DOCX Digital Signature
A DOCX digital signature enables you to authenticate a DOCX document to establish that the sender of the file is who they say they are and the content of the DOCX file has not been tampered with.
The following example shows how you can create a digitally signed DOCX file in C# and VB.NET.
using GemBox.Document;
class Program
{
static void Main()
{
// If using the Professional version, put your serial key below.
ComponentInfo.SetLicense("FREE-LIMITED-KEY");
var document = DocumentModel.Load("%InputFileName%");
var saveOptions = new DocxSaveOptions();
saveOptions.DigitalSignatures.Add(new DocxDigitalSignatureSaveOptions()
{
CertificatePath = "%InputDigitalId%",
CertificatePassword = "GemBoxPassword"
});
document.Save("DOCX Digital Signature.docx", saveOptions);
}
}
Imports GemBox.Document
Module Program
Sub Main()
' If using the Professional version, put your serial key below.
ComponentInfo.SetLicense("FREE-LIMITED-KEY")
Dim document = DocumentModel.Load("%InputFileName%")
Dim saveOptions As New DocxSaveOptions()
saveOptions.DigitalSignatures.Add(New DocxDigitalSignatureSaveOptions() With
{
.CertificatePath = "%InputDigitalId%",
.CertificatePassword = "GemBoxPassword"
})
document.Save("DOCX Digital Signature.docx", saveOptions)
End Sub
End Module
To get a valid signature in MS Word, as seen in the screenshot above, you will have to install GemBoxCA.crt certificate as a trusted root certification authority and install either GemBoxRSA.crt or GemBoxECDsa.crt certificate as an Intermediate Certification Authority, as described in the Digital ID notes.
To avoid installing the whole certificate chain, you can embed certificates in the signature. With this approach only the root certificate (GemBoxCA.crt) needs to be installed.
The following example shows how to add multiple signatures, set additional signature properties and embed an intermediate certificate.
using GemBox.Document;
using GemBox.Document.Security;
class Program
{
static void Main()
{
// If using the Professional version, put your serial key below.
ComponentInfo.SetLicense("FREE-LIMITED-KEY");
var document = DocumentModel.Load("%InputFileName%");
var signature1 = new DocxDigitalSignatureSaveOptions()
{
CertificatePath = "%#GemBoxECDsa521.pfx%",
CertificatePassword = "GemBoxPassword",
CommitmentType = DigitalSignatureCommitmentType.Created,
SignerRole = "Developer"
};
// Embed intermediate certificate.
signature1.Certificates.Add(new Certificate("%#GemBoxECDsa.crt%"));
var signature2 = new DocxDigitalSignatureSaveOptions()
{
CertificatePath = "%#GemBoxRSA4096.pfx%",
CertificatePassword = "GemBoxPassword",
CommitmentType = DigitalSignatureCommitmentType.Approved,
SignerRole = "Manager"
};
// Embed intermediate certificate.
signature2.Certificates.Add(new Certificate("%#GemBoxRSA.crt%"));
var saveOptions = new DocxSaveOptions();
saveOptions.DigitalSignatures.Add(signature1);
saveOptions.DigitalSignatures.Add(signature2);
document.Save("DOCX Digital Signatures.docx", saveOptions);
}
}
Imports GemBox.Document
Imports GemBox.Document.Security
Module Program
Sub Main()
' If using the Professional version, put your serial key below.
ComponentInfo.SetLicense("FREE-LIMITED-KEY")
Dim document = DocumentModel.Load("%InputFileName%")
Dim signature1 As New DocxDigitalSignatureSaveOptions() With
{
.CertificatePath = "%#GemBoxECDsa521.pfx%",
.CertificatePassword = "GemBoxPassword",
.CommitmentType = DigitalSignatureCommitmentType.Created,
.SignerRole = "Developer"
}
' Embed intermediate certificate.
signature1.Certificates.Add(New Certificate("%#GemBoxECDsa.crt%"))
Dim signature2 As New DocxDigitalSignatureSaveOptions() With
{
.CertificatePath = "%#GemBoxRSA4096.pfx%",
.CertificatePassword = "GemBoxPassword",
.CommitmentType = DigitalSignatureCommitmentType.Approved,
.SignerRole = "Manager"
}
' Embed intermediate certificate.
signature2.Certificates.Add(New Certificate("%#GemBoxRSA.crt%"))
Dim saveOptions As New DocxSaveOptions()
saveOptions.DigitalSignatures.Add(signature1)
saveOptions.DigitalSignatures.Add(signature2)
document.Save("DOCX Digital Signatures.docx", saveOptions)
End Sub
End Module
Digital ID notes
Digital ID files used in the preceding example are part of a simple Public Key Infrastructure (PKI) created just for this demonstration which contains the following hierarchy of certificates and CRLs:
- Root Certificate Authority certificate GemBoxCA.crt
- Intermediate Certificate Authority certificate GemBoxRSA.crt
- Digital ID GemBoxRSA1024.pfx and its certificate GemBoxRSA1024.crt
- Digital ID GemBoxRSA2048.pfx and its certificate GemBoxRSA2048.crt (revoked)
- Digital ID GemBoxRSA4096.pfx and its certificate GemBoxRSA4096.crt
- CRL GemBoxRSA.crl that revokes the certificate with the serial number 02 (GemBoxRSA2048.crt)
- Intermediate Certificate Authority certificate GemBoxECDsa.crt
- Digital ID GemBoxECDsa192.pfx and its certificate GemBoxECDsa192.crt
- Digital ID GemBoxECDsa224.pfx and its certificate GemBoxECDsa224.crt (revoked)
- Digital ID GemBoxECDsa521.pfx and its certificate GemBoxECDsa521.crt
- CRL GemBoxECDsa.crl that revokes the certificate with the serial number 02 (GemBoxECDsa224.crt)
- CRL GemBoxCA.crl that doesn't revoke any certificate
- Intermediate Certificate Authority certificate GemBoxRSA.crt
To get a valid signature in an MS Office Application, as seen in the screenshot above, you will have to add GemBoxCA.crt certificate to the list of Trusted Certificates on your machine using the following steps:
- Download GemBoxCA.crt certificate.
- Open the file and click Install Certificate....
- If you are adding a Root Certificate, choose the option "Place all certificates in the following store" and Browse for "Trusted Root Certification Authorities".
- After the installation is finished, you can see the certificate under "User Accounts" > "Manage User Certificates" in the Control Panel.
- Once you finish the verification it is safer to uninstall the certificate.
