Available for: UI for ASP.NET MVC | UI for ASP.NET AJAX | UI for Blazor | UI for WPF | UI for WinForms | UI for Silverlight | UI for Xamarin | UI for WinUI | UI for ASP.NET Core | UI for .NET MAUI

Libraries / RadPdfProcessing / Features / Digital Signature

New to Telerik Document Processing? Download free 30-day trial

Validating a Signature

The validation is performed for the current field and, since it strongly depends on the file bytes of the document, against the state of the document at the moment of importing.

The Signature class exposes two methods that allow you to validate a signature:

  • Validate(): The method accepts a parameter of type SignatureValidationProperties. The method uses these properties while validating the signature. The SignatureValidationProperties class exposes the following properties:

    • Chain: Gets or sets the chain used to validate the certificate that signed the digital signature. It is of type X509Chain.
    • ChainStatusFlags: Gets or sets the chain status flags that describe the used signature certificate as invalid. It is of type X509ChainStatusFlags.

    Validate() returns an object of type SignatureValidationResult.

  • TryValidate(): This method returns a boolean value indicating whether the validation succeeded or not. There are two overloads of this method. The first one accepts an out parameter containing a SignatureValidationResult object and second one allows you to also pass SignatureValidationProperties.

The validation requires that the stream, from which the document is imported, to be opened. The validation is performed for the current field and against the state of the document at the moment of importing.

The following example shows how the validation can be used:

Example: Validate a field

RadFixedDocument document = new PdfFormatProvider().Import(stream); // The stream containing the document 
 
string validationStatus; 
 
// For simplicity, the example handles only the first signature. 
SignatureField firstSignatureField = document.AcroForm.FormFields.FirstOrDefault(field => field.FieldType == FormFieldType.Signature) as SignatureField; 
if (firstSignatureField != null && firstSignatureField.Signature != null) 
{ 
    SignatureValidationProperties properties = new SignatureValidationProperties(); 
    System.Security.Cryptography.X509Certificates.X509VerificationFlags verificationFlags = System.Security.Cryptography.X509Certificates.X509VerificationFlags.IgnoreInvalidName; 
    properties.Chain.ChainPolicy.VerificationFlags = verificationFlags; 
 
    SignatureValidationResult validationResult; 
    if (firstSignatureField.Signature.TryValidate(properties, out validationResult)) 
    { 
        if (!validationResult.IsDocumentModified) 
        { 
            if (validationResult.IsCertificateValid) 
            { 
                validationStatus = "Valid"; 
            } 
            else 
            { 
                validationStatus = "Unknown"; 
            } 
        } 
        else 
        { 
            validationStatus = "Invalid"; 
        } 
    } 
    else 
    { 
        validationStatus = "Invalid"; 
    } 
} 
else 
{ 
    validationStatus = "None"; 
}

To evaluate a certificate as trusted, it must be added to the trusted certificates on your machine.

Signature Encodings

RadPdfProcessing enables you to sign and validate signature fields using standard signature encodings:

  • adbe.x509.rsa_sha1 (PKCS #1)

  • adbe.pkcs7.sha1 (PKCS #7)

  • adbe.pkcs7.detached (PKCS #7 Detached)

Signature Flags

The signature flags were introduced in R2022 SP1. You can set the flags with the following code:

Example: Set signature flags

pdfDocument.AcroForm.SignatureFlags = SignatureFlags.None;
The possible values are:
  • None
  • SignaturesExist: If set, the document contains at least one signature field.
  • AppendOnly: The document contains signatures that may be invalidated if the file is saved in a way that alters its previous contents.

See Also

In this article
Related articles
Not finding the help you need? Improve this article