Sign PDF documents with ECDSAP384SHA256 signature from smart card
Hi, is posible to sign (Digital Signature) PDF document with Elliptic Curve Digital Signature Algorithm (ECDSA) with key lenght 384bits and SHA256 signature stored from smart card (no access to copy private key - only use it from device)?
I try with already have solution but said: Invalid algorithm.
How to perform that?
Or when it will be available?
Or when it will be available?
regards
Mikolaj
Mikolaj
SIGN IN To post a reply.
16 Replies
GK
Gowthamraj Kumar
Syncfusion Team
September 10, 2020 01:04 PM UTC
Hi Mikolaj,
Thank you for contacting Syncfusion support.
At present , we do not have support for signing a PDF document with Elliptic Curve Digital Signature Algorithm (ECDSA) with key length 384bits in our PDF library. We are analyzing about this requirement in our end and we will update the further details on September 14th 2020.
Regards,
Gowthamraj K
GK
Gowthamraj Kumar
Syncfusion Team
September 14, 2020 02:17 PM UTC
Hi Mikolaj,
Sorry for the inconvenience caused.
Still, we are analyzing about this requirement in our end and we will update the further details on September 15th 2020.
Regards,
Gowthamraj K
GK
Gowthamraj Kumar
Syncfusion Team
September 15, 2020 12:56 PM UTC
Hi Mikolaj,
At present, we do not have an support for signing digital signature with ECDS algorithm in the PDF document. We have logged a feature request for signing digital signature with ECDS algorithm in the PDF document.
Please find the feedback link to track the implementation of the feature below.
We do not have any immediate plans to implement these features and we will implement this support in any of our upcoming releases. We usually have an interval of at least three months between releases, at the planning stage for every release cycle, we review all open features. We will let you know when this feature is implemented.
Regards,
Gowthamraj K
MP
Maciej Przybylski
October 8, 2020 02:54 PM UTC
Hello,
I join the request to add this functionality. In Poland, the current legal standards favor signing electronic documents with a signature on an ID card. In addition to everyday life, the use of this signature is also present in medicine when signing electronic medical records, where it is not only promoted but required by law. In this situation, we are obliged to do so by legal acts and we have problems using your libraries to sign PDF documents and thus meeting the expectations of our clients and the legislator, which may result in penalties for us. We do not know whether we should look for another library supplier to work with PDF files, or whether a suitable solution will be prepared in the near future. Is there a chance to prepare this solution by the end of the year?
Best Regards,
Maciej Przybylski
Product Owner
GK
Gowthamraj Kumar
Syncfusion Team
October 9, 2020 01:08 PM UTC
Hi Maciej,
At present, we do not have support to "Signing digital signature with ECDS algorithm in the PDF document". We do not have any immediate plans to implement this feature. At the planning stage for every release cycle, we review all open features and identify features for implementation based on specific parameters including product vision, technological feasibility, and customer interest.
Based on our present commitments and the above parameters, this feature is expected to be implemented in our 2020 Volume 4 main release. We will let you know when this feature is implemented.
Please find the feedback link to track the implementation of the feature below.
Disclaimer: The date for the feature implementation is tentative and not a commitment on our parts.
Regards,
Gowthamraj K
MP
Maciej Przybylski
October 9, 2020 01:26 PM UTC
Hi Gowthamraj,
this is great news for me. Thank you very much for the positive consideration of the application and the quick response. The deadline is satisfactory for me and we will manage to implement it in our system.
Best regards,
Maciej Przybylski
GK
Gowthamraj Kumar
Syncfusion Team
October 12, 2020 06:28 AM UTC
Hi Maciej,
Thank you for your update. We will let you know when this feature is implemented.
Regards,
Gowthamraj K
GK
Gowthamraj Kumar
Syncfusion Team
January 8, 2021 02:10 PM UTC
Hi Maciej,
We have implemented support for “Signing digital signature with ECDS algorithm in the PDF document”. Please find the download link from below.
Please refer to the below link for UG documentation for signing PDF using PFX file
Please refer to the below link for UG documentation for smart card signing
The status of this feature implementation can be tracked using following link
Recommended approach - exe will perform automatic configuration
Please find the patch setup from below location:
Please find the patch setup from below location:
Advanced approach – use only if you have specific needs and can directly replace existing assemblies for your build environment
Please find the patch assemblies alone from below location:
NuGet package: https://syncfusion.com/Installs/support/patch/18.4.0.30/1296074/F157736/SyncfusionNuget_18.4.0.30_1296074_1082021075258571_F157736.zip
Assembly Version: 18.4.0.30
Installation Directions :
This patch should replace the files “Syncfusion.Pdf.Base.dll” under the following folder.
