date. The VerifySignature and VerifyTimeStamp methods authenticate the signature or the time stamp, respectively.
The following code snippet generates a report on signatures used within a PDF file:
using DevExpress.Pdf;
// ...
// Get the Document.pdf file.
using (PdfDocumentSigner documentSigner = new PdfDocumentSigner("Document.pdf"))
// Retrieve the list of `PdfSignatureInfo` objects in the document.
foreach (var signature in documentSigner.GetSignatureInfo()) {
Console.WriteLine("Signature field name : {0}", signature.FieldName);
Console.WriteLine(" Signer name : {0}", signature.SignerName);
// Obtain the PKCS#7 signature from the list of `PdfSignatureInfo` objects and verify it.
var pkcs7 = documentSigner.GetPdfPkcs7Signature(signature.FieldName);
Console.WriteLine(" Is signature valid? : {0}", pkcs7.VerifySignature());
// Obtain the PKCS#7 signature certificate and verify the certificate info.
var certificate = pkcs7.GetSignatureCertificate();
Console.WriteLine(" Certificate issuer : {0}", certificate.IssuerName.Name);
Console.WriteLine(" Is certificate valid? : {0}", certificate.Verify());
var timestampDate = pkcs7.GetTimeStampDate();
// Get a timestamp and verify the time of signing.
Console.WriteLine(" Does signature include a timestamp? : {0}", timestampDate.HasValue);
if(timestampDate.HasValue) {
Console.WriteLine(" Timestamp : {0}", timestampDate);
Console.WriteLine(" Is timestamp valid? : {0}", pkcs7.VerifyTimeStamp());
}
}
To help illustrate use of this capability, we created the following sample Blazor project. The project loads a signed PDF file and when loaded, a table displays document signatures and associated information.
PDF Document API – Validate Document Signatures
Note: At present, the DevExpress PDF Document API only validates PKCS#7 signatures. Please complete the survey below and let us know what other validation type you'd like to see us introduce in the future:
Free DevExpress Products - Get Your Copy Today
The following free DevExpress product offers remain available. Should you have any questions about the free offers below, please submit a ticket via the
DevExpress Support Center at your convenience. We'll be happy to follow-up.