We're sorry Aspose doesn't work properply without JavaScript enabled.

Free Support Forum - aspose.com

Signing PDF using the X509Certificate2 instead PFX file

We need signing PDF file with timestamp. But PdfFileSignature class support only signing with PFX file. For real using is it not possible (security reasons), because users has private key in crypto service provider or on card and they do not want/can export private key to PFX file.



For signing we need two different ways:


  1. use instance of X509Certificate2 similar as used in class PdfDigitalSignatureDetails in Aspose.Words for signing PDF during export to PDF.


  2. for signing in WEB browser use “detached” signature. Signing have three phases:
  • prepare PDF and compute hash for signing on WEB server (in Aspose)
  • signing computed hash on browser (in our Java applet)
  • input PKCS7 formated signature with certficate chain to prepared PDF on server (in Aspose)

Do you plan first or first and second our request implement to Aspose.Pdf? If yes, than when?

Hi there,


Thanks for your inquiry. Aspose.Pdf for .NET supports to sign PDF document with Timestamp server. Please check documentation link for the purpose. Moreover, as currently Aspose.Pdf solution does not support creation of signature objects (PKCS1, PKCS7, etc) with passing X509Certificate2. It applies as input parameter pfx files only. You may try to convert X509Certificate2 object into pfx object using following code snippet. Hopefully it will serve the purpose.

However, If the solution does not work for you then please let us know, we will log your requirements in our issue tracking system for further investigation and implementation.

var cert = new
X509Certificate2(Request.GetClientCertificate());<o:p></o:p>

byte[] data = cert.Export(X509ContentType.Pfx, "password");

File.WriteAllBytes("MyCerts.pfx", data);

Please feel free to contact us for any further assistance.


Best Regards,

Using X509Certificate2.Export is not possible (raise exception), when owner’s private key stored in:

a) Crypto Service Provider (CSP) without attribute “Exportable”

b) Hardware token



Serious application do not use PFX for signing (security reasons), because owner have not private key under control! PFX is primary for transport and backup use.

Hi there,


Thanks for your feedback. We have logged the issue, PDFNEWNET-37412, in our issue tracking system for further investigation and resolution. We will keep you updated about the issue resolution progress via this forum thread.

We are sorry for the inconvenience caused.

Best Regards,