PDF digital signatures
With GemBox.Pdf, you can perform the following PDF digital signature scenarios in your C# or VB.NET application:
- Digitally sign a PDF file.
- Digitally sign a PDF file with a visible signature.
- Digitally sign a PDF file with multiple signatures.
- Digital Signature Workflows
- Digitally sign a PDF file with a PDF Advanced Electronic Signature (PAdES).
- Digitally sign a PDF file using a PKCS#11/Cryptoki device (for example, HSM, USB token or smart card).
- Digitally sign a PDF file using an external signature (for example, from a web service).
- Validate signatures of a digitally signed PDF file.
- Remove existing digital signatures from a PDF file.
Before reviewing the output of the following examples in your Adobe Acrobat Reader, please read the Digital ID notes. The following example shows how to add a digital signature to an existing PDF file. Note that the digital signature from the above example is invisible – there is no visual representation of the signature on any of the pages. The next example shows how to create a visible digital signature. The following example shows how to add a visible digital signature to an existing PDF file. The signature appearance settings, represented by the Previous examples showed how to apply a single digital signature. The next example shows how to apply more than one digital signature to an existing PDF file. The following example shows how to add multiple digital signatures to an existing PDF file. As shown in the screenshot above, the PDF file contains two revisions. The first revision contains the original PDF document content and the first signature, and is created by using the The second revision contains the second signature and is appended to the same PDF file by using a parameterless This file structure is normal because PDF supports multiple digital signatures only through multiple revisions by appending additional signatures to an already signed PDF file. The following example shows how to add an external digital signature to an existing PDF file. The external signature is created by the RSAXmlDigitalId class that, for demonstration purposes, reads the RSA private key parameters from an XML file and uses an instance of a System.Security.Cryptography.RSA class to do the actual signing. Using the same technique, an external signature can be created from various sources such as a web service, HSM, USB token or smart card. The following example shows how to remove existing digital signatures from a PDF file. There are two ways to remove an existing signature from a PDF file: Digital ID files used in the preceding examples are part of a simple Public Key Infrastructure (PKI) created just for this demonstration which contains the following hierarchy of certificates and CRLs: To get a valid signature in your Adobe Acrobat Reader as seen in the screenshots above, you will have to add GemBoxCA.crt certificate to the list of Trusted Certificates using the following steps: Otherwise, to get a valid signature in any Adobe Acrobat Reader, your digital ID would have to be an AATL-enabled signing credential.Digitally sign a PDF file
using GemBox.Pdf;
using GemBox.Pdf.Forms;
using GemBox.Pdf.Security;
class Program
{
static void Main()
{
// If using the Professional version, put your serial key below.
ComponentInfo.SetLicense("FREE-LIMITED-KEY");
using (var document = PdfDocument.Load("%InputFileName%"))
{
// Add an invisible signature field to the PDF document.
var signatureField = document.Form.Fields.AddSignature();
// Get a digital ID from PKCS#12/PFX file.
var digitalId = new PdfDigitalId("%InputDigitalId[0]%", "GemBoxPassword");
// Create a PDF signer that will create the digital signature.
var signer = new PdfSigner(digitalId);
// Adobe Acrobat Reader currently doesn't download certificate chain
// so we will also embed certificate of intermediate Certificate Authority in the signature.
// (see https://community.adobe.com/t5/acrobat/signature-validation-using-aia-extension-not-enabled-by-default/td-p/10729647)
signer.ValidationInfo = new PdfSignatureValidationInfo(new PdfCertificate[] { new PdfCertificate("%InputDigitalId[1]%") }, null, null);
// Initiate signing of a PDF file with the specified signer.
signatureField.Sign(signer);
// Finish signing of a PDF file.
document.Save("Digital Signature.pdf");
}
}
}
Imports GemBox.Pdf
Imports GemBox.Pdf.Forms
Imports GemBox.Pdf.Security
Module Program
Sub Main()
' If using the Professional version, put your serial key below.
ComponentInfo.SetLicense("FREE-LIMITED-KEY")
Using document = PdfDocument.Load("%InputFileName%")
' Add an invisible signature field to the PDF document.
Dim signatureField = document.Form.Fields.AddSignature()
' Get a digital ID from PKCS#12/PFX file.
Dim digitalId = New PdfDigitalId("%InputDigitalId[0]%", "GemBoxPassword")
' Create a PDF signer that will create the digital signature.
Dim signer = New PdfSigner(digitalId)
' Adobe Acrobat Reader currently doesn't download certificate chain
' so we will also embed certificate of intermediate Certificate Authority in the signature.
