I'd like to sign a PDF based on an X509Certificate2 stored on a hardware token, however none of the PdfCertificate constructors allow me to pass in an X509Certificate2 instance (code is has to run with .NET Core 3.0).
What is the expected process to sign PDF files with Spire.Pdf.Security.PdfCertificate?
Hi,
Thanks for your inquiry.
Please note we only need certificate data while signing a Pdf file. You could get the data from X509Certificate2 first, then create PdfCertificate. Please refer to following code and have a try.
If there is an exception(lost private key) while saving signed Pdf file, I am afraid this is a known issue while signing with the certificate from X509Certificate2 under .NET Core environment. This issue has been logged into our bug tracking system. Once there is any progress, we will inform you. Sorry for the inconvenience caused.
If the exception on your side is different or you encounter other issues, please share us with detailed information.
Best wishes,
Amber
E-iceblue support team
Thanks for your inquiry.
Please note we only need certificate data while signing a Pdf file. You could get the data from X509Certificate2 first, then create PdfCertificate. Please refer to following code and have a try.
- Code: Select all
PdfCertificate cert = new PdfCertificate(signData: storecollection[0].RawData ,"password");
If there is an exception(lost private key) while saving signed Pdf file, I am afraid this is a known issue while signing with the certificate from X509Certificate2 under .NET Core environment. This issue has been logged into our bug tracking system. Once there is any progress, we will inform you. Sorry for the inconvenience caused.
If the exception on your side is different or you encounter other issues, please share us with detailed information.
Best wishes,
Amber
E-iceblue support team
-
Amber.Gu - Posts: 525
- Joined: Tue Jun 04, 2019 3:16 am
Thank you Amber for your reply. Yes, indeed, I have the lost private key exception when trying to sign.
Just to make sure: what is the relationship between the
Just to make sure: what is the relationship between the
- Code: Select all
"password"
-
pierre.arnaud - Posts: 13
- Joined: Tue Nov 26, 2019 9:23 am
Hi,
Thanks for your reply.
Once there is any progress about the exception(lost private key) issue, we will inform you ASAP. Sorry for the inconvenience caused.
And the "password" string in the method PdfCertificate refers to the password of the certificate you are going to use.
Best wishes,
Amber
E-iceblue support team
Thanks for your reply.
Once there is any progress about the exception(lost private key) issue, we will inform you ASAP. Sorry for the inconvenience caused.
And the "password" string in the method PdfCertificate refers to the password of the certificate you are going to use.
Best wishes,
Amber
E-iceblue support team
-
Amber.Gu - Posts: 525
- Joined: Tue Jun 04, 2019 3:16 am
When using a hardware token, I don't have a password -- it is being provided interactively by the user and all the interaction is handled by the operating system.
If currently your library does not support encryption based on hardware tokens, then we've made the wrong choice.
How can I apply for the money-back guarantee?
If currently your library does not support encryption based on hardware tokens, then we've made the wrong choice.
How can I apply for the money-back guarantee?
-
pierre.arnaud - Posts: 13
- Joined: Tue Nov 26, 2019 9:23 am
Hi,
Thanks for your reply.
Please try the code.
And below is the complete code for you.
Best wishes,
Amber
E-iceblue support team
Thanks for your reply.
Please try the code.
- Code: Select all
PdfCertificate cert = new PdfCertificate(storecollection[0].Export(X509ContentType.Pfx), "");
And below is the complete code for you.
- Code: Select all
PdfDocument document = new PdfDocument();
document.LoadFromFile(@"……\filename.pdf");
X509Store store = new X509Store(StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection storecollection = store.Certificates;
PdfCertificate cert = new PdfCertificate(storecollection[0].Export(X509ContentType.Pfx), "");
PdfSignature signature = new PdfSignature(document, document.Pages[0], cert, "signature0")
{
DateLabel = "Date:",
Date = DateTime.Now,
DocumentPermissions = PdfCertificationFlags.AllowFormFill | PdfCertificationFlags.ForbidChanges,
Certificated = true
};
document.FileInfo.IncrementalUpdate = false;
document.CompressionLevel = PdfCompressionLevel.Best;
document.SaveToFile("output.pdf");
Best wishes,
Amber
E-iceblue support team
-
Amber.Gu - Posts: 525
- Joined: Tue Jun 04, 2019 3:16 am
Hi,
Greetings from E-iceblue.
