Sign PDF using Aspose PDF and external private key on Azure Key Vault

Question

I am trying to digitally sign a PDF using Aspose Pdf by using an external device to actually do the signing, in this case Azure Key Vault. iText has a very good mechanism for this. They provide IExternalSignature interface that you can implement which provides the Sign functionality, however I can't find anything similar with Aspose Pdf.

I am working with the examples from this blog post: https://rahulpnath.com/blog/signing-a-pdf-file-using-azure-key-vault/

Does anyone know how the third example (Non Exportable Certificate) can be implemented with Aspose Pdf?

Answer 1

You can use ExternalSignature object that provides X509Certificate2 for signing document. Please use following code snippet. In these examples the Windows certificate store is used to get the certificate for signing:

// The System.Security.dll assembly should be added into References

// Signing 1. Using SignatureField
public void Sign_With_SmartCard_1()
{
    const string dataDir = @"c:\";

    File.Copy(dataDir + "blank.pdf", dataDir + "externalSignature1.pdf", true);
    using (FileStream fs = new FileStream(dataDir + "externalSignature1.pdf", FileMode.Open, FileAccess.ReadWrite))
    {
        using (Document doc = new Document(fs))
        {
            SignatureField field1 = new SignatureField(doc.Pages[1], new Rectangle(100, 400, 10, 10));

            // Sign with certificate selection in the windows certificate store
            X509Store store = new X509Store(StoreLocation.CurrentUser);
            store.Open(OpenFlags.ReadOnly);
            // Manually chose the certificate in the store
            X509Certificate2Collection sel = X509Certificate2UI.SelectFromCollection(store.Certificates, null, null, X509SelectionFlag.SingleSelection);

            Aspose.Pdf.Forms.ExternalSignature externalSignature = new Forms.ExternalSignature(sel[0])
            {
                Authority = "Me",
                Reason = "Reason",
                ContactInfo = "Contact"
            };

            field1.PartialName = "sig1";
            doc.Form.Add(field1, 1);
            field1.Sign(externalSignature);
            doc.Save();
        }
    }

    using (PdfFileSignature pdfSign = new PdfFileSignature(dataDir + "externalSignature1.pdf"))
    {
        IList<string> sigNames = pdfSign.GetSignNames();
        for (int index = 0; index <= sigNames.Count - 1; index++)
        {
            if (!pdfSign.VerifySigned(sigNames[index]) || !pdfSign.VerifySignature(sigNames[index]))
            {
                throw new ApplicationException("Not verified");
            }
        }
    }
}

// Signing 2. Using PdfFileSignature
public void Sign_With_SmartCard_2()
{
    const string dataDir = @"c:\";

    Document doc = new Document(dataDir + "blank.pdf");

    using (PdfFileSignature pdfSign = new PdfFileSignature())
    {
        pdfSign.BindPdf(doc);

        //Sign with certificate selection in the windows certificate store
        X509Store store = new X509Store(StoreLocation.CurrentUser);
        store.Open(OpenFlags.ReadOnly);
        //manually chose the certificate in the store
        X509Certificate2Collection sel = X509Certificate2UI.SelectFromCollection(store.Certificates, null, null, X509SelectionFlag.SingleSelection);

        Aspose.Pdf.Forms.ExternalSignature externalSignature = new Forms.ExternalSignature(sel[0]);
        pdfSign.SignatureAppearance = dataDir + "demo.png";
        pdfSign.Sign(1, "Reason", "Contact", "Location", true, new System.Drawing.Rectangle(100, 100, 200, 200), externalSignature);
        pdfSign.Save(dataDir + "externalSignature2.pdf");
    }

    using (PdfFileSignature pdfSign = new PdfFileSignature(dataDir + "externalSignature2.pdf"))
    {
        IList<string> sigNames = pdfSign.GetSignNames();
        for (int index = 0; index <= sigNames.Count - 1; index++)
        {
            if (!pdfSign.VerifySigned(sigNames[index]) || !pdfSign.VerifySignature(sigNames[index]))
            {
                throw new ApplicationException("Not verified");
            }
        }
    }
}

We hope this will be helpful. Please feel free to contact us if you need any further assistance.