Sign Pdf when saving

Hello,
Converted code from your sample to sign Pdf files when saving:

Dim MyCertHolder As CertificateHolder = CertificateHolder.Create("D:\cert.pfx", "pass")
ASPSaveSetPDFX.DigitalSignatureDetails = New Words.Saving.PdfDigitalSignatureDetails(MyCertHolder, "Test Signing", "My Office", Date.Now)
ASPSaveSetPDFX.DigitalSignatureDetails.HashAlgorithm = Words.Saving.PdfDigitalSignatureHashAlgorithm.Sha512

I don’t get Date part, signing time is not get from timestamping server when signing or it’s done offline?

“Test Signing”, “My Office”, reason and location, can be set string empty? And will be shown and visible to the end user somewhere?

No idea why including the above code in PdfSaveOptions will render “Object reference not set to an instance of an object.” on Document.Save?

Kindly advise if the same certificate can be used to sign all PDF and Doc/Docx and XPS?

I never signed pdf, DigitalSignatureDetails.TimestampSettings, do you know if there is a free timestamp server by Adobe or VeriSign or else for use when signing pdf?

Best

  • Update, found the reason for “Object reference not set to an instance of an object.” on Document.Save with sign:
    PFX certificate was a code signing, not for document signing, also tested a S/mime certificate with no luck.
    Suggestion: When a pfx with mismatched OID is set, show a proper message to user, not null ref exception.

Sorry, except Pdf, Doc and Docx, do you support a certificate based signing of Xps files on save?

What about Epub and Azw3 document, do they support getting signed using a Pfx certificate?

Because I don’t find similar save options as Pdf for Doc/Docx/Xps to automatically Sign on Save?

@australian.dev.nerds

Signing date is takes from the date time value specified in PdfDigitalSignatureDetails constructor or in PdfDigitalSignatureDetails.SignatureDate property.

Yes, you can set these values to empty string or null, which is the default values for them. Yes, reason and location are shown in the Signatures panel:

Yes, you can use the same certificate to sign PDF, XPS, DOC and DOCX documents.

You can use https://freetsa.org/tsr, which is used in our code examples:
https://reference.aspose.com/words/net/aspose.words.saving/pdfdigitalsignaturedetails/timestampsettings/

Thank you for your suggestion.

You can sign Xps document using DigitalSignatureUtil.Sign method.

You can sign only DOC, DOCX, ODT, XPS and PDF documents using Aspose.Words.

1 Like

Thanks, last request would be that if this DigitalSignatureUtil.Sign method is our way for Doc/docx/xps signing, can you please kindly consider adding a feature request ticket for them to have a save options counterpart too?
I mean to be able to sign them on save time using save options?

Maybe not a bad idea if you merge it with PdfSaveOptions.DigitalSignatureDetails to have a unified sign/save options for all supported formats :slight_smile:

Thanks for all your patience and kind support :slight_smile:

@australian.dev.nerds
We have opened the following new ticket(s) in our internal issue tracking system and will deliver their fixes according to the terms mentioned in Free Support Policies.

Issue ID(s): WORDSNET-25896

You can obtain Paid Support Services if you need support on a priority basis, along with the direct access to our Paid Support management team.

1 Like

Thanks so much, the load/save options are real life savers when working with multi file formats…

Just using DigitalSignatureUtil.Sign to sign doc/docx/xps, does not support time stamping? :slight_smile:

@australian.dev.nerds No, unfortunately, there is no timestamping feature in DigitalSignatureUtil.Sign, but you can specify sign time using SignOptions.SignTime.

We have opened the following new ticket(s) in our internal issue tracking system and will deliver their fixes according to the terms mentioned in Free Support Policies.

Issue ID(s): WORDSNET-25897

You can obtain Paid Support Services if you need support on a priority basis, along with the direct access to our Paid Support management team.

1 Like

Thanks, if WORDSNET-25897 is for DigitalSignatureUtil.Sign time stamping, it has no priority for me, at least now.

My highest priority goes to WORDSNET-25896 if it’s for adding .DigitalSignatureDetails to Xps/Doc/Docx at their SaveOptions. To be able to set the sign details in save options.

This is my last request as the part of my project working with Words seems to be finished, until the above feature is implemented (and in case it’s rejected), kindly advise:

  1. When converting an mhtml to xps/doc/docx I will use Document.Save(MyMemoryStream)
    Then:
    DigitalSignatureUtil.Sign(MyMemoryStream, streamOut, MyCertHolder)
    Can you please consider adding an overload:

DigitalSignatureUtil.Sign(Stream, File, CertificateHolder)
/and/or/
DigitalSignatureUtil.Sign(Stream, File, CertificateHolder, SignOptions)

Because the signed document is ready to be saved in many scenarios, much better if output is written to file directly.

