Free Support Forum - groupdocs.com

How to use the DigitalSignature to digital sign files


#1

Hi Sigature team,

We want to signature files using the local certificates. We use the Domain.DigitalSignature.LoadDigitalSignatures(StoreName.My, StoreLocation.CurrentUser) Load Digital signature from all system X509 Certificates Stores.
https://apireference.groupdocs.com/net/signature/groupdocs.signature.domain/digitalsignature/methods/loaddigitalsignatures

After we load the signature, do you know how we can continue to signature files? Thanks.


#2

@Glority_Developer,

This is how you can sign a document after loading digital signature from X509 Certificates Stores.

using System.Linq;
...

List<DigitalSignature> signatures = Domain.DigitalSignature.LoadDigitalSignatures(StoreName.My, StoreLocation.CurrentUser);
using (Signature signature = new Signature("sample.pdf"))
{	
	DigitalSignOptions options = new DigitalSignOptions(certificatePath)
	{
		Signature = signatures.FirstOrDefault(),
		// optional: setup image file path
		//ImageFilePath = "image.png",		
		Left = 100,
		Top = 100,
		PageNumber = 1,
		Password = "1234567890"
	};
	signature.Sign("signed.pdf", options);
}

#3

Hi @usman.aziz

Thanks for the information.

But in the sample codes, it still needs to use the certificatePath to create the DigitalSignOptions to sign a PDF file.

We want to sign files with an X509Certificate2 object directly, which read from the Windows certificate store using .Net APIs, no need additional certificates files path.

It is similar with the case in the below link:

Do you know GroupDocs.Signature .Net contains related functions for it?

Thanks.


#4

@Glority_Developer,

At the moment, GroupDocs.Signature for .NET doesn’t provide any builtin function to fulfill your requirement. However, you can do it using the following workaround:

List<DigitalSignature> signatures = DigitalSignature.LoadDigitalSignatures(StoreName.My, StoreLocation.CurrentUser);

string password = "1234567890";
byte[] bytes = signatures[0].Certificate.Export(X509ContentType.Pfx, password);
Stream certificateStream = new MemoryStream(bytes);

using (Signature signature = new Signature("sample.pdf"))
{
	DigitalSignOptions options = new DigitalSignOptions()
	{
		CertificateStream = certificateStream,
		// optional: setup image file path
		//ImageFilePath = "image.png",		
		Left = 100,
		Top = 100,
		PageNumber = 1,
		Password = "1234567890"
	};
	signature.Sign("signed.pdf", options);
}

We have also logged it in our Issue Tracking System (ID: SIGNATURENET-2253) to check if we could provide a builtin function for this scenario. We shall keep you updated in this regards.


#5

Hi @usman.aziz

Thanks for the information. We try your workaround to be able to sign successfully, but you need to check the “Mark this key as exportable” when you install the certificate.
image.png (53.1 KB)


#6

@Glority_Developer,

We have noted your provided information and shall get back to you as soon as we have any further updates.


#7

@Glority_Developer,

The issue you have reported earlier (logged as: SIGNATURENET-2253) has been fixed in this release. You can now sign documents using the digital signatures from X509 Certificates Store without providing a certificate file. The following code sample can be used in your scenario:

List<DigitalSignature> digitalSignatures = DigitalSignature.LoadDigitalSignatures(StoreName.My, StoreLocation.CurrentUser);

using (Signature signature = new Signature("candy.pdf"))
{
	DigitalSignOptions options = new DigitalSignOptions()
	{
		Signature = digitalSignatures[0],		
		Left = 100,
		Top = 100,
		PageNumber = 1,
		Password = "1234567890"
	};
	signature.Sign("signed.pdf", options);
}

#8

Hi @usman.aziz

We used the sample code in https://github.com/groupdocs-signature/GroupDocs.Signature-for-.NET
and we used the sample certificate(Examples/Resources/SampleFiles/Certificates/ali.pfx), but it can’t sign. The error is :Digital certificate for Words has wrong format. Description: Key not valid for use in specified state.
And here’s our code.
image.png (66.5 KB)

Besides, we also used our certificate, it can’t sign either. password 12345678.zip (2.7 KB)

Please help check it. Thanks.


#9

@Glority_Developer,

We have tried signing a Word document with your provide certificate file and everything worked without any exception. Please download and try this sample application which is based on your provided source code and check if you are able to reproduce the issue with this as well.


#10

Hi @usman.aziz

It still doesn’t work for us. We are using the trial license for testing(GroupDocs.Signature.lic). However, I see you are using GroupDocs.Total.Net.lic. Is it related with license?


#11

@Glority_Developer,

It is not related to the type of license being used. Instead, your reported exception occurs when the certificate is imported with the option “Mark this key as Exportable” unchecked (image.png). A certificate must be marked as exportable because it is extracted from a store during the signing process. If it is a problem, prefer to use the stream from the certificate file or path to the certificate file.


#12

Is there any solution in the case that not check the “Mark this key as exportable” when we install the certificate?


#13

@Glority_Developer,

This is the default behavior and the certificates should be marked as exportable to be used in the signing process.