TX Text Control can digitally sign Adobe PDF and PDF/A documents with X.509 certificates. An X.509 certificate is a digital certificate that implements the widely accepted X.509 Public Key Infrastructure (PKI) standard that verifies that a specific public key belongs to a user, computer, or service identity contained in the certificate. The certificate can be assigned in the SaveSettings class when the document is saved.

Document Signing Methods

There are two approaches to signing PDF documents with TX Text Control:

• Sign the whole document with a digital certificate
• Sign individual signature fields with a digital certificate(s)

In both approaches, signatures can be created with PFX, DER Cer, or Base64 CER certificate files, loaded from raw data, or selected from the local certificate store.

Windows Certificate Store

The following method opens a dialog box that allows the user to select the desired certificate from the local Windows certificate store. The selected certificate is returned and can be used to sign the document or the signature fields in a PDF document.

The X509Certificate2UI class provides a user interface for selecting and viewing X.509 certificates. The following code uses the SelectFromCollection method to open a certificate selection dialog. All registered certificates, including smart cards, are listed in the dialog.

static X509Certificate2 RetrieveCertificate() {
         
   // get and open certificate store for current user
   X509Store store = new X509Store(StoreLocation.CurrentUser);
   store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);

   // retrieve the certificate using the integrated Windows UI
   X509Certificate2Collection selectedCertificates =
           X509Certificate2UI.SelectFromCollection(
              store.Certificates, 
              "Choose your certificate",
              "Please select a certificate that is used to sign the PDF.",
              X509SelectionFlag.SingleSelection);

   // return the first selected certificate with a private key
   foreach (var certificate in selectedCertificates) {
      if (certificate.HasPrivateKey)
         return certificate;
   }

   return null;
}

Signing the PDF

The CreateEncryptedPDF method takes the selected certificate and a document in the internal TX Text Control format and creates a PDF document signed with the given certificate.

public byte[] CreateEncryptedPDF(byte[] document, X509Certificate2 certificate) {
   byte[] bPDF;

   using (TXTextControl.ServerTextControl tx = new TXTextControl.ServerTextControl()) {
      tx.Create();
      tx.Load(document, TXTextControl.BinaryStreamType.InternalUnicodeFormat);

      // apply the first selected certificate
      TXTextControl.SaveSettings saveSettings = new TXTextControl.SaveSettings() {
         DigitalSignature = new TXTextControl.DigitalSignature(certificate, null)
      };

      // save the document as PDF
      tx.Save(out bPDF, TXTextControl.BinaryStreamType.AdobePDFA, saveSettings);
   }

   return bPDF;
}

The following code shows how to call this method with the certificate returned from the certificate store.

CreateEncryptedPDF(document, RetrieveCertificate());

The dialog box for selecting the certificate from the local Windows certificate store is shown in the following screenshot.