My Profile
Sign Out
Tickets
Knowledge Base
Login
Articles in this section
  2. ASP.NET Core
  3. PDF

Sign PDF in .NET using PEM private key and certificate

The Syncfusion Essential® PDF library for .NET enables developers to create, read, and modify PDF documents programmatically without relying on Adobe components. When working with a PEM private key and a CER certificate, Syncfusion does not support them directly for digital signing. To overcome this, you can use BouncyCastle to generate a PFX (PKCS#12) file from the PEM and certificate, and then use the resulting PFX to digitally sign your PDF document in C#.

Steps to sign a PDF document using PEM private key and certificate programmatically

  1. Create a Console Application: Set up a new console application project.
    Screenshot (1337).png
  2. Install Syncfusion® Package: Add the Syncfusion.Pdf.Net.Core and Portable.BouncyCastle package from NuGet to your project.
    Screenshot.png

    BouncyPackage.png

In this example, we have used the open-source BouncyCastle library. Ensure you review its licensing before including it in your production environment. Alternatively, you can use the timestamp token provided by your service provider.

  1. Include Required Namespaces: Add the following namespaces in Program.cs.
using Org.BouncyCastle.Asn1.Pkcs;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.OpenSsl;
using Org.BouncyCastle.Pkcs;
using Org.BouncyCastle.Security;
using Syncfusion.Drawing;
using Syncfusion.Pdf;
using Syncfusion.Pdf.Graphics;
using Syncfusion.Pdf.Security;
  1. Sign PDFs with a PEM File and Certificate in C#: Use the following steps to apply a digital signature using a PEM-based certificate.
//Creates a new PDF document.
using (PdfDocument document = new PdfDocument())
{
   //Add a new page.
   PdfPageBase page = document.Pages.Add();
   PdfGraphics graphics = page.Graphics;
   //Get the certificate file.
   Org.BouncyCastle.X509.X509CertificateParser certificateParser = new Org.BouncyCastle.X509.X509CertificateParser();
   Org.BouncyCastle.X509.X509Certificate certificate = certificateParser.ReadCertificate(File.ReadAllBytes("certificate.cer"));
   //Read the PEM file.
   PemReader pmr = new PemReader(new StringReader(File.ReadAllText("privateKey.pem")));
   AsymmetricCipherKeyPair KeyPair = (AsymmetricCipherKeyPair)pmr.ReadObject();
   //Get the PFX file stream. 
   Stream pfxFile = CreatePfxFile(certificate, KeyPair.Private);
   //Creates a certificate instance from the PFX file with a private key.
   PdfCertificate pdfCert = new PdfCertificate(pfxFile, "syncfusion");
   //Creates a digital signature.
   PdfSignature signature = new PdfSignature(document, page, pdfCert, "Signature");
   //Sets the signature information.
   signature.Bounds = new RectangleF(new PointF(0, 0), new SizeF(300, 100));
   signature.ContactInfo = "[email protected]";
   signature.LocationInfo = "Honolulu, Hawaii";
   signature.Reason = "I am author of this document.";
   using FileStream imageStream = new FileStream("Logo.png", FileMode.Open, FileAccess.Read);
   //Load an image file.
   PdfBitmap image = new PdfBitmap(imageStream);
   //Draw an image in the signature appearance.
   signature.Appearance.Normal.Graphics.DrawImage(image, new RectangleF(0, 0, 300, 100));
   //Saves the document.
   document.Save("Output.pdf");
}
  1. Build a PFX stream using Bouncy Castle: combines the certificate and private key into a PKCS#12 container.
// Create a PFX file using the BouncyCastle.
Private Stream CreatePfxFile(Org.BouncyCastle.X509.X509Certificate certificate, AsymmetricKeyParameter privateKey)
{
   //Create a certificate entry.
   X509CertificateEntry certEntry = new X509CertificateEntry(certificate);
   string friendlyName = certificate.SubjectDN.ToString();
   //Get bytes of the private key.
   PrivateKeyInfo keyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(privateKey);
   byte[] keyBytes = keyInfo.ToAsn1Object().GetEncoded();
   Pkcs12StoreBuilder builder = new Pkcs12StoreBuilder();
   builder.SetUseDerEncoding(true);
   Pkcs12Store store = builder.Build();
   //Create a store entry.
   store.SetKeyEntry("private", new AsymmetricKeyEntry(privateKey), new X509CertificateEntry[] { certEntry });
   //Save the story to the stream
   using MemoryStream stream = new MemoryStream();
   store.Save(stream, "syncfusion".ToCharArray(), new SecureRandom());
   return stream;
}

A complete working sample can be downloaded from GitHub.
By executing the program, the output PDF document will be generated as shown below.

Output.png

Take a moment to explore the documentation to learn how to apply and manage digital signatures in PDF documents.

Conclusion
I hope this guide helped you understand how to sign a PDF document using a PEM file and certificate in C#.

You can refer to our ASP.NET Core PDF feature tour page to know about its other groundbreaking feature representations and documentation, and how to quickly get started for configuration specifications. You can also explore our ASP.NET Core PDF example to understand how to create and manipulate data.

For current customers, you can check out our components from the License and Downloads page. If you are new to Syncfusion®, you can try our 30-day free trial to check out our other controls.

If you have any queries or require clarifications, please let us know in the comments section below. You can also contact us through our support forums, Direct-Trac, or feedback portal. We are always happy to assist you!
Attachments
Did you find this information helpful?
Yes
No
Help us improve this page
Please provide feedback or comments
Comments (0)
Access denied
Access denied