We use cookies to give you the best experience on our website. If you continue to browse, then you agree to our privacy policy and cookie policy. Image for the cookie policy date

Function to create LTV SHA256+ With embedded Timetamp

Currently i am using a lot of code and internal events/classes to create LTV signature(createlongtermvaliditysignature) + specifying digest algorithm SHA256 (or later) with embedded timestamp...such as computehash function and ipdfexternal internal class ...etc.

Can you provide a simple function which can do the three with parameterized options more easily?

9 Replies

IJ Irfana Jaffer Sadhik Syncfusion Team March 27, 2023 02:08 PM UTC

We have created a sample to perform all your requirement . Please try this on your end and let us know the result.


We request you to share additional details about your requirement like the signing process you are using in your application like external signing/deferred signing., etc. so that we can assist with you further in this.

Follow the below links for more information,


JA Jacobs March 27, 2023 03:04 PM UTC

dear irfana, i am already using mix of both codes that you provided in link and sample in order to add an ltv signatures with PADES format with embedded timestamp and hash algorithm sha256 and it is working fine... but my request is to provide one new single function or a new way that i can use with much less lines of code without using computehash function and ipdfexternal internal class

IJ Irfana Jaffer Sadhik Syncfusion Team March 30, 2023 10:42 AM UTC

We can use a SHA256 digest algorithm to sign a document, include LTV information, and Time Stamp Information using a code with fewer lines, without needing any external events or classes.

To achieve this, we need to create a PdfCertificate using either a PFX file or an exportable X509Certificate2 store certificate, which allows us to sign a document. Here is an example code to achieve this:

PdfCertificate certificate = new PdfCertificate("Your PFX File","PFX password");

PdfLoadedDocument loadedDocument = new PdfLoadedDocument(File.OpenRead("Your PDF document to Sign"));

PdfSignature signature = new PdfSignature(loadedDocument, loadedDocument.Pages[0], certificate, "Signature");

signature.Settings.DigestAlgorithm = DigestAlgorithm.SHA256;

signature.Settings.CryptographicStandard = CryptographicStandard.CADES;

signature.EnableLtv = true; // or signature.CreateLongTermValidity("Your Root and Chain certificates");

signature.TimeStampServer = new TimeStampServer(new Uri("Your TimeStampServer uri"));

MemoryStream stream = new MemoryStream();



File.WriteAllBytes("SHA256_LTV_TimeStamp.pdf", stream.ToArray());

Please let us know if this approach meets your signing requirements. We would need to know more details about your signing process, such as whether you sign using a PFX or a smart card, and whether your private key is exportable or not. Additionally, please let us know if you sign your PDF using external sign services. This information will help us investigate further on our end.

JA Jacobs replied to Irfana Jaffer Sadhik March 30, 2023 01:01 PM UTC

i was using this exact code but it didn't work ... it does not produce SHA256 Hash algorithm signature.

for testing, i use self signed certificate in windows store .

Also i get same result using USB token device for digital signature that adds certificate to windows personal store when plugged into pc.

        Dim store As New X509Store("MY", StoreLocation.CurrentUser)
        store.Open(OpenFlags.[ReadOnly] Or OpenFlags.OpenExistingOnly)
        Dim X509Certificate As X509Certificate2 = store.Certificates.Find(X509FindType.FindBySerialNumber, "0085280D52BCF3E92902289D2934327845", False)(0)
        Dim certificate As New PdfCertificate(X509Certificate)
        Dim loadedDocument As New PdfLoadedDocument(OpenFileDialog1.FileName, True)
        Dim page As PdfLoadedPage = TryCast(loadedDocument.Pages(0), PdfLoadedPage)
        Dim Signature As New PdfSignature(loadedDocument, page, certificate, "Signature")
        Signature.Settings.DigestAlgorithm = DigestAlgorithm.SHA256
        Signature.Settings.CryptographicStandard = CryptographicStandard.CADES
        Signature.EnableLtv = True ''// Or signature.CreateLongTermValidity("Your Root and Chain certificates")
        Signature.TimeStampServer = New TimeStampServer(New Uri("http://rootca.gov.eg/tmstpsrvGo"))
        Dim Stream As New MemoryStream()
        File.WriteAllBytes("SHA256_LTV_TimeStamp.pdf", Stream.ToArray())

JA Jacobs March 30, 2023 01:01 PM UTC

testing certificates attached with password.

Attachment: testing.certificates_54c02b1d.zip

IJ Irfana Jaffer Sadhik Syncfusion Team March 31, 2023 09:20 AM UTC

We suspect that the X509Certificate2 may not be exportable, which is why the SHA1 algorithm was used to sign the PDF document. Please ensure that the certificate is marked as exportable when installing it on your machine.

To change the certificate to exportable, please refer to the screenshot below:

Graphical user interface, text, application, email

Description automatically generated

Please try running the application with the option "Run as Administrator" and and let us know the result.

JA Jacobs replied to Irfana Jaffer Sadhik March 31, 2023 09:27 AM UTC

If marking it as exportable will make it  sha256 when using the testing self signed certificate ... it will not work with the real usb token ... also note that using custom sign with compute hash function  and iexternal class it produce sha256 signature in both cases (self signed and usb token) but it is alot of code .... waiting your reply.

IJ Irfana Jaffer Sadhik Syncfusion Team April 5, 2023 08:59 AM UTC

Currently, we are only able to sign PDF documents with the SHA1 digest algorithm if the X509Certificate is non-exportable. However, if the X509Certificate is exportable, we can use the SHA256 digest algorithm for signing.

However, we are in the process of developing an enhancement that will allow us to sign PDF documents with SHA1, SHA256, SHA384, and SHA512 digest algorithms on non-exportable store certificates. This feature is currently in the testing phase, and we have provided a test patch for its implementation.

Please test the patch provided and let us know if you are able to sign PDF documents with the SHA256 digest algorithm using your USB token.


JA Jacobs April 5, 2023 09:52 AM UTC

Great 😊 will do and feed you back with results .

Live Chat Icon For mobile
Up arrow icon