' (see https://community.adobe.com/t5/acrobat/signature-validation-using-aia-extension-not-enabled-by-default/td-p/10729647)
signer.ValidationInfo = New PdfSignatureValidationInfo(New PdfCertificate() {New PdfCertificate("%InputDigitalId[1]%")}, Nothing, Nothing)
' Initiate signing of a PDF file with the specified signer.
signatureField.Sign(signer)
'Finish signing of a PDF file.
document.Save("Digital Signature.pdf")
End Using
End Sub
End Module
Digitally sign a PDF file with a visible signature
using GemBox.Pdf;
using GemBox.Pdf.Annotations;
using GemBox.Pdf.Content;
using GemBox.Pdf.Forms;
using GemBox.Pdf.Security;
class Program
{
static void Main()
{
// If using the Professional version, put your serial key below.
ComponentInfo.SetLicense("FREE-LIMITED-KEY");
using (var document = PdfDocument.Load("%InputFileName%"))
{
// Add a visible signature field to the first page of the PDF document.
var signatureField = document.Form.Fields.AddSignature(document.Pages[0], 300, 500, 250, 100);
// Retrieve the signature's appearance settings to customize it.
var signatureAppearance = signatureField.Appearance;
// Signature appearance will consist of a text above an image.
signatureAppearance.TextPlacement = PdfTextPlacement.TextAboveIcon;
// Text should occupy 40% of the annotation rectangle height. The rest will be occupied by the image.
signatureAppearance.TextExtent = 0.4;
// Text should be right aligned.
signatureAppearance.TextAlignment = PdfTextAlignment.Right;
// Set font. A zero value for font size means that the text is auto-sized to fit the annotation rectangle.
signatureAppearance.Font = new PdfFont("Times New Roman", 0);
// Show a 'Reason' label and value.
signatureAppearance.Reason = "Legal agreement between the seller and the buyer about the purchase";
// Show a 'Location' label and value.
signatureAppearance.Location = "New York, USA";
// Do not show a 'Date' label nor value.
signatureAppearance.DateFormat = string.Empty;
// Set the signature image.
signatureAppearance.Icon = PdfImage.Load("%#GemBoxSignature.png%");
// The signature image should be scaled only if it is too big to fit.
signatureAppearance.IconScaleCondition = PdfScaleCondition.ContentTooBig;
// The signature image should dock to the bottom (y = 0) right (x = 1) corner.
signatureAppearance.IconAlignment = new PdfPoint(1, 0);
// Get a digital ID from PKCS#12/PFX file.
var digitalId = new PdfDigitalId("%InputDigitalId[0]%", "GemBoxPassword");
// Create a PDF signer that will create the digital signature.
var signer = new PdfSigner(digitalId);
// Adobe Acrobat Reader currently doesn't download the certificate chain
// so we will also embed a certificate of intermediate Certificate Authority in the signature.
// (see https://community.adobe.com/t5/acrobat/signature-validation-using-aia-extension-not-enabled-by-default/td-p/10729647)
signer.ValidationInfo = new PdfSignatureValidationInfo(new PdfCertificate[] { new PdfCertificate("%InputDigitalId[1]%") }, null, null);
// Initiate signing of a PDF file with the specified signer.
signatureField.Sign(signer);
// Finish signing of a PDF file.
document.Save("Visible Digital Signature.pdf");
}
}
}
Imports GemBox.Pdf
Imports GemBox.Pdf.Annotations
Imports GemBox.Pdf.Content
Imports GemBox.Pdf.Forms
Imports GemBox.Pdf.Security
Module Program
Sub Main()
' If using the Professional version, put your serial key below.
ComponentInfo.SetLicense("FREE-LIMITED-KEY")
Using document = PdfDocument.Load("%InputFileName%")
' Add a visible signature field to the first page of the PDF document.
Dim signatureField = document.Form.Fields.AddSignature(document.Pages(0), 300, 500, 250, 100)
' Retrieve the signature's appearance settings to customize it.
