Signing PDF file with AATL compatible certificate

Question

Hello,We are licensed customer of Syncfusion API. (User Id: tp@galaxkey.com)We use the PDF library to digitally sign the pdf document on our platform. We are able to do it successfully  when we have certificate in a “.pfx” file format and password (with limitation of user needing to trust certificate).But in order to make it AATL compatible, we need to sign it using certificate shipped in USB token. We looked at various code samples available on website and came across this one that allows to signing using USB / HSMhttps://help.syncfusion.com/file-formats/pdf/working-with-digitalsignature#externally-sing-a-pdf-documentThe code snippet still refers to a “.pfx”  and password. We will not have .pfx in this case, so would the code snippet still work? We are in process of ordering AATL compatible certificate on USB, hence want to make sure that we have necessary code snippet to try it out. If you have a working sample of signing using AATL compatible certificate on USB, can you please share it?We will also be hosting same solution on cloud and will have to rely on using CloudHSM for storing AATL compatible certificate. Do you have any sample code to use Syncfusion with CloudHSM for signing?

Gowthamraj Kumar · Answer

Hi Galaxkey, 
 
Thank you for contacting Syncfusion support.Our PDF library has support to digitally sign the PDF documents from windows certificate store, This means you will be able to apply the signature by accepting the certificate provided by the certificate store. Please refer the below link for loading the certificate from certificate store and sign the PDF document.   
Sign PDF: https://www.syncfusion.com/kb/9845/how-to-sign-pdf-document-from-locally-installed-certificate-in-c-and-vb-net 
 
A secure way to store a digital ID is using a Windows certificate store. If a root certificate is added in a Windows certificate store, you don’t need to add and trust each of the certificates that are already present in a Windows certificate store manually. 
 
You can retrieve the digital ID “X509Certificate2” from the Windows certificate store and use it to add a digital signature to a PDF document. 
 
KB: https://www.syncfusion.com/kb/11500/digitally-sign-a-pdf-document-using-the-usb-token 
Blogs: https://www.syncfusion.com/blogs/post/create-validate-pdf-digital-signatures-csharp.aspx#digitally-sign-a-PDF-document-using-Windows-certificate-store 
 
Please let us know if you need any further assistance with this. 
 
Regards, 
Gowthamraj K