$system drive:\ Files\Syncfusion\Essential Studio\18.4.0.30\precompiledassemblies\18.4.0.30\4.6
Eg : $system drive:\Program Files\Syncfusion\Essential Studio\9.3.0.61\precompiledassemblies\9.3.0.61\4.0
To automatically run the Assembly Manager, please check the Run assembly manager checkbox option while installing the patch. If this option is unchecked, the patch will replace the assemblies in precompiled assemblies’ folder only. Then, you will have to manually copy and paste them to the preferred location or you will have to run the Syncfusion Assembly Manager application (available from the Syncfusion Dashboard, installed as a shortcut in the Application menu) to re-install assemblies.
Note :
To change how you receive bug fixes, ask your license management portal admin to change your project’s patch delivery mode.
https://www.syncfusion.com/account/license
Disclaimer :
Please note that we have created this patch for version 18.4.0.30 specifically to resolve the following issue(s) reported in this/the Forum 157736
If you have received other patches for the same version for other products, please apply all patches in the order received.
This fix will be included in our 2020 Volume 4 Sp1 release which will be available on end of January 2021 tentatively.
Regards,
Gowthamraj K
MK
Mikolaj Krakowski
January 12, 2021 06:43 AM UTC
Hi, i dont have access to download files from links in solution post
Regards
Mikołaj
Regards
Mikołaj
GK
Gowthamraj Kumar
Syncfusion Team
January 12, 2021 04:30 PM UTC
Hi Maciej,
We have updated the patch for this support for “Signing digital signature with ECDS algorithm in the PDF document”. Please find the download link from below.
The status of this feature implementation can be tracked using following link
Recommended approach - exe will perform automatic configuration
Please find the patch setup from below location:
Advanced approach – use only if you have specific needs and can directly replace existing assemblies for your build environment
Please find the patch assemblies alone from below location:
NuGet package: https://syncfusion.com/Installs/support/patch/18.4.0.30/1006988/F157736/SyncfusionNuget_18.4.0.30_1006988_1122021072258198_F157736.zip
Assembly Version: 18.4.0.30
Installation Directions :
This patch should replace the files “Syncfusion.Pdf.Base.dll” under the following folder.
$system drive:\ Files\Syncfusion\Essential Studio\18.4.0.30\precompiledassemblies\18.4.0.30\4.6
Eg : $system drive:\Program Files\Syncfusion\Essential Studio\9.3.0.61\precompiledassemblies\9.3.0.61\4.0
To automatically run the Assembly Manager, please check the Run assembly manager checkbox option while installing the patch. If this option is unchecked, the patch will replace the assemblies in precompiled assemblies’ folder only. Then, you will have to manually copy and paste them to the preferred location or you will have to run the Syncfusion Assembly Manager application (available from the Syncfusion Dashboard, installed as a shortcut in the Application menu) to re-install assemblies.
Note :
To change how you receive bug fixes, ask your license management portal admin to change your project’s patch delivery mode.
Disclaimer :
Please note that we have created this patch for version 18.4.0.30 specifically to resolve the following issue(s) reported in this/the forum 157736
If you have received other patches for the same version for other products, please apply all patches in the order received.
This fix will be included in our 2020 Volume 4 Sp1 release which will be available on end of January 2021 tentatively.
Regards,
Gowthamraj K
MK
Mikolaj Krakowski
January 26, 2021 09:43 AM UTC
Hi,
we are testing the solution and we encountered the following problem:
Attachment: mkrakowski_ECDSA_SignPDF_6d48cff7.zip
we are testing the solution and we encountered the following problem:
Keyset does not defined
Stacktrace:
in System.Security.Cryptography.Pkcs.PkcsUtils.CreateSignerEncodeInfo(CmsSigner signer, Boolean silent, SafeCryptProvHandle& hProv)
in System.Security.Cryptography.Pkcs.SignedCms.Sign(CmsSigner signer, Boolean silent)
in System.Security.Cryptography.Pkcs.SignedCms.ComputeSignature(CmsSigner signer, Boolean silent)
in Syncfusion.Pdf.Security.PdfSignatureDictionary.SignCertificate(Byte[] message, X509Certificate2 cert, Boolean detached)
in Syncfusion.Pdf.Security.PdfSignatureDictionary.GetStoreCertificate()
in Syncfusion.Pdf.Security.PdfSignatureDictionary.DocumentSaved(Object sender, DocumentSavedEventArgs e)
in Syncfusion.Pdf.PdfDocumentBase.OnDocumentSaved(DocumentSavedEventArgs args)
in Syncfusion.Pdf.Parsing.PdfLoadedDocument.AppendDocument(PdfWriter writer)
in Syncfusion.Pdf.Parsing.PdfLoadedDocument.Save(Stream stream)
in Syncfusion.Pdf.PdfDocumentBase.Save(String filename)