Have you tried the code I offered you yesterday? Does it solve your issue? Could you please give us some feedback at your convenience?
Best wishes,
Amber
E-iceblue support team
Greetings from E-iceblue.
Have you tried the code I offered you yesterday? Does it solve your issue? Could you please give us some feedback at your convenience?
Best wishes,
Amber
E-iceblue support team
-
Amber.Gu - Posts: 525
- Joined: Tue Jun 04, 2019 3:16 am
Amber, thank you for the code snippets. This won't/can't/does not work with a hardware token, where the private key remains inside of the token.
I've tested the SyncFusion implementation and it works, because we can pass it an X509Certificate2 instance.
Trying to get the PFX out of a hardware token is bound to fail. The code which is responsible for signing must delegate the task to the operating system, which in turn lets the hardware token do the signing on its behalf.
So back to my question: what are my options to get a refund?
I've tested the SyncFusion implementation and it works, because we can pass it an X509Certificate2 instance.
Trying to get the PFX out of a hardware token is bound to fail. The code which is responsible for signing must delegate the task to the operating system, which in turn lets the hardware token do the signing on its behalf.
So back to my question: what are my options to get a refund?
-
pierre.arnaud - Posts: 13
- Joined: Tue Nov 26, 2019 9:23 am
Hi,
Thanks for your reply.
We made a test again and we could sign the Pdf file with the code above correctly. Could you please tell us how you get the X509Certificate2 instance from your hardware token?
We have compiled a package for you, and the PdfCertificate method allows you to pass the X509Certificate2 instance into it. Please download and test it from the following link: http://www.e-iceblue.com/downloads/TempVersion/spire.pdf_5.12.6.zip
And below is the code for you.
Looking forward to your feedback.
Best wishes,
Amber
E-iceblue support team
Thanks for your reply.
We made a test again and we could sign the Pdf file with the code above correctly. Could you please tell us how you get the X509Certificate2 instance from your hardware token?
We have compiled a package for you, and the PdfCertificate method allows you to pass the X509Certificate2 instance into it. Please download and test it from the following link: http://www.e-iceblue.com/downloads/TempVersion/spire.pdf_5.12.6.zip
And below is the code for you.
- Code: Select all
X509Certificate2 X509Certificate2Object = new X509Certificate2(store.Certificates[0].GetRawCertData(), "password", X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet);
PdfCertificate cert = new PdfCertificate(X509Certificate2Object);
PdfSignature signature = new PdfSignature(document, document.Pages[0], cert, "signature0")
{
DateLabel = "Date:",
Date = DateTime.Now,
DocumentPermissions = PdfCertificationFlags.AllowFormFill | PdfCertificationFlags.ForbidChanges,
Certificated = true
};
Looking forward to your feedback.
Best wishes,
Amber
E-iceblue support team
-
Amber.Gu - Posts: 525
- Joined: Tue Jun 04, 2019 3:16 am
Hi,
Hope you are doing well.
Did you test the solution? Has your issue been resolved?
Here we provided a newer version. If the issue still troubles you, please download this version and use the following code to create the X509Certificate2 object. I am looking forward to your reply.
Best wishes,
Amber
E-iceblue support team
Hope you are doing well.
Did you test the solution? Has your issue been resolved?
Here we provided a newer version. If the issue still troubles you, please download this version and use the following code to create the X509Certificate2 object. I am looking forward to your reply.
- Code: Select all
X509Certificate2 X509Certificate2Object = new X509Certificate2(store.Certificates[0].GetRawCertData(), "password", X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet);
Best wishes,
Amber
E-iceblue support team
-
Amber.Gu - Posts: 525
- Joined: Tue Jun 04, 2019 3:16 am
For the sake of the forum, we had multiple friendly exchanges by e-mail with Amber.
The current conclusion is that Spire.PDF does not support hardware tokens and that there is a basic miscomprehension about what hardware token are and how they work (basically, that the private key cannot be extracted from the token, and that to use them, the library would have to work hand in hand with the operating system).
The current conclusion is that Spire.PDF does not support hardware tokens and that there is a basic miscomprehension about what hardware token are and how they work (basically, that the private key cannot be extracted from the token, and that to use them, the library would have to work hand in hand with the operating system).
-
pierre.arnaud - Posts: 13
- Joined: Tue Nov 26, 2019 9:23 am
Hi Pierre,
Thanks for your reply.
