Digital signatures in PDF files

Digital signatures have become available in XFINIUM.PDF library starting with v8.0. They are supported on the following platforms: Windows Forms (standard .NET Framework 4.0 or higher), WPF (4.0 or higher), UWP (10.0.16299), .NET Core 2.0, .NET Standard 2.0, Mac, iOS and Android.

The following features are supported:

  • Approval and certifying digital signatures based on X509 certificates
  • CMS and PAdES digital signatures with SHA256, SHA384 and SHA512 support
  • Signature timestamps
  • OCSP and CRL information included in digital signatures
  • Document security store
  • Document timestamps
  • LTV (Long Term Validation) enabled digital signatures
  • Support for hardware signature tokens/smartcards (Windows, WPF, Mac)

A digital signature is applied to a PDF file through a signature field (PdfSignatureField class). The signature field being a form field appears on one of the pages of the document but the digital signature signs the entire document, not just that page.
The signing process starts by setting the Signature property of a signature field with a PdfDigitalSignature object. The signature is created when the PDF document is saved because the signature is based on the actual binary layout of the PDF file.

The PdfDigitalSignature class is the base class for all digital signatures supported by XFINIUM.PDF library.

The following signature classes are available:

  • PdfCmsDigitalSignature – a digital signature based on CMS standard (inherits from PdfDigitalSignature)
  • PdfPadesDigitalSignature – a digital signature that implements the PAdES standard (inherits from PdfCmsDigitalSignature)
  • PdfInteractiveCmsDigitalSignature – a digital signature based on CMS standard that can use a hardware signature smartcard for creating the digital signature (inherits from PdfDigitalSignature)
  • PdfInteractivePadesDigitalSignature – a digital signature that implements the PADES standard and that can use a hardware signature smartcard for creating the digital signature (inherits from PdfInteractiveCmsDigitalSignature)
  • PdfDocumentTimeStamp – a document level timestamp (inherits from PdfDigitalSignature)

To support the long term validation of signed PDF documents, XFINIUM.PDF library supports inclusion of timestamps, OCSP and CRL information in the digital signatures. The library also supports the document security store and document timestamps (PDF 2.0 features), they allow the inclusion of OCSP and CRL information in a PDF document at a later moment, if this information cannot be obtained when the signature is created.

The following samples are available, demonstrating the digital signatures functionality: Certifying Signature, Document Time Stamp, PAdES Signature, Simple Signature, Signature with Timestamp.

The next articles will dive into more programming details.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.