CartLog In

PDF Document API - PAdES - BES (LT and LTA levels) Signatures

Office-Inspired Products
Office-Inspired Products
RSS
6 January 2021

As you may already know, our PDF Document API v20.1 offers digital signature support. For background information on our implementation, please review the following blog posts:

Our PDF Document API (v20.2) fully supports PAdES signatures at B-LT and B-LTA levels. The PAdES B-LT (PAdES T- with added Long Term Validation information) level indicates that a document signature can be validated even if the signing environment (e.g., signing Certification Authority) is no longer available. This level is recommended for Advanced Electronic Signatures.

The PAdES B-LTA (PAdES LT- with added authoritative document timestamp signature) level may help validate a signature beyond any event that may limit its validity. This level is recommended for Qualified Electronic Signatures.

Both levels require that you add verification related information (VRI) (for B-LTA level – a timestamp’s VRI) to a Document Security Store (DSS) - an optional dictionary in a document. The VRI includes Online Certificate Status Protocol responses, Certificate Revocation Lists, and a chain of trust certificates (including the root certificate).

Call the PdfDocumentSigner.AddToDss method and pass a signed signature field as the method parameter to add signature information to the DSS. To provide certificates used to build a chain, you can specify a list of certificates, use a CertificateStoreProvider class, or create your own ICertificateStoreProvider interface implementation.

The code sample below retrieves the name of the first signature field, adds signature information to the DSS, and applies a timestamp to a document:

using (var signer = new PdfDocumentSigner(@"signed.pdf"))
{
  ITsaClient tsaClient = new TsaClient(new Uri(@"https://freetsa.org/tsr"), HashAlgorithmType.SHA256);
  string signatureName = signer.GetSignatureFieldNames(false)[0]; 

  //Create a provider that retrieves certificates from a store:
  using (var certificateStoreProvider = new CertificateStoreProvider(new X509Store(StoreLocation.CurrentUser), true))
  {
    //Add signature to the security store
    //And specify the CrlClient and OcspClient objects
    //Used to check status of the certificates' revocation
    signer.AddToDss(signatureName, new CrlClient(), new OcspClient(), certificateStoreProvider);
  }

  signer.SaveDocument(@"signedLTV.pdf", new PdfSignatureBuilder(new PdfTimeStamp(tsaClient)));

}

Your Feedback Matters

As always, we welcome your thoughts. Please comment below and let us know what you think about these signature-related PDF API features. Should you have technical questions, feel free to contact us via the DevExpress Support Center.

Free DevExpress Products - Get Your Copy Today

The following free DevExpress product offers remain available. Should you have any questions about the free offers below, please submit a ticket via the DevExpress Support Center at your convenience. We'll be happy to follow-up.
Office Products Team Office Products Team
API Office PAdES PDF Signature Signatures v20.2

Recent Posts

Document Processing (Office File API) — Early Access Preview (v25.1) — Redaction API, Export Enhancements and More
Poline Fedorova (DevExpress)
Document Processing Libraries (Office File API) — June 2025 Roadmap (v25.1)
Maria Nikulina (DevExpress)
Spreadsheet Control for WinForms and WPF – Sort and Filter by Color via the User Interface
Poline Fedorova (DevExpress)
PDF Document API — Using Layers (Optional Content Groups) to Control Visibility of PDF Graphics Objects (v24.1)
Margarita (DevExpress)
Extending Excel Calculations with AI: Implementing User-Defined Formulas using the DevExpress WinForms Spreadsheet
Maria Nikulina (DevExpress)