in ECDSA_SignPDF.Program.SignPFXFile() w C:\Users\mkrakowski\Desktop\ECDSA_SignPDF\ECDSA_SignPDF\Program.cs:wiersz 136
in ECDSA_SignPDF.Program.Main(String[] args) w C:\Users\mkrakowski\Desktop\ECDSA_SignPDF\ECDSA_SignPDF\Program.cs:wiersz 79
in System.Security.Cryptography.Pkcs.PkcsUtils.CreateSignerEncodeInfo(CmsSigner signer, Boolean silent, SafeCryptProvHandle& hProv)
in System.Security.Cryptography.Pkcs.SignedCms.Sign(CmsSigner signer, Boolean silent)
in System.Security.Cryptography.Pkcs.SignedCms.ComputeSignature(CmsSigner signer, Boolean silent)
in Syncfusion.Pdf.Security.PdfSignatureDictionary.SignCertificate(Byte[] message, X509Certificate2 cert, Boolean detached)
in Syncfusion.Pdf.Security.PdfSignatureDictionary.GetStoreCertificate()
in Syncfusion.Pdf.Security.PdfSignatureDictionary.DocumentSaved(Object sender, DocumentSavedEventArgs e)
in Syncfusion.Pdf.PdfDocumentBase.OnDocumentSaved(DocumentSavedEventArgs args)
in Syncfusion.Pdf.Parsing.PdfLoadedDocument.AppendDocument(PdfWriter writer)
in Syncfusion.Pdf.Parsing.PdfLoadedDocument.Save(Stream stream)
in Syncfusion.Pdf.PdfDocumentBase.Save(String filename)
in ECDSA_SignPDF.Program.SignPFXFile() w C:\Users\mkrakowski\Desktop\ECDSA_SignPDF\ECDSA_SignPDF\Program.cs:wiersz 136
in ECDSA_SignPDF.Program.Main(String[] args) w C:\Users\mkrakowski\Desktop\ECDSA_SignPDF\ECDSA_SignPDF\Program.cs:wiersz 79
I use the sample from this topic and the only thing i changed (+ some simplify getting pdf) is getting cert not from file, but from windows store (code in attachment).
I use cert from Polish eID smartcard + reader (certificate is visible in windows certificate store; we have access to private key after we want to sign something -> and we must use PIN to card). We can use that cert to sign PDF in AdobeReader.
Probably the main problem is: you want to access to PrivateKey property frm x509certificate2 object, but all smartCard devices deny that.
I use cert from Polish eID smartcard + reader (certificate is visible in windows certificate store; we have access to private key after we want to sign something -> and we must use PIN to card). We can use that cert to sign PDF in AdobeReader.
Probably the main problem is: you want to access to PrivateKey property frm x509certificate2 object, but all smartCard devices deny that.
Maybe it will help: In XML we use SignedXml and we pass AsymmetricAlgorithm (in this case ECDsa) into SigningKey Property:
X509Certificate2 certificate = GetCertFromStore();
X509Certificate2 certificate = GetCertFromStore();
ECDsa eCDsaProvider = certificate.GetECDsaPrivateKey();
signedXml.SigningKey = eCDsaProvider ;
signedXml.ComputeSignature();
when can we expect modifications?
Regards
Mikolaj
signedXml.SigningKey = eCDsaProvider ;
signedXml.ComputeSignature();
when can we expect modifications?
Regards
Mikolaj
Attachment: mkrakowski_ECDSA_SignPDF_6d48cff7.zip
GK
Gowthamraj Kumar
Syncfusion Team
January 27, 2021 02:01 PM UTC
Hi Mikolaj,
Thank you for your update.
We have tried to reproduce the reported exception with provided patch in our end, but it is working properly. On further analyze the provided sample, you are trying to sign the smart card (from windows store) using pfx approach, it requires the private key for signing, so that the exception occurs. We already provided sample for separate method for signing PDF document from External digital signature using smart card.
Note: If you are signing the pdf document by smart card, you have to use the external signing approach.
Please let us know if you need any further assistance with this.
Regards,
Gowthamraj K
GK
Gowthamraj Kumar
Syncfusion Team
March 31, 2021 11:55 AM UTC
Hi Mikolaj,
Thank you for your patience.
We have included the feature “Support for signing digital signature with ECDS algorithm in the PDF document” in our Essential Studio 2021 Volume 1 main release v19.1.0.54.
The status of this feature can be tracked through the following feedback link,
We are glad to announce that our Essential Studio 2021 Volume 1 Main release v19.1.0.54 is rolled out and is available for download under the following link.
We thank you for your support and appreciate your patience in waiting for this release. Please get in touch with us if you would require any further assistance.
Regards,
Gowthamraj K
MY
Melanie Young
July 4, 2021 09:11 PM UTC
Hello, is there any new info about this?
MK
Mikolaj Krakowski
July 5, 2021 05:30 AM UTC
Hi, versions 19+ doesn't work for us (in other bussines cases)
we wait for resolve incident: 333666 to be able to test that case
regards
Mikolaj
AA
Anitha Azhagesan
Syncfusion Team
July 5, 2021 09:15 AM UTC
Hi Mikolaj,
Our support team was responded to the ticket. Please follow up the ticket for further technical support.
Regards,
Anitha
SIGN IN To post a reply.
- 16 Replies
- 5 Participants
-
MK Mikolaj Krakowski
- Sep 9, 2020 08:05 AM UTC
- Jul 5, 2021 09:15 AM UTC
