Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Digitally sign a PDF on the server

Tags:

asp.net

pdf

sign

I have a project to generate PDFs on a server using ASP.NET (C #). But now we need the customer to be able to digitally sign these PDF. From what I saw, the documents must be signed at the client side, using an applet, as in the server I have no access to the private key of the certificate, but as I said above, the PDFs are generated on the server and I keep them there.

So, what I need is to digitally sign PDFs on the server, taking the client's certificate.

Thanks

like image 431
Hernan Avatar asked Apr 11 '11 19:04

Hernan

2 Answers

Since it is not possible or anyway safe to extract and send the client's private key, to sign pdfs on the server you need to establish a "session" with the client and let them calculate the signature.

The steps should be something like:

  1. the client sends his public certificate to be embedded in the signed pdf

  2. the server generates the pdf, embeds the certificate and calculates the hash (eg: sha1)

  3. the server sends the hash to the client applet

  4. the applet calculates the digital signature with her private key

  5. the applet sends the signature to the server

  6. the server embeds the digital signature and closes the pdf.

To do this with itext you will have to use the preclose method after ambedding the certificate, so to be able to alculate the sha1 hash on the final document. Then after pre-closing the pdf you will have to calculate the hash of the pdf and send it to the client. Be careful: while preclosed you will have to keep the document in memory, for example in a server session.

To generate the pdf, embed certificates and prepaare the document you can use itextsharp, the c# port of the itext library. To calculate the hash and create the pkcs7 envelopes you can use the .net crypto api.

Hope this helps.

like image 134
Vespassassina Avatar answered Nov 17 '22 18:11

Vespassassina

You might be missing the point of digitally signing a document. The act of signing a document is meant to be a user activity.

You can create the document on the server side and serve it with the content-type "application/pdf" and that will serve the document to be signed. When they sign it you can use pdf form submit to submit the signed document back to the server.

like image 2
maple_shaft Avatar answered Nov 17 '22 19:11

maple_shaft
Sign in to Comment

Related questions

Can a WCF service be consumed as if it were an ASP.NET Web Service?
REST WCF service and Session‏ in ASP.NET
Swedish text in Web.config
Software Design & Web Service Design
Is it possible that Request.ServerVariables["HTTP_HOST"].ToString() can return a different host than what I see in the url bar
AuthenticationType Negotiate vs NTLM
ASP.Net page Life Cycle
C# Threading Issue in a web application
Conditional output caching in ASP.NET
How to load and show data Asynchronously
Is Entity Framework more than a very time consuming way to save a little time?
Executing a razor view dynamically
Why ASP.NET pages render faster on IE than Chrome or FF?
How can i use google docs in my .net project
Are resx files a suitable way to customise for different customers?
Most efficient C# SharePoint List iteration
Are there any dangers in increasing the executionTimeout and maxRequestLength of an ASP.NET site?
Disable paging on an ASP.Net ReportViewer Control
How do I send an email confirmation link to the user
How to get object using Httpclient with response Ok in Web Api

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!