Sign Hash PDF

NicolasC · March 1, 2019, 9:20am

Hi,

I would like to sign PDF from remote server. I don’t want to send the entire file through internet.

Here is my use case :

Windows application select file to sign
Application compute hash file
Hash is sent to remote server
Server generate signature and send it back to application
Application add generated signature to pdf

I found an example to do it with itextsharp : c# - PDF Signature - Embed separatly signed hash - Stack Overflow

I want to do this process with aspose, how can i do ?

Thanks

Regards,

Farhan.Raza · March 1, 2019, 7:49pm

@NicolasC

Thank you for contacting support.

We have logged an investigation ticket with ID PDFNET-46081 in our issue management system for detailed investigations into your requirements. We will let you know as soon as any significant update will be available in this regard.

asad.ali · July 8, 2024, 10:45pm

@NicolasC

The function is available. It can be done by “CustomSignHash” delegate property.

public void PDFNET()
{
    var inputPdf = "input.pdf";
    var inputP12 = "cert.p12";
    var inputPfxPassword = "123456";
    var outputPdf = "output.pdf";
    using (var sign = new PdfFileSignature())
    {
        sign.BindPdf(inputPdf);
        var pkcs7 = new PKCS7(inputP12, inputPfxPassword);
        pkcs7.CustomSignHash = CustomSignHash;
        sign.Sign(1, "reason", "cont", "loc", false, new System.Drawing.Rectangle(0, 0, 500, 500), pkcs7);
        sign.Save(outputPdf);//CustomSignHash will be called here
    }
}

private byte[] CustomSignHash(byte[] signableHash)//the document hash will be sent here
{//here you can send it to server, or use manual sign
    var inputP12 = "cert.p12";
    var inputPfxPassword = "123456";
    X509Certificate2 signerCert = new X509Certificate2(inputP12, inputPfxPassword, X509KeyStorageFlags.Exportable);
    RSACryptoServiceProvider rsaCSP = new RSACryptoServiceProvider();
    var xmlString = signerCert.PrivateKey.ToXmlString(true);
    rsaCSP.FromXmlString(xmlString);
    byte[] signedData = rsaCSP.SignData(signableHash, CryptoConfig.MapNameToOID("SHA1"));
    return signedData;//the method must return a new hash (signed) of the document.
}

blake.wilson · July 16, 2024, 9:17pm

@asad.ali Great this is now supported.

For this part of the code…

 using (var sign = new PdfFileSignature())
    {
        sign.BindPdf(inputPdf);
        var pkcs7 = new PKCS7(inputP12, inputPfxPassword);

The input certificate we have doesn’t have a private key as the key is non-exportable in Azure Key Vault. Do we just pass the certificate without the private key?

sergei.shibanov · July 17, 2024, 7:53am

@blake.wilson

You can try, but I’m not sure it will work.
And even from logic - why then have a private key at all, if the public one can be pulled out of the document (it is obviously sewn in) and also signed?