Digitally sign PDF files
The open source iTextSharp library will allow you to do this. Here's a post explaining how to digitally sign a pdf file. If you don't want to use a third party library then you can implement it yourself but it could be a tough task -> you can start by reading the pdf specification (8.6MB)
How to digitally sign a PDF document with visible signature and text using Java
You can do this easily with iText. This is a working solution using iText 7. You can check more from their examples.
public static void digitalSignature(String sourceFile, String signatureFieldName, String outputFile, Certificate[] certificateChain, PrivateKey privateKey, String digestAlgorithm,
String bouncyCastleProvider, PdfSigner.CryptoStandard cryptoStandardSubFilter, String reason, String location)
throws GeneralSecurityException, IOException {
PdfReader pdfReader = new PdfReader(sourceFile);
PdfSigner pdfSigner = new PdfSigner(pdfReader, new FileOutputStream(outputFile), new StampingProperties());
// Create the signature appearance
PdfSignatureAppearance pdfSignatureAppearance = pdfSigner.getSignatureAppearance()
.setReason(reason)
.setLocation(location);
// This name corresponds to the name of the field that already exists in the document.
pdfSigner.setFieldName(signatureFieldName);
pdfSignatureAppearance.setRenderingMode(PdfSignatureAppearance.RenderingMode.NAME_AND_DESCRIPTION);
IExternalSignature iExternalSignature = new PrivateKeySignature(privateKey, digestAlgorithm, bouncyCastleProvider);
IExternalDigest iExternalDigest = new BouncyCastleDigest();
// Sign the document using the detached mode, CMS, or CAdES equivalent.
pdfSigner.signDetached(iExternalDigest, iExternalSignature, certificateChain, null, null, null, 0, cryptoStandardSubFilter);
}
public static void main(String[] args) throws IOException, GeneralSecurityException {
BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
Security.addProvider(bouncyCastleProvider);
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(new FileInputStream("path/to/keystore/file"), "password".toCharArray());
String alias = keyStore.aliases().nextElement();
PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, "password".toCharArray());
Certificate[] certificateChain = keyStore.getCertificateChain(alias);
digitalSignature("path/to/input.pdf", "Signature Field Name", "path/to/output.pdf", certificateChain, privateKey,
DigestAlgorithms.SHA256, bouncyCastleProvider.getName(), PdfSigner.CryptoStandard.CMS,
"Reason", "Location");
}
Digitally signed a pdf file with multiple different visible digital signatures
As per mkl says,
I have replace
signature.FieldName = "Signature";
to
signature.FieldName = (pk.GetNameInfo(X509NameType.SimpleName, false)).Replace(' ', '_');
AND
signatureAppearance.SetVisibleSignature("Signature1");
to
signatureAppearance.SetVisibleSignature((pk.GetNameInfo(X509NameType.SimpleName, false)).Replace(' ', '_'));
Thank you mkl.
Sign PDF documents digitally with Python
The documentation says:
In Windows copy the file
mypdfsigner.pydfrom"C:\Program Files\MyPDFSigner"toC:\Python27\Lib\site-packages.
It also says you need to add the installation to your path:
To run the example in Windows add "C:\Program Files\MyPDFSigner" to the environment PATH variable
Additionally, you must configure it first:
Before using any of the extensions it is necessary to start with the graphical application to create a configuration file for the key store and alias one wants to use. The application creates a .mypdfsigner file in your home directory.
Digitally sign pdfs
You want the user to upload their certificate's private key to the webserver so that it may sign PDFs? If so, that's fundamentally broken from a security perspective.
I think you may have missed the point that public certificate != private key. (Most of us are sloppy and use the word "certificate" to refer to either (or both) of those things, so that's not entirely suprising). Going from memory, the CryptoAPI only has a select set of methods that will allow you to access the key. There must be an "export as PFX" method amongst those, so you could make your design work if you really, really wanted to, but there's no way I'd recommend this. (Risk of sending private keys to webserver, broken non-repudiation, etc etc).
If you really must do the signing on the server [I don't really understand your argument, signature should not add much data to the upload], then you should probably consider a multi-tiered architecture, and a key escrow mechanism. This way you can at least minimize some of the security concerns (but you'll still lose non-repudiation... and introduce other risks. No free lunch here).
So... you probably need to consider re-architecting your application so that PDF signature occurs on the client (in your ActiveX control), before the PDF file is uploaded. I imagine you will need a 3rd-party library for the signature step as discussed in this SO thread.
Related Topics
How to Include Quotes in a String
Register a Dll into the Gac - But Then It Doesn't Show Up in the Assembly Window
What Is the Fastest Way to Create a Checksum for Large Files in C#
What Is the "Cost" of .Net Reflection
Convert String to Hex-String in C#
Populate Treeview from List of File Paths in Wpf
How to Delete a File Which Is Locked by Another Process in C#
How to Prevent a SQL Injection Escaping Strings
Notify Binding for Static Properties in Static Classes
How to Create a Product Key for My C# Application
Non-Static Method Requires a Target
How Would You Make a Unique Filename by Adding a Number