Cannot digitally sign PDF (USB token- certificate from the store)


#1

At the moment we are evaluating Aspose PDF to digitally sign PDF files. Our client has USB token, he doesn’t have and will not be have pfx file, so we get the certificate from the store (System.Security.Cryptography.X509Certificates.X509Store). We tried three different ways to sign PDF by Aspose PDF, but without any result.<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

When we use following code:

Aspose.Words.Document doc = new Aspose.Words.Document(inputDOcFile);

Aspose.Words.Saving.PdfSaveOptions options = new Aspose.Words.Saving.PdfSaveOptions();

options.Compliance = Aspose.Words.Saving.PdfCompliance.PdfA1b;

X509Certificate2 cert = GetCertificate();

options.DigitalSignatureDetails = new Aspose.Words.Saving.PdfDigitalSignatureDetails(cert, "reason", "location",DateTime.Now);

doc.Save(outputPDF, options);

we get following exception:

Internal error occurred”: at System.Security.Cryptography.Pkcs.SignedCms.Sign(CmsSigner signer, Boolean silent)

at System.Security.Cryptography.Pkcs.SignedCms.ComputeSignature(CmsSigner signer, Boolean silent)

at x4f4df92b75ba3b67.x93619359a213c4b3.x73bb2b40010c1ca8(Stream x3f9e1d48f6c754fe, X509Certificate2 x93bf26bc80edc72e, xc102c6e35aff75b1 x4e599cb76e2435b4)

at x4f4df92b75ba3b67.x93619359a213c4b3.xca99e0aebcf34c85(Stream xcf18e5243f8d5fd3, Int32 xa6fa92839a392f8c, X509Certificate2 x0708ffc6efe2b1f3, xc102c6e35aff75b1 x4e599cb76e2435b4)

at x4f4df92b75ba3b67.x0d8cdce10fda1cfd.xa0dfc102c691b11f()

at x4f4df92b75ba3b67.x92faf2a956f0f5a7.xa0dfc102c691b11f()

at x6a671772ec29137f.xcd769e39c0788209.DoEndDocument()

at xf989f31a236ff98c.x6c74398bceb133f8.xa2e0b7f7da663553(x8556eed81191af11 x5ac1382edb7bf2c2)

at Aspose.Words.Document.xf381a641001e6830(Stream xcf18e5243f8d5fd3, String xafe2f3653ee64ebc, SaveOptions xc27f01f21f67608c)

at Aspose.Words.Document.Save(String fileName, SaveOptions saveOptions)

We also tried do it this way:

PdfFileSignature pdfSign = new PdfFileSignature(inputPDF, outputPDF);

System.Drawing.Rectangle rect = new System.Drawing.Rectangle(100, 100, 200, 100);

X509Certificate2 certificate = GetCertificate();

byte[] pkcs10 = certificate.Export(X509ContentType.Pfx, "password");

MemoryStream memStream = new MemoryStream();

BinaryWriter binWriter = new BinaryWriter(memStream);

binWriter.Write(pkcs10);

memStream.Position = 0;

PKCS1 signature = new PKCS1(memStream, "password");

pdfSign.Sign(1, "Signature Reason", "Contact", "Location", false, rect, signature);

pdfSign.Save();

but we get such exception:

Index was out of range. Must be non-negative and less than the size of the collection. Parameter name: index”: at System.Collections.ArrayList.get_Item(Int32 index)
at .
. (Byte[] , ž )
at .
. (Byte[] , Stream , String )
at .
€. (String ,  , Œ , Stream , String )
at Aspose.Pdf.InteractiveFeatures.Forms.Signature. (String , Stream , String )
at Aspose.Pdf.InteractiveFeatures.Forms.SignatureField.Sign(Signature signature, Stream pfx, String pass)
at Aspose.Pdf.InteractiveFeatures.Forms.SignatureField.Sign(Signature signature)
at Aspose.Pdf.Facades.PdfFileSignature.Save(Stream outputStream)
at Aspose.Pdf.Facades.PdfFileSignature.Save(String outputFile)
at
Aspose.Pdf.Facades.PdfFileSignature.Save()

And finally, when we use the same code, but removed PASSWORD parameter:

byte[] pkcs10 = certificate.Export(X509ContentType.Pfx);//, "password");

res = new PKCS1(memStream);//, "password");

and we get following exception:

Certificate file was not provided”: at Aspose.Pdf.InteractiveFeatures.Forms.SignatureField.Sign(Signature signature)
at Aspose.Pdf.Facades.PdfFileSignature.Save(Stream outputStream)
at Aspose.Pdf.Facades.PdfFileSignature.Save(String outputFile)
at Aspose.Pdf.Facades.PdfFileSignature.Save()

What should we do to make this work?


#2

Hi Agnieszka,<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

Thank you for sharing the details and sample codes.

Please share your template PDF file and Certificate file with us. This will help us reproduce the issue at our end and identify the cause of the issue soon.

Sorry for the inconvenience,


#3

As I already said, the signing process involves USB token key (to be more specific: USB Shell Token V2 - Gemalto) so it is impossible to share with you any Certificate files. This token is necessary to sign a document.

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

As for template PDF file: the problem occurs with all PDF files.


#4

Hi Agnieszka,<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

<o:p> </o:p>

Thank you for the feedback,<o:p></o:p>

<o:p> </o:p>

We will further look into your issue and will get
back to you with our findings.<o:p></o:p>

<o:p> </o:p>

Sorry for the inconvenience,<o:p></o:p>