Class ExternalSignerBase
Base helper implementation for building external (client supplied) digital signatures.
Inheritance
Inherited Members
Namespace: Telerik.Documents.Fixed.Model.DigitalSignatures
Assembly: Telerik.Windows.Documents.Fixed.dll
Syntax
public abstract class ExternalSignerBase : IExternalSignerRemarks
Implementations provide the signing certificate chain (public keys) and the raw data signing routine (private key operation) while the PDF processing library constructs the CMS (PKCS#7) detached signature container. This allows integrating hardware devices (HSM, smart card), remote signing services, or custom cryptographic stacks without exposing the private key material to the library.
Typical usage: derive a class, override GetCertificateChain() to return the X.509 certificate chain that will be embedded in the CMS structure, and override SignData(Byte[], SignatureSettings) to invoke the external signing facility over the DER-encoded signed attributes. The infrastructure will call the explicit Sign(Byte[], SignatureSettings) implementation to obtain the final CMS encoded byte array that is written into the PDF signature field.
Constructors
ExternalSignerBase()
Initializes a new instance of the ExternalSignerBase class.
Declaration
protected ExternalSignerBase()Methods
GetCertificateChain()
Returns the X.509 certificate chain associated with the signer.
Declaration
protected abstract X509Certificate2[] GetCertificateChain()Returns
|
System.Security.Cryptography.X509Certificates.X509Certificate2[]
An array of X.509 certificates forming the signing certificate chain. Must not be null or empty. The first element must be the signing (leaf) certificate. |
Remarks
This should return an ordered array of certificates starting with the end-entity (leaf) certificate whose corresponding private key (or signing capability) is used in SignData(Byte[], SignatureSettings), followed by any intermediate CA certificates needed to establish a trust chain. The root certificate is typically excluded. Implementors may cache the certificates or retrieve them dynamically from a device/service. The library validates that the returned array is not null or empty.
SignData(Byte[], SignatureSettings)
Performs the raw cryptographic signing operation over the DER-encoded signed attributes.
Declaration
protected abstract byte[] SignData(byte[] dataToSign, SignatureSettings settings)Parameters
|
System.Byte[]
dataToSign
The DER-encoded signed attributes (CMS SignedAttributes) that must be signed. This includes the message digest, content type, signing time, and signing certificate reference. |
|
SignatureSettings
settings
Signature generation settings (e.g. digest algorithm, timestamp server). |
Returns
|
System.Byte[]
Binary signature value for the provided signed attributes. |
Remarks
The method should return the raw signature bytes appropriate for the public key type (e.g. RSA signature (PKCS#1 v1.5) or ECDSA signature). For ECDSA, the signature can be either raw format (r||s concatenated) or DER-encoded (SEQUENCE { r, s }); the infrastructure will handle the conversion if needed. The surrounding infrastructure will insert this value into the CMS (PKCS#7) SignerInfo structure.
Explicit Interface Implementations
IExternalSigner.Sign(Byte[], SignatureSettings)
Builds a detached CMS (PKCS#7) signature for the provided PDF byte range data using the supplied settings.
Declaration
byte[] IExternalSigner.Sign(byte[] pdfByteRangeData, SignatureSettings settings)Parameters
|
System.Byte[]
pdfByteRangeData
The raw PDF byte range data (document content excluding the signature placeholder) whose digest will be computed and signed. |
|
SignatureSettings
settings
Signature generation settings controlling digest algorithm and timestamping. |
Returns
|
System.Byte[]
Byte array containing the CMS SignedData structure (detached) ready for embedding in a PDF. |