Dim signatureAppearance = signatureField.Appearance
' Signature appearance will consist of a text above an image.
signatureAppearance.TextPlacement = PdfTextPlacement.TextAboveIcon
' Text should occupy 40% of the annotation rectangle height. The rest will be occupied by the image.
signatureAppearance.TextExtent = 0.4
' Text should be right aligned.
signatureAppearance.TextAlignment = PdfTextAlignment.Right
' Set font. A zero value for font size means that the text is auto-sized to fit the annotation rectangle.
signatureAppearance.Font = New PdfFont("Times New Roman", 0)
' Show a 'Reason' label and value.
signatureAppearance.Reason = "Legal agreement between the seller and the buyer about the purchase"
' Show a 'Location' label and value.
signatureAppearance.Location = "New York, USA"
' Do not show a 'Date' label nor value.
signatureAppearance.DateFormat = String.Empty
' Set the signature image.
signatureAppearance.Icon = PdfImage.Load("%#GemBoxSignature.png%")
' The signature image should be scaled only if it is too big to fit.
signatureAppearance.IconScaleCondition = PdfScaleCondition.ContentTooBig
' The signature image should dock to the bottom (y = 0) right (x = 1) corner.
signatureAppearance.IconAlignment = New PdfPoint(1, 0)
' Get a digital ID from PKCS#12/PFX file.
Dim digitalId = New PdfDigitalId("%InputDigitalId[0]%", "GemBoxPassword")
' Create a PDF signer that will create the digital signature.
Dim signer = New PdfSigner(digitalId)
' Adobe Acrobat Reader currently doesn't download the certificate chain
' so we will also embed a certificate of intermediate Certificate Authority in the signature.
' (see https://community.adobe.com/t5/acrobat/signature-validation-using-aia-extension-not-enabled-by-default/td-p/10729647)
signer.ValidationInfo = New PdfSignatureValidationInfo(New PdfCertificate() {New PdfCertificate("%InputDigitalId[1]%")}, Nothing, Nothing)
' Initiate signing of a PDF file with the specified signer.
signatureField.Sign(signer)
'Finish signing of a PDF file.
document.Save("Visible Digital Signature.pdf")
End Using
End Sub
End Module
PdfSignatureAppearance class, enables you to show several predefined labels related to digital signatures and their values, to localize the labels, and to specify and customize the signature image.Digitally sign a PDF file with multiple signatures
using GemBox.Pdf;
using GemBox.Pdf.Forms;
using GemBox.Pdf.Security;
class Program
{
static void Main()
{
// If using the Professional version, put your serial key below.
ComponentInfo.SetLicense("FREE-LIMITED-KEY");
using (var document = PdfDocument.Load("%InputFileName%"))
{
// Add a first signature field to the first page of the PDF document.
var signatureField1 = document.Form.Fields.AddSignature(document.Pages[0], 100, 500, 200, 50);
// Get a first digital ID from PKCS#12/PFX file.
var digitalId1 = new PdfDigitalId("%InputDigitalId1[0]%", "GemBoxPassword");
// Create a PDF signer that will create the first signature.
var signer1 = new PdfSigner(digitalId1);
// Adobe Acrobat Reader currently doesn't download certificate chain
// so we will also embed certificate of intermediate Certificate Authority in the signature.
// (see https://community.adobe.com/t5/acrobat/signature-validation-using-aia-extension-not-enabled-by-default/td-p/10729647)
signer1.ValidationInfo = new PdfSignatureValidationInfo(new PdfCertificate[] { new PdfCertificate("%InputDigitalId1[1]%") }, null, null);
// Initiate first signing of a PDF file with the specified signer.
signatureField1.Sign(signer1);
// Finish first signing of a PDF file.
document.Save("Multiple Digital Signature.pdf");
// Add a second signature field to the first page of the PDF document.
var signatureField2 = document.Form.Fields.AddSignature(document.Pages[0], 300, 500, 250, 50);
// Get a second digital ID from PKCS#12/PFX file.
var digitalId2 = new PdfDigitalId("%InputDigitalId2[0]%", "GemBoxPassword");
// Create a PDF signer that will create the second signature.
var signer2 = new PdfSigner(digitalId2);
// Adobe Acrobat Reader currently doesn't download certificate chain
// so we will also embed certificate of intermediate Certificate Authority in the signature.
// (see https://community.adobe.com/t5/acrobat/signature-validation-using-aia-extension-not-enabled-by-default/td-p/10729647)
signer2.ValidationInfo = new PdfSignatureValidationInfo(new PdfCertificate[] { new PdfCertificate("%InputDigitalId2[1]%") }, null, null);
// Initiate second signing of a PDF file with the specified signer.
signatureField2.Sign(signer2);
// Finish second signing of the same PDF file.
document.Save();
}
}
}
Imports GemBox.Pdf
Imports GemBox.Pdf.Forms
Imports GemBox.Pdf.Security
Module Program
Sub Main()
' If using the Professional version, put your serial key below.
ComponentInfo.SetLicense("FREE-LIMITED-KEY")
Using document = PdfDocument.Load("%InputFileName%")
' Add a first signature field to the first page of the PDF document.
