Digital signatures in PDF files

Digital signatures have become available in XFINIUM.PDF library starting with v8.0. They are supported on the following platforms: Windows Forms (standard .NET Framework 4.0 or higher), WPF (4.0 or higher), UWP (10.0.16299), .NET Core 2.0, .NET Standard 2.0, Mac, iOS and Android.

The following features are supported:

  • Approval and certifying digital signatures based on X509 certificates
  • CMS and PAdES digital signatures with SHA256, SHA384 and SHA512 support
  • Signature timestamps
  • OCSP and CRL information included in digital signatures
  • Document security store
  • Document timestamps
  • LTV (Long Term Validation) enabled digital signatures
  • Support for hardware signature tokens/smartcards (Windows, WPF, Mac)

A digital signature is applied to a PDF file through a signature field (PdfSignatureField class). The signature field being a form field appears on one of the pages of the document but the digital signature signs the entire document, not just that page.
The signing process starts by setting the Signature property of a signature field with a PdfDigitalSignature object. The signature is created when the PDF document is saved because the signature is based on the actual binary layout of the PDF file.

The PdfDigitalSignature class is the base class for all digital signatures supported by XFINIUM.PDF library.

The following signature classes are available:

  • PdfCmsDigitalSignature – a digital signature based on CMS standard (inherits from PdfDigitalSignature)
  • PdfPadesDigitalSignature – a digital signature that implements the PAdES standard (inherits from PdfCmsDigitalSignature)
  • PdfInteractiveCmsDigitalSignature – a digital signature based on CMS standard that can use a hardware signature smartcard for creating the digital signature (inherits from PdfDigitalSignature)
  • PdfInteractivePadesDigitalSignature – a digital signature that implements the PADES standard and that can use a hardware signature smartcard for creating the digital signature (inherits from PdfInteractiveCmsDigitalSignature)
  • PdfDocumentTimeStamp – a document level timestamp (inherits from PdfDigitalSignature)

To support the long term validation of signed PDF documents, XFINIUM.PDF library supports inclusion of timestamps, OCSP and CRL information in the digital signatures. The library also supports the document security store and document timestamps (PDF 2.0 features), they allow the inclusion of OCSP and CRL information in a PDF document at a later moment, if this information cannot be obtained when the signature is created.

The following samples are available, demonstrating the digital signatures functionality: Certifying Signature, Document Time Stamp, PAdES Signature, Simple Signature, Signature with Timestamp.

The next articles will dive into more programming details.

2 thoughts on “Digital signatures in PDF files”

  1. I am currently evaluating the library. When signing PDF file there is no signature available even though on file launch it shows Verifying Signatures. Is there anyway to make the embedded signature visible or have a signing image clicking on which signature details can be retrieved? Also can we timestamp the PDF file? And is there support available to sign documents multiple times without loosing existing properties set in PDF document?

    1. A signature is visible if the signature field is located in the visible page area. The SimpleSignature sample shows a visible signature. You can create a custom appearance for your signature if you use the PdfAnnotationAppearance class. Draw any content you want on it and then attach it to signature widget’s NormalAppearance property. The SignatureWithTimeStamp and DocumentTimeStamp samples show how to include timestamps in a document. You can add multiple signatures to a document using incremental updates. The only condition is that all signature fields exist in the document from the start, you cannot sign a file and later add a new signature field and sign again. If you need 2 signatures in a document you must have 2 signature fields when the first signature is applied on one field. Then using incremental updates you can sign the other field.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.