This blog will give you a brief on how to create a Digital Signature using C# and a desktop executable application.
The Digital Signature will be performed at the client system. The Digital Signature token (DSC Token) is installed in the client local system.
We are unable to read the client-side digital signature tokens from web applications due to security concerns, and all other possibilities are blocked. Therefore, we are proceeding with a local windows application (i.e. the Executable file (.exe)).
Check the below mentioned references to proceed:
- using iTextSharp.text.pdf;
- using System;
- using System.Collections.Generic;
- using System.IO;
- using System.Security.Cryptography.X509Certificates;
- using Org.BouncyCastle.Security;
- using Org.BouncyCastle.X509;
- using X509Certificate = Org.BouncyCastle.X509.X509Certificate;
- using iTextSharp.text.pdf.security;
All the above-mentioned references are used for accessing DSC, Signing DSC, Reading PDF and Creating new signed PDF.
Create a variable for X509Certificate2
- X509Certificate2 certClient = null;
Get all the DSC users registered to local store and for current user using X509Store, PFB
- X509Store st = new X509Store(StoreName.My, StoreLocation.CurrentUser);
X509Store "st" will collect all the certificates
- st.Open(OpenFlags.MaxAllowed);
- X509Certificate2Collection collection = st.Certificates;
Collection will get all the certificates.
Select the certificate.
If we have multiple certificates registered in local, and if we want to pick the valid certificates using the name, please follow the below process:
Send "Name" as the DSC token owner name. You can check if the DSC token is expired or not. After all these checks, assign the value to "certClient".
- for (int i = 0; i < collection.Count; i++)
- {
- foreach (X509Certificate2 cert in collection)
- {
- certClient = cert;
- username = certClient.Subject;
- ErrorLogs(username);
- startdate = certClient.GetEffectiveDateString();
- enddate = certClient.GetExpirationDateString();
- if (collection[i].Subject.Contains("Name"))
- {
- certClient = collection[i];
- }
- }
- }
- st.Close();
Close the X509Store.
-
- IList<X509Certificate> chain = new List<X509Certificate>();
- X509Chain x509Chain = new X509Chain();
- x509Chain.Build(certClient);
- foreach (X509ChainElement x509ChainElement in x509Chain.ChainElements)
- {
- chain.Add(DotNetUtilities.FromX509Certificate(x509ChainElement.Certificate));
- }
Select the file to be signed (input file)
- string filename = @"C:\Users\admin\Desktop\sample.pdf";
Assign the file to a PDF reader to edit the file.
- PdfReader inputPdf = new PdfReader(filename);
Create a new file to save the signed pdf.
- FileStream signedPdf = new FileStream(@"C:\Users\admin\Desktop\Sample_signed.pdf", FileMode.Create);
PdfStamper will create the stamp on the "inputPdf" and create a new "signedPdf"
- PdfStamper pdfStamper = PdfStamper.CreateSignature(inputPdf, signedPdf, '\0');
Signature is encrypted using SHA-256
- IExternalSignature externalSignature = new X509Certificate2Signature(certClient, "SHA-256");
This will create a signature text in the input pdf
- PdfSignatureAppearance signatureAppearance = pdfStamper.SignatureAppearance;
Other information can be added and displayed in the signature section with signature.
- signatureAppearance.Reason = "My Signature";
- signatureAppearance.SetVisibleSignature(new iTextSharp.text.Rectangle(0, 00, 200, 100), inputPdf.NumberOfPages, "Signature");
- signatureAppearance.SignatureRenderingMode = PdfSignatureAppearance.RenderingMode.DESCRIPTION;
- MakeSignature.SignDetached(signatureAppearance, externalSignature, chain, null, null, null, 0,CryptoStandard.CMS);
PdfReader and pdfStamper will be closed after the signature is done.
- inputPdf.Close();
- pdfStamper.Close();
Above details are verified and working.