Dim signatureField1 = document.Form.Fields.AddSignature(document.Pages(0), 100, 500, 200, 50)
' Get a first digital ID from PKCS#12/PFX file.
Dim digitalId1 = New PdfDigitalId("%InputDigitalId1[0]%", "GemBoxPassword")
' Create a PDF signer that will create the first signature.
Dim signer1 = New PdfSigner(digitalId1)
' Adobe Acrobat Reader currently doesn't download certificate chain
' so we will also embed certificate of intermediate Certificate Authority in the signature.
' (see https://community.adobe.com/t5/acrobat/signature-validation-using-aia-extension-not-enabled-by-default/td-p/10729647)
signer1.ValidationInfo = New PdfSignatureValidationInfo(New PdfCertificate() {New PdfCertificate("%InputDigitalId1[1]%")}, Nothing, Nothing)
' Initiate first signing of a PDF file with the specified signer.
signatureField1.Sign(signer1)
' Finish first signing of a PDF file.
document.Save("Multiple Digital Signature.pdf")
' Add a second signature field to the first page of the PDF document.
Dim signatureField2 = document.Form.Fields.AddSignature(document.Pages(0), 300, 500, 250, 50)
' Get a second digital ID from PKCS#12/PFX file.
Dim digitalId2 = New PdfDigitalId("%InputDigitalId2[0]%", "GemBoxPassword")
' Create a PDF signer that will create the second signature.
Dim signer2 = New PdfSigner(digitalId2)
' Adobe Acrobat Reader currently doesn't download certificate chain
' so we will also embed certificate of intermediate Certificate Authority in the signature.
' (see https://community.adobe.com/t5/acrobat/signature-validation-using-aia-extension-not-enabled-by-default/td-p/10729647)
signer2.ValidationInfo = New PdfSignatureValidationInfo(New PdfCertificate() {New PdfCertificate("%InputDigitalId2[1]%")}, Nothing, Nothing)
' Initiate second signing of a PDF file with the specified signer.
signatureField2.Sign(signer2)
' Finish second signing of a same PDF file.
document.Save()
End Using
End Sub
End Module
PdfDocument.Save(System.String) method overload.PdfDocument.Save() method overload.Digitally sign a PDF file with an external signature
using GemBox.Pdf;
using GemBox.Pdf.Forms;
using GemBox.Pdf.Security;
class Program
{
static void Main()
{
// If using the Professional version, put your serial key below.
ComponentInfo.SetLicense("FREE-LIMITED-KEY");
using (var document = PdfDocument.Load("%InputFileName%"))
{
// Add a visible signature field to the first page of the PDF document.
var signatureField = document.Form.Fields.AddSignature(document.Pages[0], 300, 500, 250, 50);
// Get a digital ID from XML (private key) and certificate files.
var digitalId = new RSAXmlDigitalId("%#GemBoxRSA1024PrivateKey.xml%", "%#GemBoxRSA1024.crt%");
// Create a PDF signer that will create the digital signature.
var signer = new PdfSigner(digitalId);
// Adobe Acrobat Reader currently doesn't download certificate chain
// so we will also embed certificate of intermediate Certificate Authority in the signature.
// (see https://community.adobe.com/t5/acrobat/signature-validation-using-aia-extension-not-enabled-by-default/td-p/10729647)
signer.ValidationInfo = new PdfSignatureValidationInfo(new PdfCertificate[] { new PdfCertificate("%#GemBoxRSA.crt%") }, null, null);
// Initiate signing of a PDF file with the specified signer.
signatureField.Sign(signer);
// Finish signing of a PDF file.
document.Save("External Digital Signature.pdf");
}
}
}
/// <summary>
/// Represents a digital ID that reads an RSA private key from an XML file.
/// </summary>
class RSAXmlDigitalId : PdfDigitalId
{
private readonly string privateKeyXmlString;
public RSAXmlDigitalId(string privateKeyXmlFileName, string certificateFileName) : base(new PdfCertificate(certificateFileName))
{
this.privateKeyXmlString = System.IO.File.ReadAllText(privateKeyXmlFileName);
}
protected override byte[] SignHash(byte[] hash, PdfHashAlgorithm hashAlgorithm, PdfRSASignaturePadding rsaSignaturePadding)
{
using (var rsa = System.Security.Cryptography.RSA.Create())
{
rsa.FromXmlString(this.privateKeyXmlString);
return rsa.SignHash(
hash,
new System.Security.Cryptography.HashAlgorithmName(hashAlgorithm.ToString()),
rsaSignaturePadding == PdfRSASignaturePadding.Pss ? System.Security.Cryptography.RSASignaturePadding.Pss : System.Security.Cryptography.RSASignaturePadding.Pkcs1);
}
}
}
Imports GemBox.Pdf
Imports GemBox.Pdf.Forms
Imports GemBox.Pdf.Security
Module Program
Sub Main()
' If using the Professional version, put your serial key below.
