PdfDelayOrReSignDigitalId Class
Represents a digital ID used to delay-sign (deferred-sign) or re-sign a PDF file.
A PdfDelayOrReSignDigitalId does not perform the actual signing because it contains only a PdfCertificate (with a public key) and no private key. Instead, a PdfDelayOrReSignDigitalId is used in the following process:
- Delay-sign a PDF file by using the Sign(PdfSigner) method followed by any of the Save() methods. The Signature property must be null and after the signing is done, the Hash property contains the hash of the (delay-)signed PDF file. The Content of the delay-signed signature is empty (a sequence of bytes whose value is zero), thus the signature is not valid. But the signature content is replaced with the valid signature content when re-signing the PDF file.
- Sign the Hash using an external signer.
- Re-sign the PDF file by using the Sign(PdfSigner) method on the same PdfSignatureField on which delay-sign was performed (the Save() method should not be called after as explained in the note of the Sign(PdfSigner) method). The Signature property must be set to a value returned by the external signer and after the signing is done, the Hash property contains the hash of the re-signed PDF file (that should be the same as the hash of the delay-signed PDF file).
The PdfSigner instances used in the delay-sign and re-sign should have equal properties so that the signature content created by re-signing fits into the delay-signed signature content that it replaces.
Delay-signing is also possible with Sign(Func<Stream, Byte[]>, PdfSignatureFormat, Int32) method, but then you must take care to provide the appropriate value of the estimatedSignatureContentsLength parameter that should be large enough to contain the entire signature content created when re-signing the PDF file. If the PdfCertificate is not available when performing the delay-sign, then delay-signing must be done by using the Sign(Func<Stream, Byte[]>, PdfSignatureFormat, Int32) method. The first parameter of that method should return an array of bytes whose value is zero of the estimatedSignatureContentsLength length. Note that if Format is not PKCS7, then delay-signing with Sign(Func<Stream, Byte[]>, PdfSignatureFormat, Int32) method is difficult because hash provided to the external signer is not ComputeHash(PdfHashAlgorithm) as explained in the Message Digest Calculation Process.
public sealed class PdfDelayOrReSignDigitalId : PdfDigitalIdPublic NotInheritable Class PdfDelayOrReSignDigitalId
Inherits PdfDigitalId- Inheritance:
- System.ObjectPdfDelayOrReSignDigitalId
Constructors
PdfDelayOrReSignDigitalId(PdfCertificate)
Initializes a new instance of the PdfDelayOrReSignDigitalId class.
public PdfDelayOrReSignDigitalId(PdfCertificate certificate)Public Sub New(certificate As PdfCertificate)Parameters
certificate- PdfCertificate
The certificate associated with this digital ID.
Exceptions
- System.ArgumentNullException
certificate is null.
Properties
Hash
Gets the hash of either delay-signed (if the Signature is null) or re-signed (if the Signature is not null) PDF file.
In the case of a delay-signing the Hash should be passed to an external signer for signing and the returned signature should be set to the Signature and the PDF file should be re-signed.
Property Value
- System.Byte[]
The hash of either delay-signed or re-signed PDF file.
Signature
Gets or sets the signature with which the PDF file should be re-signed.
Should be null if the PdfDelayOrReSignDigitalId is used for delay-sign.
Property Value
- System.Byte[]
The signature with which the PDF file should be re-signed.
Exceptions
- System.ArgumentNullException
Value is null.
Inherited Properties
| Certificate | Gets or sets the certificate. (Inherited from PdfDigitalId) |
Inherited Methods
| ToString() | Returns a System.String that represents this PdfDigitalId instance. (Inherited from PdfDigitalId) |