Currently i am using a lot of code and internal events/classes to create LTV signature(createlongtermvaliditysignature) + specifying digest algorithm SHA256 (or later) with embedded timestamp...such as computehash function and ipdfexternal internal class ...etc.
Can you provide a simple function which can do the three with parameterized options more easily?
We have created a sample to perform all your requirement . Please try this on your end and let us know the result.
We request you to share additional details about your requirement like the signing process you are using in your application like external signing/deferred signing., etc. so that we can assist with you further in this.
Follow the below links for more information,
dear irfana, i am already using mix of both codes that you provided in link and sample in order to add an ltv signatures with PADES format with embedded timestamp and hash algorithm sha256 and it is working fine... but my request is to provide one new single function or a new way that i can use with much less lines of code without using computehash function and ipdfexternal internal class
We can use a SHA256 digest algorithm to sign a document, include LTV information, and Time Stamp Information using a code with fewer lines, without needing any external events or classes.
To achieve this, we need to create a PdfCertificate using either a PFX file or an exportable X509Certificate2 store certificate, which allows us to sign a document. Here is an example code to achieve this:
PdfCertificate certificate = new PdfCertificate("Your PFX File","PFX password");
PdfLoadedDocument loadedDocument = new PdfLoadedDocument(File.OpenRead("Your PDF document to Sign"));
PdfSignature signature = new PdfSignature(loadedDocument, loadedDocument.Pages, certificate, "Signature");
signature.Settings.DigestAlgorithm = DigestAlgorithm.SHA256;
signature.Settings.CryptographicStandard = CryptographicStandard.CADES;
signature.EnableLtv = true; // or signature.CreateLongTermValidity("Your Root and Chain certificates");
signature.TimeStampServer = new TimeStampServer(new Uri("Your TimeStampServer uri"));
MemoryStream stream = new MemoryStream();
Please let us know if this approach meets your signing requirements. We would need to know more details about your signing process, such as whether you sign using a PFX or a smart card, and whether your private key is exportable or not. Additionally, please let us know if you sign your PDF using external sign services. This information will help us investigate further on our end.
i was using this exact code but it didn't work ... it does not produce SHA256 Hash algorithm signature.
for testing, i use self signed certificate in windows store .
Also i get same result using USB token device for digital signature that adds certificate to windows personal store when plugged into pc.
Dim store As New X509Store("MY", StoreLocation.CurrentUser)
store.Open(OpenFlags.[ReadOnly] Or OpenFlags.OpenExistingOnly)
Dim X509Certificate As X509Certificate2 = store.Certificates.Find(X509FindType.FindBySerialNumber, "0085280D52BCF3E92902289D2934327845", False)(0)
Dim certificate As New PdfCertificate(X509Certificate)
Dim loadedDocument As New PdfLoadedDocument(OpenFileDialog1.FileName, True)
Dim page As PdfLoadedPage = TryCast(loadedDocument.Pages(0), PdfLoadedPage)
Dim Signature As New PdfSignature(loadedDocument, page, certificate, "Signature")
Signature.Settings.DigestAlgorithm = DigestAlgorithm.SHA256
Signature.Settings.CryptographicStandard = CryptographicStandard.CADES
Signature.EnableLtv = True ''// Or signature.CreateLongTermValidity("Your Root and Chain certificates")
Signature.TimeStampServer = New TimeStampServer(New Uri("http://rootca.gov.eg/tmstpsrvGo"))
Dim Stream As New MemoryStream()
testing certificates attached with password.
We suspect that the X509Certificate2 may not be exportable, which is why the SHA1 algorithm was used to sign the PDF document. Please ensure that the certificate is marked as exportable when installing it on your machine.
To change the certificate to exportable, please refer to the screenshot below:
Please try running the application with the option "Run as Administrator" and and let us know the result.
If marking it as exportable will make it sha256 when using the testing self signed certificate ... it will not work with the real usb token ... also note that using custom sign with compute hash function and iexternal class it produce sha256 signature in both cases (self signed and usb token) but it is alot of code .... waiting your reply.
Currently, we are only able to sign PDF documents with the SHA1 digest algorithm if the X509Certificate is non-exportable. However, if the X509Certificate is exportable, we can use the SHA256 digest algorithm for signing.
However, we are in the process of developing an enhancement that will allow us to sign PDF documents with SHA1, SHA256, SHA384, and SHA512 digest algorithms on non-exportable store certificates. This feature is currently in the testing phase, and we have provided a test patch for its implementation.
Please test the patch provided and let us know if you are able to sign PDF documents with the SHA256 digest algorithm using your USB token.
Great 😊 will do and feed you back with results .