PDF Document API - Signature Enhancements

As you may already know, we introduced multiple signature support in our v20.1 release cycle.

Based on your great feedback, we introduced a series of enhancements in our v20.1.6 minor update and expect to issue additional updates in upcoming builds. Thanks for all your help and your continued support. We appreciate it.

v20.1.6

PAdES Support

You can now apply signatures with a B-T level PAdES profile to a document. To do so, specify the signature profile in the Pkcs7Signer object constructor.

The IOcspClient and ICrlClient interfaces allow you to add certificate revocation information. You can use our default implementations or create a custom implementation as needed.

using (var signer = new PdfDocumentSigner("Document.pdf"))
{
    IOcspClient ocspClient = new PdfOcspClient();
    ICrlClient crlClient = new PdfCrlClient();

    ITsaClient tsaClient = new PdfTsaClient(new Uri(@"https://freetsa.org/tsr"), PdfHashAlgorithm.SHA256);

    //Create a PKCS#7 signature:
    Pkcs7Signer pkcs7Signature = new Pkcs7Signer("Signing Documents//testcert.pfx", "123",
     PdfHashAlgorithm.SHA256, tsaClient, ocspClient, crlClient, PdfSignatureProfile.PAdES_BES);
     
    //Apply a signature to a form field:
    var signature =
    new PdfSignatureBuilder(pkcs7Signature, "Sign");

    //Sign and save the document:
    signer.SaveDocument("SignedDocument.pdf", signature);
}

Certification Signature

The PdfSignatureBuilder.CertificationLevel property defines the changes available to users when the signature is applied. If a user makes a restricted change, the signature is invalidated. You can specify the following permissions:

  • Allow all changes
  • Allow users to populate forms and sign the document
  • Allow users to populate forms, manage annotations, and sign the document
  • Restrict all changes
//Load a document:
using (var signer = new PdfDocumentSigner("Document.pdf"))
{

    //Create a PAdES PKCS#7 signature
     Pkcs7Signer pkcs7Signature = 
     new Pkcs7Signer("Signing Documents/certificate.pfx", "123", PdfHashAlgorithm.SHA256);

    //Apply a signature to a form field:
    var signature = 
    new PdfSignatureBuilder(pkcs7Signature, "Sign");


    //Specify an image and signer information:
    signature.SetImageData(File.ReadAllBytes
    ("Signing Documents//SantuzzaValentina.jpg"));    
    signature.Name = "Santuzza Valentina";
    santuzzaSignature.CertificationLevel = PdfCertificationLevel.FillFormsAndAnnotate;

    //Sign and save the document:
    signer.SaveDocument("SignedDocument.pdf", signature);
}

Document-Level Timestamps

You can now use document-level timestamps to sign a document.

The PdfTimeStamp object allows you to generate a document-level timestamp. Use the ITsaClient interface implementation to specify the timestamp client.

Pass the PdfTimeStamp object to the PdfSignatureBuilder constructor to apply the timestamp to the signature field.

using (var signer = new PdfDocumentSigner("Document.pdf"))
{
    //Create a timestamp:
    ITsaClient tsaClient = new PdfTsaClient(new Uri(@"https://freetsa.org/tsr"), PdfHashAlgorithm.SHA256);

    //Create a new signature form field:
    var signatureFieldInfo = new PdfSignatureFieldInfo(1);
    signatureFieldInfo.Name = "SignatureField1";
    signatureFieldInfo.SignatureBounds = new PdfRectangle(200, 200, 250, 250);

    //Create a document-level timestamp:
    PdfTimeStamp pdfTimeStamp = new PdfTimeStamp(tsaClient);

    //Apply this timestamp to the form field:
    var timestampSignature = new PdfSignatureBuilder(pdfTimestamp, signatureFieldInfo);

    //Sign and save the document:
    signer.SaveDocument("SignedDocument.pdf", timestampSignature);
}

v20.1.7 (Next Update)

Sign Documents in Deferred Mode

The PDF Document API will allow you to use a document hash to apply a signature or a document-level timestamp externally.

You can use the ExternalSignerInfo class object to specify signature parameters: type, size, hashing algorithm, etc. The PdfDocumentSigner.SignDeferred method applies the signature to the document and returns a document hash. Utilize the PdfDeferredSigner.Sign method to write signature contents to the document and save the result to a file or stream.

using (var signer = new PdfDocumentSigner(File.OpenRead("SignDemo.pdf")))
{
  //Specify information about signature metadata:
  var digestCalculator = new PdfDigestCalculator(PdfHashAlgorithm.SHA256);

  var signerInfo = new ExternalSignerInfo(PdfSignatureType.Pkcs7, 8000, digestCalculator);

  //Create a new form field:
  var fieldInfo = new PdfSignatureFieldInfo(1) { SignatureBounds = new PdfRectangle(10, 10, 100, 100) };

  //Apply the metadata to the form field:
  var builder = new PdfDeferredSignatureBuilder(signerInfo, fieldInfo);

  //Add the signature to the document:
  var deferredSigner = signer.SignDeferred(builder);

  //Obtain the document hash and the hash algorithm's object identifier:
  var digest = deferredSigner.HashValue;
  var digestAlgorithmOID = digestCalculator.AlgorithmOid;

  //Generate the signature content for the document:
  byte[] signature = CreateSignature(digest, digestAlgorithmOID);

  //Add signature contents and save the document to a file:
  deferredSigner.Sign("signed.pdf", signature);
}

static byte[] CreateSignature(byte[] digest, string digestAlgorithmOID)
{
  var signer = new Pkcs7Signer(@"SignDemo.pfx", "dxdemo");
  byte[] signature = signer.BuildSignature(digest, digestAlgorithmOID);
  return signature;
}

Add Signatures to Multiple Pages

We will add a new PdfSignatureFieldInfo class constructor. You can use this constructor to create a signature with a widget that belongs to multiple document pages.

var numbers = new List<int>() { 1, 2, 5 };
var fieldInfo = new PdfSignatureFieldInfo(numbers) 
{ SignatureBounds = new PdfRectangle(10, 10, 100, 100) };

What’s Next

PAdES signatures with LT and LTA levels are not yet supported. We plan to address this issue in our v20.2 release cycle. We will share updates with you in an upcoming blog post.

Your Feedback Matters

As always, we welcome your thoughts. Please comment below and let us know what you think of these new features. Should you have technical questions, feel free to contact us via the DevExpress Support Center.

What’s New in v20.1

To explore the scope, breadth and capabilities of our new products/features, please visit: https://www.devexpress.com/Subscriptions/New-2020-1.xml.
2 comment(s)
Sandro.CODTEC
Sandro.CODTEC
You are fantastic. Light years ahead
27 July 2020
SharePoint Solutions s.r.o.
SharePoint Solutions s.r.o.
PAdES LTA + Validation = DX rocks again :) :) :)
28 July 2020

Please login or register to post comments.