  1. When using DigitalSignatureUtil.Sign to sign xps,doc,docx how to select between Sha256/384/512?

  2. In help file is mentioned:
    DigitalSignatureUtil.Sign | Aspose.Words for .NET
    Document should be either Doc or Docx.
    What about Xps files? Missing from help?

  3. When using DigitalSignatureUtil.Sign to sign xps,doc,docx in the SignOptions we have:
    SignOptions.DecryptionPassword property
    This is just for Docx? And Doc or Xps will not need this?

Thanks :slight_smile:

Sorry, when using on Xps documents to sign:

While the same certificate, settings and code will work fine for doc/docx :slight_smile:

@australian.dev.nerds

You can easily achieve writing the result directly to file using code like this:

using (FileStream outFile = File.Create(@"C:\Temp\out.docx"))
    DigitalSignatureUtil.Sign(MyMemoryStream, outFile, MyCertHolder);

I have logged a feature request for this as WORDSNET-25900. We will consider providing such feature in one of future version.

Thank you for pointing this. I have logged the problem as WORDSNET-25901. We will update the documentation and let you know once done.

SignOptions.DecryptionPassword is not required for documents in binary DOC format. But theoretically, XPS and ODT documents might be encrypted the same way as DOCX, since these formats are OPC documents (ZIP archives) and document encryption is encryption if ZIP archive.

Unfortunately, I cannot reproduce the problem on my side. i have used the following code for testing:

// Sign the document.
CertificateHolder certificateHolder = CertificateHolder.Create(@"C:\Temp\morzal.pfx", "aw", null);
DigitalSignatureUtil.Sign(@"C:\Temp\in.xps", @"C:\Temp\out.xps", certificateHolder, new SignOptions() { SignTime = DateTime.Now });

// Checl signature validity.
Console.WriteLine(DigitalSignatureUtil.LoadSignatures(@"C:\Temp\out.xps").Count);
Console.WriteLine(DigitalSignatureUtil.LoadSignatures(@"C:\Temp\out.xps")[0].IsValid);

Internally, DOCX and XPS documents are signed by the same code, since both documents are OPC packages.

1 Like

Posted a sample here, bug # 3

@australian.dev.nerds I have replied in the mentioned thread.

1 Like

Hello,
My last request goes here about this case:

Issue ID(s): WORDSNET-25896

The addition of these 3 formats in-save-options signing:

OoxmlSaveOptions.DigitalSignatureDetails
DocSaveOptions.DigitalSignatureDetails
XpsSaveOptions.DigitalSignatureDetails

In case this feature is implemented, one of these formats, OoxmlSaveOptions.DigitalSignatureDetails which needs to pass the encryption password to signoptions when signing if it’s encrypted too, will be possible to handle internally in save options?

ie:

OoxmlSaveOptions.Password = “blah”
OoxmlSaveOptions.DigitalSignatureDetails = …

So we won’t need to set this out of save options:
DigitalSignatures.SignOptions.DecryptionPassword = “blah”

Thanks for all your kind help, done coding :slight_smile:

@australian.dev.nerds OoxmlSaveOptions.Password = “blah” is for saving document, while password in DigitalSignatureUtil is required to open encrypted DOCX document. So there will no sense to specify password in SignOptions if it will be passed into SaveOptions, since document is already loaded.

1 Like

Thanks, yes, but in case we need to both sign and encrypt the docx, currently we specify the encryption password in save options:
OoxmlSaveOptions.Password = “blah”
And save to stream, then using DigitalSignatureUtil.Sign will sign it which will need the above password again.

I meant just in case document signing support is added to saveoptions…
Thanks and have a great night ahead :slight_smile:

@australian.dev.nerds If document is signed using DigitalSignatureUtil the process looks like this:

  1. Decrypt document if encrypted (password is required)
  2. Sign document
  3. Save and encrypt document is required.
    On other hand if document is already loaded into the DOM the fist step is not required, since there is nothing to decrypt.

The issues you have found earlier (filed as WORDSNET-25900) have been fixed in this Aspose.Words for .NET 24.4 update also available on NuGet.

The issues you have found earlier (filed as WORDSNET-25896) have been fixed in this Aspose.Words for .NET 24.4 update also available on NuGet.

@australian.dev.nerds The issue WORDSNET-25900 has been closed as Won't Fix, because the feature is not applicable to MS Word.

1 Like