Some test text!

Search
Hamburger Icon

Dotnetcore / Guides / Certify a document

Adding a certified signature field to a PDF in .NET Core

To add a certification signature field to a PDF document and sign it:

using (PDFDoc doc = new PDFDoc(docpath))
{
  Page page1 = doc.GetPage(1);

  // Create a text field that we can lock using the field permissions feature.
  TextWidget annot1 = TextWidget.Create(doc, new Rect(50, 550, 350, 600), "asdf_test_field");
  page1.AnnotPushBack(annot1);

  /**
   * Create a new signature form field in the PDFDoc. The name argument is
   * optional; leaving it empty causes it to be auto-generated. However, you may
   * need the name for later. Acrobat doesn't show digsigfield in side panel if
   * it's without a widget. Using a Rect with 0 width and 0 height, or setting
   * the NoPrint/Invisible flags makes it invisible.
   */
  DigitalSignatureField certification_sig_field = doc.CreateDigitalSignatureField(cert_field_name);
  SignatureWidget widgetAnnot = SignatureWidget.Create(doc, new Rect(0, 100, 200, 150), certification_sig_field);
  page1.AnnotPushBack(widgetAnnot);

  // (OPTIONAL) Add an appearance to the signature field.
  Image img = Image.Create(doc, appearance_image_path);
  widgetAnnot.CreateSignatureAppearance(img);

  // Prepare the document locking permission level. It will be applied upon document certification.
  certification_sig_field.SetDocumentPermissions(DigitalSignatureField.DocumentPermissions.e_annotating_formfilling_signing_allowed);

  // Prepare to lock the text field that we created earlier.
  string[] fields_to_lock = new string[1];
  fields_to_lock[0] = "asdf_test_field";
  certification_sig_field.SetFieldPermissions(DigitalSignatureField.FieldPermissions.e_include, fields_to_lock);

  certification_sig_field.CertifyOnNextSave(private_key_file_path, keyfile_password);

  // (OPTIONAL) Add more information to the signature dictionary.
  certification_sig_field.SetLocation("Vancouver, BC");
  certification_sig_field.SetReason("Document certification.");
  certification_sig_field.SetContactInfo("www.pdftron.com");

  // Save the PDFDoc. Once the method below is called, PDFNet will also sign the document using the information provided.
  doc.Save(outpath, 0);
}

Digitally sign PDF files
Full code sample which demonstrates using the digital signature API to digitally sign and/or certify PDF documents.

About certifying a PDF document

Unlike, approval signatures, there can be only one certification per PDF document. Only the first signature in the PDF document can be used as the certification signature. Certifying a document is like notarizing a document. The process of certifying a document is almost exactly the same as adding approval signatures with the exception of certification signatures requires an entry in the "Perms" dictionary.

About certifying a PDF/A document

If you want to certify a PDF/A document, it is best to convert to PDF/A first, then certify. This is because PDF/A changes the contents of the document, while digital signatures, including certifications, rely on the document's bytes remaining the same so that they can be digested and compared with the embedded cryptographic digital signature.

A DigitalSignatureField can be added before or after PDF/A conversion, since there aren't any requirements in PDF/A upon it.

The PDF/A-2 specification allows adbe.pkcs7.detached and adbe.pkcs7.sha1 certification-type or UR3-type cryptographic digital signatures, with or without secure timestamps, with or without embedded revocation information, which must be signed if present. A single SignerInfo must be present. Attribute certificates must not be used. The PDFNet SDK's signing support is sufficient to meet the requirements of PDF/A-2 compliance if used properly.

There shouldn't be any problem with retaining PDF/A compliance after digitally signing a document, so long as there is no annotation appearance for the digital signature field, or there is an appearance and that appearance conforms to PDF/A, i.e. e.g. sections 6.3.2 and 6.3.3 of the PDF/A-2 specification (ISO-19005-2).

An additional limitation of PDF/A for digital signing is the implementation limit that says that a conforming file shall not contain any string longer than 32767 bytes. Sometimes, signatures with a large amount of data will cause the Contents byte string in the digital signature dictionary to exceed this limit.

The PDF/A-2 specification also mentions the following:

A Widget annotation dictionary or Field dictionary shall not
contain the A or AA keys. The NeedAppearances flag of the
interactive form dictionary shall either not be present
or shall be false.

Here is what 6.3.2 and 6.3.3 say about the annotation:

6.3.2 Annotation dictionaries

Except for annotation dictionaries whose Subtype value
is Popup, all annotation dictionaries shall contain
the F key. If present, the F key’s Print flag bit shall
be set to 1 and its Hidden, Invisible, ToggleNoView, and
NoView flag bits shall be set to 0.

Text annotations should set the NoZoom and NoRotate
flag bits of the F key to 1.

NOTE The restrictions on annotation flags prevent the
use of annotations that are hidden or that are viewable
but not printable. The NoZoom and NoRotate flags are
permitted, which allows the use of annotation types that
have the same behaviour as the commonly-used text
annotation type. By definition, text annotations exhibit
the NoZoom and NoRotate behaviour even if the flags are
not set, as described in ISO 32000-1:2008, 12.5.3;
explicitly setting these flags removes any potential
ambiguity between the annotation dictionary settings and
reader behaviour.

6.3.3 Annotation Appearances

Every annotation (including those whose Subtype value
is Widget, as used for form fields), except for the two
cases listed below, shall have at least one appearance
dictionary.

-- Annotations where the value of the Rect key consists
of an array where value 1 is equal to value 3 and value
2 is equal to value 4.

-- Annotations whose Subtype value is Popup or Link.

A conforming reader shall render the appearance dictionary
without regard to any other keys and values in the
annotation dictionary and shall ignore the values of
the C, IC, Border, BS, BE, CA, H, DA, Q, DS, LE, LL,
LLE, and Sy keys.

NOTE 1 Requiring an appearance dictionary for each
annotation ensures the reliable rendering of the
annotations.

For all annotation dictionaries containing an AP key,
the appearance dictionary that it defines as its value
shall contain only the N key. If an annotation
dictionary’s Subtype key has a value of Widget and
its FT key has a value of Btn, the value of the N
key shall be an appearance subdictionary otherwise
the value of the N key shall be an appearance stream.

NOTE 2 In accordance with the requirements of 12.7.4.2.3
and 12.7.4.2.4 of ISO 32000-1:2008, a Button form field
needs to have multiple appearance states, each one
associated with the specific values that the button can take.

Get the answers you need: Chat with us