Hi, we have a case & want to know if ASPOSE.PDF is capable to digitally signing a PDF document with a signed HASH of the document. Note the private key is not available for the certificate used to sign the document
At the moment, you can sign document and calculate its hash. But cannot store this value within document because it changes the hash. You may store hash value in separate file. An investigation ticket has already logged in our issue tracking system as PDFNET-48741. Would you please provide some more details about your requirement so that we may further proceed with investigation and share our feedback with you.
Please find below the requested:
1- We compute the Hash of document
2- Sending the computed hash to signing provider
3- Signing provider return the Signature Data ( Signed Hash )
4- We set signature data (Signed hash) to the Signature
We have tried another library “Syncfusion” to sign our documents and it is working fine, so we wanted to know if aspose has this capability or we need to procure another component. below is the sample code from the other library for your reference.
ComputeHash = Convert.FromBase64String(SignatureData);
Syncfusion.Pdf.Security.PdfSignature signature = new Syncfusion.Pdf.Security.PdfSignature(document, document.Pages[0], null, “DigitalSignature”);
signature.ComputeHash += Signature_ComputeHash;
private static void Signature_ComputeHash(object sender, PdfSignatureEventArgs arguments)
{
arguments.SignedData = ComputeHash;
}
Awaiting your feedback.
Thanks for sharing the requested information.
We have updated the earlier logged ticket accordingly and will investigate it as per provided information. We will let you know as soon as we have some definite updates regarding ticket resolution. Please be patient and spare us some time.
Hi,
Do you have any date for the release?
Thank you
Regretfully, the earlier logged ticket could not get resolved due to other parallel issues in the queue. We will surely share ETA or timeline with you as soon as the investigation is complete. We highly appreciate your patience and comprehension in this regard.
We apologize for the inconvenience.
Hi,
just wanted to say that we are also interested in this functionality.
can we have an ETA?
Thanks
The earlier logged ticket could not get resolved due to other pending issues and tasks in the queue. We are afraid that we are not in a position to share some reliable ETA at the moment. Nevertheless, your concerns have been recorded and we will surely inform you once we make some progress towards its resolution.
We apologize for the inconvenience.
Hi asad.ali,
Thank for your quick answer.
We really need this functionality as soon as possible.
There is a new european directive that will make mandatory to use a new logic of certification for PDF signatures.
And the injection of the Hash will be the quickest way to achieve valid signed PDF.
The cliente is telling us to change to iText, because he needs this functionality by the end of the year.
We do value your concerns and understand the severity of the issue for you. However, the issues are resolved on first come first serve basis in free support. Furthermore, the earlier logged ticket is quite complex and require certain amount of time to get fully implemented. We have already recorded your concerns and will consider them during feature implementation. We apologize for your inconvenience.
PS: You can please also check our paid support option in case you want to prioritize the ticket to urgent level.
Any change on this topic? We’re also in need of this feature and iText seems to be the only option.
We are sorry that the earlier logged feature has not been yet implemented. Nevertheless, your concerns have been recorded and we will surely inform you once it is available. We apologize for the inconvenience caused.
Any idea on a timeline for this feature?
Since the investigation of this feature is not yet completed, we are afraid that we are not in a position to share some reliable ETA. However, once we have some news in this regard, we will surely with you in this forum thread. We apologize for the inconvenience caused.
Please try using below code snippet:
{
var inputPdf = "doc.pdf";
var inputP12 = "cer.p12";
var inputPfxPassword = "123456";
var outputPdf = "doc_out.pdf";
using (var sign = new PdfFileSignature())
{
sign.BindPdf(inputPdf);
var pkcs7 = new PKCS7(inputP12, inputPfxPassword);
pkcs7.CustomSignHash = CustomSignHash;
sign.Sign(1, "reason", "cont", "loc", false, new System.Drawing.Rectangle(0, 0, 500, 500), pkcs7);
sign.Save(outputPdf);
}
using (var sign = new PdfFileSignature())
{
sign.BindPdf(outputPdf);
Assert.IsTrue(sign.VerifySignature("Signature1"));
}
}
private byte[] CustomSignHash(byte[] signableHash)
{
var inputP12 = "cer.p12";
var inputPfxPassword = "123456";
X509Certificate2 signerCert = new X509Certificate2(inputP12, inputPfxPassword, X509KeyStorageFlags.Exportable);
RSACryptoServiceProvider rsaCSP = new RSACryptoServiceProvider();
var xmlString = signerCert.PrivateKey.ToXmlString(true);
rsaCSP.FromXmlString(xmlString);
byte[] signedData = rsaCSP.SignData(signableHash, CryptoConfig.MapNameToOID("SHA1"));
return signedData;
}