ComponentInfo.SetLicense("FREE-LIMITED-KEY")
Using document = PdfDocument.Load("%InputFileName%")
' Add a visible signature field to the first page of the PDF document.
Dim signatureField = document.Form.Fields.AddSignature(document.Pages(0), 300, 500, 250, 50)
' Get a digital ID from XML (private key) and certificate files.
Dim digitalId = New RSAXmlDigitalId("%#GemBoxRSA1024PrivateKey.xml%", "%#GemBoxRSA1024.crt%")
' Create a PDF signer that will create the digital signature.
Dim signer = New PdfSigner(digitalId)
' Adobe Acrobat Reader currently doesn't download certificate chain
' so we will also embed certificate of intermediate Certificate Authority in the signature.
' (see https://community.adobe.com/t5/acrobat/signature-validation-using-aia-extension-not-enabled-by-default/td-p/10729647)
signer.ValidationInfo = New PdfSignatureValidationInfo(New PdfCertificate() {New PdfCertificate("%#GemBoxRSA.crt%")}, Nothing, Nothing)
' Initiate signing of a PDF file with the specified signer.
signatureField.Sign(signer)
' Finish signing of a PDF file.
document.Save("External Digital Signature.pdf")
End Using
End Sub
End Module
''' <summary>
''' Represents a digital ID that reads an RSA private key from an XML file.
''' </summary>
Class RSAXmlDigitalId
Inherits PdfDigitalId
Private ReadOnly privateKeyXmlString As String
Public Sub New(ByVal privateKeyXmlFileName As String, ByVal certificateFileName As String)
MyBase.New(New PdfCertificate(certificateFileName))
Me.privateKeyXmlString = System.IO.File.ReadAllText(privateKeyXmlFileName)
End Sub
Protected Overrides Function SignHash(ByVal hash As Byte(), ByVal hashAlgorithm As PdfHashAlgorithm, ByVal rsaSignaturePadding As PdfRSASignaturePadding) As Byte()
Using rsa = System.Security.Cryptography.RSA.Create()
rsa.FromXmlString(Me.privateKeyXmlString)
Return rsa.SignHash(
hash,
New System.Security.Cryptography.HashAlgorithmName(hashAlgorithm.ToString()),
If(rsaSignaturePadding = PdfRSASignaturePadding.Pss, System.Security.Cryptography.RSASignaturePadding.Pss, System.Security.Cryptography.RSASignaturePadding.Pkcs1))
End Using
End Function
End Class
Remove existing digital signatures from a PDF file
using GemBox.Pdf;
using GemBox.Pdf.Forms;
using System.Linq;
class Program
{
static void Main()
{
// If using the Professional version, put your serial key below.
ComponentInfo.SetLicense("FREE-LIMITED-KEY");
using (var document = PdfDocument.Load("%InputFileName%"))
{
// Get a list of all signature fields in the document.
var signatureFields = document.Form.Fields.
Where(f => f.FieldType == PdfFieldType.Signature).
Cast<PdfSignatureField>().
ToList();
// Either remove the signature or the signature field.
for (int i = 0; i < signatureFields.Count; ++i)
if (i % 2 == 0)
signatureFields[i].Value = null;
else
document.Form.Fields.Remove(signatureFields[i]);
document.Save("Remove Digital Signature.pdf");
}
}
}
Imports GemBox.Pdf
Imports GemBox.Pdf.Forms
Imports System.Linq
Module Program
Sub Main()
' If using the Professional version, put your serial key below.
ComponentInfo.SetLicense("FREE-LIMITED-KEY")
Using document = PdfDocument.Load("%InputFileName%")
' Get a list of all signature fields in the document.
Dim signatureFields = document.Form.Fields.
Where(Function(f) f.FieldType = PdfFieldType.Signature).
Cast(Of PdfSignatureField)().
ToList()
' Either remove the signature or the signature field.
For i As Integer = 0 To signatureFields.Count - 1
If i Mod 2 = 0 Then
signatureFields(i).Value = Nothing
Else
document.Form.Fields.Remove(signatureFields(i))
End If
Next
document.Save("Remove Digital Signature.pdf")
End Using
End Sub
End Module
Digital ID notes
