Sign PDF document with cert from store in C# using Aspose.PDF for .NET

I am trying to sign a pdf document with a cert from a win store. I saw it here how to do it

I have something like:

X509Certificate2 certFromStore = …
ExternalSignature externalSignature = new ExternalSignature(certFromStore);


pdfSign.Sign(pdfDocument.Pages.Count, false, new System.Drawing.Rectangle(1, 1, 1, 1), pkcs);

I get “No private key”. I saw that u had some problems due to this. What I’m doing wrong? Is it even a right approach to sign document with a cert fom a win store?

@Lebesgue,

Thanks for contacting support.

Can you please share source file so that we may further investigate to help you out.

@Adnan.Ahmad

U mean the Pdf document that I’m signing?

@Lebesgue,

Yes, please share that file with us.

@Adnan.Ahmad

Basically, every single document, even this one in:
asample.pdf (3.0 KB)

So, I dont know am I doing something wrong…

@Lebesgue

Thanks for sharing sample PDF document.

A PFX file , also known as PKCS #12 , is a single, password protected certificate archive which is needed while signing PDF document digitally. You can further check details on how to get it over shared link.

Furthermore, if you are signing a PDF document with Smart Card, you should use the code snippet(s) given in the article which like you have shared in your first post. In case of any issue, we request you to please explain a bit more about the issue you are facing and in case you are using any .pfx file to sign PDF, please share it so that scenario can be tested accordingly.

@asad.ali

I get user cert from request, in a form of a string (like: “96CB3E…”). Then

var userCertificate = new X509Certificate2(digitalSignature.StringToByteArray(request.SignerCertificate));

I go to the win store to check if there is a cert associated with the above one:
store.Certificates.Find(X509FindType.FindBySubjectKeyIdentifier, findValue, true);

So, I have this line, from the first post:

X509Certificate2 certFromStore = Helpers.GetCertificate(userCertificate);

I tried this:
byte[] pkcs = userCertificate.Export(X509ContentType.Pfx, “tst”);

And read it from MemoryStream: PKCS1 res = new PKCS1(memStream, “tst”);

And it doesn’t work either.

@Lebesgue

Would you kindly share complete code snippet which we can run and try to replicate the same issue that you are facing.

cert.zip (2.0 KB)
@asad.ali

@Lebesgue

We were able to replicate the scenario as you have mentioned. Aspose.PDF provides a way to sign PDF document from winstore. However, the case where certificate comes in form of string needs to be investigated further. We have logged an investigation ticket as PDFNET-47526 in our issue tracking system for the purpose and will surely inform you as soon as some progress is made towards its resolution. Please spare us little time.

We are sorry for the inconvenience.

@asad.ali

Are you also working on: “Index was out of range. Must be non-negative and less than the size of the collection” bug?

Hi, I am having basically the exact same issue. I think my code is very similar to what the issue reporter has. Has then been any update on this?

Thanks

@Lebesgue

We will definitely address every issue which has been faced while running the scenario. However, would you please share how you receive this exception OR which code snippet causes this error?

@tcash

As the issue has recently been logged in our issue tracking system, it is pending for analysis. However, we will let you know within this forum thread as soon as it is resolved.

@asad.ali

When you try to do this:

byte[] pkcs = userCertificate.Export(X509ContentType.Pfx, “tst”);

MemoryStream memStream = new MemoryStream(pkcs);
PKCS1 result = new PKCS1(memStream, “tst”);

using MemoryStream ms = new MemoryStream();
pdfSign.Sign(1, “Signature Reason”, “Contact”, “Location”, false, new System.Drawing.Rectangle(1, 1, 1, 1), res);

And when you try to save it, this causes error (I also tried to save it in byte[], and I get the same error - and I need to save it into byte[])

pdfSign.Save(dataDir + “\test.pdf”);

When I remove password part from the code above, then I get:

“Certificate file was not provided.”

@Lebesgue

We have recorded these concerns as well along with the earlier logged ticket and will let you know in case of additional updates.

@asad.ali

Any news? This is very important to us, we have to know are we’re switching to itext7

@Lebesgue

Currently, the investigation against your ticket is underway and we will surely try to complete it as soon as possible. We have also recorded your concerns and will surely consider them during investigation of the ticket. We highly appreciate your patience and comprehension in this regard. Please spare us some time.

We are sorry for the inconvenience.

@ asad.ali - Hi, I actually resolved this. I didn’t realize it but the cert I was using did not have the private key in it as well. Once I changed certs I got it to work just fine.

1 Like

@tcash

It is good to know that you are able to resolve your issue. Please keep using our API and in case you need any further assistance, please feel free to let us know.

@asad.ali

Any news?