As you may already know, our PDF Document API v20.1 offers digital signature support. For background information on our implementation, please review the following blog posts:
- PDF Document API v20.1 - Multiple Signatures and Timestamps
- PDF Document API - Signature Enhancements
Our PDF Document API (v20.2) fully supports PAdES signatures at B-LT and B-LTA levels. The PAdES B-LT (PAdES T- with added Long Term Validation information) level indicates that a document signature can be validated even if the signing environment (e.g., signing Certification Authority) is no longer available. This level is recommended for Advanced Electronic Signatures.
The PAdES B-LTA (PAdES LT- with added authoritative document timestamp signature) level may help validate a signature beyond any event that may limit its validity. This level is recommended for Qualified Electronic Signatures.
Both levels require that you add verification related information (VRI) (for B-LTA level – a timestamp’s VRI) to a Document Security Store (DSS) - an optional dictionary in a document. The VRI includes Online Certificate Status Protocol responses, Certificate Revocation Lists, and a chain of trust certificates (including the root certificate).
Call the PdfDocumentSigner.AddToDss method and pass a signed signature field as the method parameter to add signature information to the DSS. To provide certificates used to build a chain, you can specify a list of certificates, use a CertificateStoreProvider class, or create your own ICertificateStoreProvider interface implementation.
The code sample below retrieves the name of the first signature field, adds signature information to the DSS, and applies a timestamp to a document:
using (var signer = new PdfDocumentSigner(@"signed.pdf"))
{
ITsaClient tsaClient = new TsaClient(new Uri(@"https://freetsa.org/tsr"), HashAlgorithmType.SHA256);
string signatureName = signer.GetSignatureFieldNames(false)[0];
//Create a provider that retrieves certificates from a store:
using (var certificateStoreProvider = new CertificateStoreProvider(new X509Store(StoreLocation.CurrentUser), true))
{
//Add signature to the security store
//And specify the CrlClient and OcspClient objects
//Used to check status of the certificates' revocation
signer.AddToDss(signatureName, new CrlClient(), new OcspClient(), certificateStoreProvider);
}
signer.SaveDocument(@"signedLTV.pdf", new PdfSignatureBuilder(new PdfTimeStamp(tsaClient)));
}Your Feedback Matters
As always, we welcome your thoughts. Please comment below and let us know what you think about these signature-related PDF API features. Should you have technical questions, feel free to contact us via the DevExpress Support Center.