We use cookies to give you the best experience on our website. If you continue to browse, then you agree to our privacy policy and cookie policy. Image for the cookie policy date

How to add signed hash to pdf as signature

I'm trying to digitally sign pdf file using digital signature on smart cards.

what I did is extracted hash value of the pdf file, then signed using the smart card. resulting signed hash.
then I need to add the signed hash into the pdf file, but I don't know how to add it since PdfSignature class do not take signed hash.
It only required PFX file which I can not extract from the smart card.

Can you help me with that? or do I need to use other tool?

13 Replies

DB Dilli Babu Nandha Gopal Syncfusion Team February 6, 2019 09:04 AM UTC

Hi Ahmad, 
Greetings from Syncfusion. 
Yes, it is possible to add signed hash to PdfSignature which illustrated in the following code example.: 
Code Example: 
//Load the existing PDF documnt.  
PdfLoadedDocument document = new PdfLoadedDocument("../../Input.pdf");  
//Get the page.  
PdfLoadedPage page = document.Pages[0] as PdfLoadedPage;  
//Create a new PDF signature instance.  
PdfSignature signature = new PdfSignature(document, page, null"Sig1");  
//Set the signature bounds.  
signature.Bounds = new RectangleF(0, 0, 200, 100);  
//Call the compute hash event.  
signature.ComputeHash += Signature_ComputeHash;  
//Save the document.  
//Close the document.  
Note: The event ComputeHash only trigger while passing PdfCertificate as null in the PdfSignature overload. 
Get hash and sign:  
private void Signature_ComputeHash(object sender, PdfSignatureEventArgs ars)  
     //Get the document bytes. 
   byte[] documentBytes = ars.Data; 
   //Generate hash. 
   byte[] hash = SHA256.Create().ComputeHash(ars.Data);  
     //Include the signed data to PDF.  
     ars.SignedData = GetSignature(hash);  
Dilli babu. 

AH Ahmad February 11, 2019 06:15 AM UTC

I have an error in the Signature_ComputeHash function
 ars.SignedData = GetSignature(hash);  

What is GetSignature ?? 

I signed the hash extracted from this function 
byte[] hash = SHA256.Create().ComputeHash(ars.Data);  

but I don't know how to add it to SignedData


after adding the signed hash to ars.SignedData
the signature on adobe shows this error

Error during signature verification.  

ASN.1 parsing error:  

Error encountered while BER decoding:

SK Surya Kumar Syncfusion Team February 11, 2019 12:06 PM UTC

Hi Ahmad, 

The exception which you have mentioned in last update will occur if the SignedData is not in PKCS7 format. So could you please ensure if the signed data is in PKCS7 format and let us know if it works . 

Surya Kumar 

AH Ahmad February 12, 2019 07:15 AM UTC

okay now i'm using this signing method below. and the error is gone and I can see the signature with the certificate inside, but I have errors inside adobe reader

Signature is INVALID.
- The document has been altered or corrupted since the Signature was applied.
- The document is signed by the current user.

I don't know why it shows that the document is altered.

void Signature_ComputeHash(object sender, PdfSignatureEventArgs ars)
                //Get the document bytes. 
                byte[] documentBytes = ars.Data;

                //Generate hash. 
                byte[] hash = SHA256.Create().ComputeHash(ars.Data);

                ars.SignedData = Sign(hash, cer);

public static byte[] Sign(byte[] data, X509Certificate2 certificate)
            if (data == null)
                throw new ArgumentNullException("data");
            if (certificate == null)
                throw new ArgumentNullException("certificate");

            // setup the data to sign 
            ContentInfo content = new ContentInfo(data);
            SignedCms signedCms = new SignedCms(content, false);
            CmsSigner signer = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, certificate);
            // create the signature
            return signedCms.Encode();

DB Dilli Babu Nandha Gopal Syncfusion Team February 13, 2019 04:44 PM UTC

Hi Ahmad, 

Greetings from Syncfusion. 