According to your last email, you said it threw the error "export private key failed" when you signed your PDF file with certificate from hardware token under .Net Core environment. I got a message from our Dev team, kindly note that there is no such an error information(export private key failed) in .NET Core 2.0 package of Spire.Pdf_5.12.19 , thus we guess the package you are using now may be an old version but not the latest one which I offered you via email last time. Please check the package version in your project, attach the download link of Spire.Pdf_5.12.19 again: http://www.e-iceblue.com/downloads/TempVersion/spire.pdf_5.12.19.zip.
And below is the .NET Core dlls information for checking:
Spire.pdf.dll V 5.12.19.2420
Spire.License.dll V 1.3.8.320
By the way, have you tried the project I offered you via email? How does it run on your side?
Best wishes,
Amber
E-iceblue support team
Thanks for your reply.
According to your last email, you said it threw the error "export private key failed" when you signed your PDF file with certificate from hardware token under .Net Core environment. I got a message from our Dev team, kindly note that there is no such an error information(export private key failed) in .NET Core 2.0 package of Spire.Pdf_5.12.19 , thus we guess the package you are using now may be an old version but not the latest one which I offered you via email last time. Please check the package version in your project, attach the download link of Spire.Pdf_5.12.19 again: http://www.e-iceblue.com/downloads/TempVersion/spire.pdf_5.12.19.zip.
And below is the .NET Core dlls information for checking:
Spire.pdf.dll V 5.12.19.2420
Spire.License.dll V 1.3.8.320
By the way, have you tried the project I offered you via email? How does it run on your side?
Best wishes,
Amber
E-iceblue support team
-
Amber.Gu - Posts: 525
- Joined: Tue Jun 04, 2019 3:16 am
I am wondering what happened with this issue. I am evaluating Spire Office to determine whether it is a good fit for my company and we use hardware tokens for authentication. Does Spire PDF signature work with hardware tokens?
-
aebrey84 - Posts: 5
- Joined: Mon Aug 08, 2022 5:47 pm
Hi,
Thank you for your inquiry.
Our Spire.PDF supports signing with hardware tokens. Please refer to the code below to achieve this feature. If you have any questions, please feel free to contact us.
Sincerely,
Kylie
E-iceblue support team
Thank you for your inquiry.
Our Spire.PDF supports signing with hardware tokens. Please refer to the code below to achieve this feature. If you have any questions, please feel free to contact us.
- Code: Select all
//Load PDF document
PdfDocument doc = new PdfDocument();
doc.LoadFromFile("test.pdf");
PdfPageBase page = doc.Pages[0];
//Get the certificate
X509Store store = new X509Store(StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certs = store.Certificates.Find(X509FindType.FindBySerialNumber, "Your USB Token Cert", false);
X509Certificate2 cert1 = certs[0];
PdfCertificate cert = new PdfCertificate(cert1);
PdfSignature signature = new PdfSignature(doc, page, cert, "signature");
signature.DocumentPermissions = PdfCertificationFlags.ForbidChanges;
signature.GraphicsMode = GraphicMode.SignDetail;
signature.Certificated = true;
doc.CompressionLevel = PdfCompressionLevel.Best;
//Set the dispay mode of graphics
signature.GraphicsMode = GraphicMode.SignImageAndSignDetail;
signature.NameLabel = "Signer:";
signature.ContactInfoLabel = "ContactInfo:";
signature.ContactInfo = signature.Certificate.GetNameInfo(X509NameType.SimpleName, true);
signature.DateLabel = "Date:";
signature.Date = DateTime.Now;
signature.LocationInfoLabel = "Location:";
signature.LocationInfo = "Chengdu";
signature.ReasonLabel = "Reason: ";
signature.Reason = "The certificate of this document";
signature.DistinguishedNameLabel = "DN: ";
signature.DistinguishedName = signature.Certificate.IssuerName.Name;
//Set font
signature.SignDetailsFont = new PdfFont(PdfFontFamily.TimesRoman, 10f);
signature.SignNameFont = new PdfFont(PdfFontFamily.Courier, 15);
//Save the Pdf document
string output = "output.pdf";
doc.SaveToFile(output);
Sincerely,
Kylie
E-iceblue support team
-
kylie.tian - Posts: 412
- Joined: Mon Mar 07, 2022 2:30 am
1, 2
Corporation
