Digitally Signing PDF

chrismbc93b · January 10, 2019, 3:37pm

I am attempting to digitally sign a pdf that has been loaded as an Aspose.pdf.Document and been filled by our program. We are using Aspose.PDF for .NET for this process.

The entire process is loading a certificate from the Local Machine store, creating the PdfFileSignature object passing the filled document in the constructor, creating a pfx stream from the loaded X509 certificate, passing creating the PKCS7 Signature object, creating the DocMDPSignature with NoChanges then using the PdfFileSignature.Certify method to sign and the PdfFileSignature.Save method to save the resulting signed file to a MemoryStream.

When I reset that MemoryStream’s position and save it to a file, I receive an output file that is the correct form and it is signed however the data that was previously filled is not present in the form. If I use the PdfFileSignature.Certify method and save the Aspose.Pdf.Document object separately I get the data filled but no signature.

public void SignAndLockPDF(Stream outputStream)
{
X509Certificate2 iisCert = GetCertificateFromStore(_certName, StoreLocation.LocalMachine);

            using (PdfFileSignature signature = new PdfFileSignature(_document))
            {
                using (MemoryStream certStream = new MemoryStream(iisCert.Export(X509ContentType.Pfx, "tempPass")))
                {
                    var pkcs7Sig = new PKCS7(certStream, "tempPass");

                    DocMDPSignature pdfSignature = new DocMDPSignature(pkcs7Sig, DocMDPAccessPermissions.NoChanges);
                    signature.Certify(1, "Application Completed", "UA Membership", "UA", false, new System.Drawing.Rectangle(1, 1, 1, 1), pdfSignature);

                    signature.Save(outputStream);
                }
            }
    }

chrismbc93b · January 10, 2019, 4:21pm

Aspose PDF Test.zip (72.3 KB)
To assist with this I have created a test application that replicates the issue that I am having. Please note that it creates two different output files. One that is the document before signing with the data intact and one that is after signing with no data present.

chrismbc93b · January 10, 2019, 7:56pm

After some experimentation I have determined how the signature process behaves. PdfFileSignature appears to reload the underlying PDF file that was used to create the Aspose.Pdf.Document object. So the signature gets applied to a new instance of the Document class rather than the actual document that has been modified. I resolved my issue by changing the persistent reference to be a Stream and each time I create and modify a Document I save it back to the Stream. In this way I can programmatically fill the Document and then sign it without losing any of the data.

It would be ideal if Sign and Certify methods were added to the Document object so we don’t have to go through the unintuitive process of passing a Stream around rather than the concrete Document object. By being able to remain in the context of the Aspose.Pdf.Document our code is clearer as to what is actually being done.

Farhan.Raza · January 10, 2019, 8:45pm

@chrismbc93b

Thank you for your kind feedback.

We are glad to know that your issue has been resolved. Moreover, we have recorded your observations and feedback in our issue management system under ID PDFNET-45894. We will let you know as soon as some significant updates will be available in this regard.