How to use the DigitalSignature to digital sign files

Glority_Developer · September 18, 2019, 8:21am

Hi Sigature team,

We want to signature files using the local certificates. We use the Domain.DigitalSignature.LoadDigitalSignatures(StoreName.My, StoreLocation.CurrentUser) Load Digital signature from all system X509 Certificates Stores.

After we load the signature, do you know how we can continue to signature files? Thanks.

usman.aziz · September 18, 2019, 12:08pm

@Glority_Developer,

This is how you can sign a document after loading digital signature from X509 Certificates Stores.

using System.Linq;
...

List<DigitalSignature> signatures = Domain.DigitalSignature.LoadDigitalSignatures(StoreName.My, StoreLocation.CurrentUser);
using (Signature signature = new Signature("sample.pdf"))
{	
	DigitalSignOptions options = new DigitalSignOptions(certificatePath)
	{
		Signature = signatures.FirstOrDefault(),
		// optional: setup image file path
		//ImageFilePath = "image.png",		
		Left = 100,
		Top = 100,
		PageNumber = 1,
		Password = "1234567890"
	};
	signature.Sign("signed.pdf", options);
}

Glority_Developer · September 19, 2019, 6:59am

Hi @usman.aziz

Thanks for the information.

But in the sample codes, it still needs to use the certificatePath to create the DigitalSignOptions to sign a PDF file.

We want to sign files with an X509Certificate2 object directly, which read from the Windows certificate store using .Net APIs, no need additional certificates files path.

It is similar with the case in the below link:

Do you know GroupDocs.Signature .Net contains related functions for it?

Thanks.

usman.aziz · September 19, 2019, 4:25pm

@Glority_Developer,

At the moment, GroupDocs.Signature for .NET doesn’t provide any builtin function to fulfill your requirement. However, you can do it using the following workaround:

List<DigitalSignature> signatures = DigitalSignature.LoadDigitalSignatures(StoreName.My, StoreLocation.CurrentUser);

string password = "1234567890";
byte[] bytes = signatures[0].Certificate.Export(X509ContentType.Pfx, password);
Stream certificateStream = new MemoryStream(bytes);

using (Signature signature = new Signature("sample.pdf"))
{
	DigitalSignOptions options = new DigitalSignOptions()
	{
		CertificateStream = certificateStream,
		// optional: setup image file path
		//ImageFilePath = "image.png",		
		Left = 100,
		Top = 100,
		PageNumber = 1,
		Password = "1234567890"
	};
	signature.Sign("signed.pdf", options);
}

We have also logged it in our Issue Tracking System (ID: SIGNATURENET-2253) to check if we could provide a builtin function for this scenario. We shall keep you updated in this regards.

Glority_Developer · September 20, 2019, 6:45am

Hi @usman.aziz

Thanks for the information. We try your workaround to be able to sign successfully, but you need to check the “Mark this key as exportable” when you install the certificate.
image.png (53.1 KB)

usman.aziz · September 20, 2019, 11:09am

@Glority_Developer,

We have noted your provided information and shall get back to you as soon as we have any further updates.

usman.aziz · October 2, 2019, 10:24am

@Glority_Developer,

The issue you have reported earlier (logged as: SIGNATURENET-2253) has been fixed in this release. You can now sign documents using the digital signatures from X509 Certificates Store without providing a certificate file. The following code sample can be used in your scenario:

List<DigitalSignature> digitalSignatures = DigitalSignature.LoadDigitalSignatures(StoreName.My, StoreLocation.CurrentUser);

using (Signature signature = new Signature("candy.pdf"))
{
	DigitalSignOptions options = new DigitalSignOptions()
	{
		Signature = digitalSignatures[0],		
		Left = 100,
		Top = 100,
		PageNumber = 1,
		Password = "1234567890"
	};
	signature.Sign("signed.pdf", options);
}

Glority_Developer · October 14, 2019, 3:06am

Hi @usman.aziz

We used the sample code in GitHub - groupdocs-signature/GroupDocs.Signature-for-.NET: GroupDocs.Signature for .NET examples, plugins and showcase projects
and we used the sample certificate(Examples/Resources/SampleFiles/Certificates/ali.pfx), but it can’t sign. The error is :Digital certificate for Words has wrong format. Description: Key not valid for use in specified state.
And here’s our code.
image.png (66.5 KB)

Besides, we also used our certificate, it can’t sign either. password 12345678.zip (2.7 KB)

Please help check it. Thanks.

usman.aziz · October 14, 2019, 5:20am

@Glority_Developer,

We have tried signing a Word document with your provide certificate file and everything worked without any exception. Please download and try this sample application which is based on your provided source code and check if you are able to reproduce the issue with this as well.

Glority_Developer · October 14, 2019, 6:20am

Hi @usman.aziz

It still doesn’t work for us. We are using the trial license for testing(GroupDocs.Signature.lic). However, I see you are using GroupDocs.Total.Net.lic. Is it related with license?

usman.aziz · October 14, 2019, 7:23am

@Glority_Developer,

It is not related to the type of license being used. Instead, your reported exception occurs when the certificate is imported with the option “Mark this key as Exportable” unchecked (image.png). A certificate must be marked as exportable because it is extracted from a store during the signing process. If it is a problem, prefer to use the stream from the certificate file or path to the certificate file.

Glority_Developer · October 14, 2019, 10:19am

Is there any solution in the case that not check the “Mark this key as exportable” when we install the certificate?

usman.aziz · October 14, 2019, 3:12pm

@Glority_Developer,

This is the default behavior and the certificates should be marked as exportable to be used in the signing process.

atir.tahir · September 20, 2023, 6:42am

A post was split to a new topic: Sign document error: Index was out of range