We have created a sample to achieve your requirement without signature validation issue which can be downloaded from following link. http://www.syncfusion.com/downloads/support/forum/142454/ze/Sample-766666279 

Please let us know if you have any questions. 

Dilli babu. 

AH Ahmad February 14, 2019 06:12 AM UTC

The sample is working great with the certificate you provide, but when I use my certificate I got an exception

  Message=Arithmetic operation resulted in an overflow.
   at Syncfusion.Pdf.Security.PdfSignatureDictionary.DocumentSaved(Object sender, DocumentSavedEventArgs e)
   at Syncfusion.Pdf.PdfDocumentBase.OnDocumentSaved(DocumentSavedEventArgs args)
   at Syncfusion.Pdf.Parsing.PdfLoadedDocument.AppendDocument(PdfWriter writer)
   at Syncfusion.Pdf.Parsing.PdfLoadedDocument.Save(Stream stream)
   at Syncfusion.Pdf.PdfDocumentBase.Save(String filename)
   at ConsoleApplication1.Program.Main(String[] args) in C:\Users\Desktop\Sample\ConsoleApplication1\Program.cs:line 50

my certificate info are:
Signature algorithm sha1RSA
Public Key RSA(2048 Bits)
Key Usage Digital Signature, Non-Repudiation (c0)

DB Dilli Babu Nandha Gopal Syncfusion Team February 14, 2019 11:09 AM UTC

Hi Ahmad, 

We have fixed the similar kind of issue and the issue fix was included in our 2018 Volume 4 SP1 release ( So, could you please update your assemblies to this version and let us know if it works. Essential Studio Service pack can be downloaded from following link. 

If issue continues, please provide us the certificate which causes this issue so that we can analyze and find the root cause of this issue and provide you a solution. 

Dilli babu. 

AH Ahmad February 21, 2019 08:23 AM UTC

I already have the latest version also I can't give you the certificate because its non-exportable in the Smart Card.
I will try to create a self-signed that have same issue and send it to you.

Also with the example you provide, the signing is done with the full data of the pdf not the hash value.
What I need is to sign the hash and then add the signed hash to the pdf file.

DB Dilli Babu Nandha Gopal Syncfusion Team March 8, 2019 05:29 AM UTC

Hi Ahmad, 
We are signing only with the hash value of the PDF not the full PDF document, we only passing the hash value from the event arguments. Please share us the self signed certificate in which reproduces the issue which will helpful for us to investigate further on this. 
Dilli babu. 

AH Ahmad March 10, 2019 04:50 AM UTC

from the example you provide in the Signature_ComputeHash function
you are taking the Data from PdfSignatureEventArgs which is the full pdf Data. 
Then you sign the data and re add it to SignedData in the PdfSignatureEventArgs.
There's no hash what so ever in these steps.
is there another way to do that?

also, as for the certificate you should receive from Nada Hamdeh.

DB Dilli Babu Nandha Gopal Syncfusion Team March 11, 2019 03:34 PM UTC

Hi Ahmad, 
Currently we are working on modifying the sample as per your requirement. We have received the certificate from you. Meanwhile kindly share us the password for the certificate so that we can use that certificate in the sample.  
Dilli babu. 

CC Chad Church Syncfusion Team March 12, 2019 11:10 AM UTC

Hi Dilli,

Customer has shared the password.

The password is 12345


DB Dilli Babu Nandha Gopal Syncfusion Team March 18, 2019 12:46 PM UTC

Hi Chad, 
We regret for the delay. 
At present we do only support to add signed hash to PdfSignature by taking full PDF data from PdfSignatureEventArgs and we do not support to provide hash of the PDF file to sign the PDF document externally. We have logged a feature request to for this. We will implement this feature any of upcoming releases. 
The status of this feature implementation can be tracked using following link 

Please let us know if you need any further assistance on this. 

Dilli babu 

Live Chat Icon For mobile
Up arrow icon