Digital Signature
With RadPdfViewer you are able to display, sign and verify documents within your application and make sure that it has not been tampered with.
What is a Digital Signature?
The digital signature is the equivalent of the handwritten signature and is intended to solve security problems in the digital communication. The signature is unique to each signer and is widely used to confirm that the document content originated from the signer and has not been modified in any way.
The digital signatures rely on a mathematical algorithm, which generates a public and a private key. The private key is used to create the signature while the user signs the document. The algorithm creates a hash over the document data and uses the signer's private key to encrypt this hash. The result of this operation is the digital signature of the document. Once the document is signed, any change on it invalidates the hash, respectively the signature is invalidated.
Cryptography Standards
RadPdfViewer enables you to validate signature fields using standard Cryptography Standards. Following is a list of them:
Signature Field
The information about a digital signature in a document is stored in a signature field, which can be obtained through the AcroForm
property of the document. This field exposes a property called Signature
, which is responsible for validating.
If you need to add signature fields and widgets to PDF files which do not have any fields, then the only possible approach is to use the RadPdfProcessing library. With it, you can import the existing PDF, modify its AcroForm FormFieldCollection, create and position widgets for the new fields and finally export the result to PDF FileStream or MemoryStream. The exported file can then be imported in RadPdfViewer, so that you can render the resultant document.
Sample code for creating fields and widgets with RadPdfProcessing can be seen in the CreateInteractiveForms SDK example.
Dependencies
In order to use the signature API of the PdfViewer, users have to add a reference to the System.Security.Cryptography.Pkcs
NuGet package version >= 6.0.
Signing
When a document containing a signature field is loaded in RadPdfViewer, you can apply a signature to it. This is done through the SignSignatureDialog
. This dialog gives you the ability to choose a .pfx
file representing the certificate and enter the password for it. Clicking the Sign button prompts you to save the signed document to a new file. The newly saved file then opens in RadPdfViewer.
To use the SignSignatureDialog
you should first register it. You can do this through the ExtensibilityManager:
Registering SignSignatureDialog using ExtensibilityManager
ExtensibilityManager.RegisterSignSignatureDialog(new SignSignatureDialog());
RegisterSignSignatureDialog
property of the RadPdfViewerAttachedComponents
class.
Registering SignSignatureDialog through XAML
<telerik:RadPdfViewer telerik:RadPdfViewerAttachedComponents.RegisterSignSignatureDialog="True" />
ShowSignSignatureDialogCommand
. The following example shows how you can access this command, instantiate a context for it, that points to the first signature field in the document, and invoke this command.
Showing SignSignatureDialog from code-behind
ShowSignSignatureDialogCommandContext context = new ShowSignSignatureDialogCommandContext();
SignatureField firstSignatureField = this.pdfViewer.Document.AcroForm.FormFields.FirstOrDefault(field => field.FieldType == FormFieldType.Signature) as SignatureField;
if (firstSignatureField != null && firstSignatureField.Signature == null)
{
context.SignatureField = firstSignatureField;
}
this.pdfViewer.CommandDescriptors.ShowSignSignatureDialogCommandDescriptor.Command.Execute(context);
Validation
In the PDF document model, the validation is performed per signature. A valid signed document is considered one that has not been changed after the signing and all of its certificates have valid trusted root certificate.
Using SignaturePropertiesDialog
The SignaturePropertiesDialog
provides detailed information on which one signature is invalid and why.
To use this dialog, you should register it first. This can be done through the ExtensibilityManager
.
Registering SignaturePropertiesDialog
ExtensibilityManager.RegisterSignaturePropertiesDialog(new SignaturePropertiesDialog());
RegisterSignaturePropertiesDialog
property of the RadPdfViewerAttachedComponents class.
Registering SignaturePropertiesDialog through XAML
<telerik:RadPdfViewer telerik:RadPdfViewerAttachedComponents.RegisterSignaturePropertiesDialog="True" />
ShowSignaturePropertiesDialogCommand
. The following example shows how you can access this command, instantiate a context for it, which points to the first signature field in the document, and invoke this command.
Showing SignaturePropertiesDialog from code-behind
ShowSignaturePropertiesDialogCommandContext context = new ShowSignaturePropertiesDialogCommandContext();
SignatureField firstSignatureField = this.pdfViewer.Document.AcroForm.FormFields.FirstOrDefault(field => field.FieldType == FormFieldType.Signature) as SignatureField;
if (firstSignatureField != null && firstSignatureField.Signature != null)
{
context.SignatureField = firstSignatureField;
context.SignatureValidationProperties = this.pdfViewer.SignatureValidationProperties;
}
this.pdfViewer.CommandDescriptors.ShowSignaturePropertiesDialogCommandDescriptor.Command.Execute(context);
Unknown
.
Signature Properties Dialog in RadPdfViewer
Validate a Signature in Code-Behind
The Signature
class exposes two methods allowing you to validate a signature:
-
Validate
: The method accepts a parameter of typeSignatureValidationProperties
which it uses while validating the signature. The SignatureValidationProperties class exposes the following properties:-
Chain
: Gets or sets the chain used to validate the certificate that signed the digital signature. It is of type X509Chain. -
ChainStatusFlags
: Gets or sets the chain status flags which describes the used signature certificate as invalid. It is of type X509ChainStatusFlags.
Validate() returns object of type
SignatureValidationResult
. -
TryValidate
: This method returns a boolean value indicating whether the validation succeeded or not. There are two overloads of this method. The first one accepts anout
parameter containing aSignatureValidationResult
object and the second one allows you to also passSignatureValidationProperties
.
The Validate method throws an exception if there is a problem with the signature, while TryValidate returns
false
in this case.
Validate a field
string validationStatus;
// For simplicity, the example handles only the first signature.
SignatureField firstSignatureField = this.pdfViewer.Document.AcroForm.FormFields.FirstOrDefault(field => field.FieldType == FormFieldType.Signature) as SignatureField;
if (firstSignatureField != null && firstSignatureField.Signature != null)
{
SignatureValidationResult validationResult;
if (firstSignatureField.Signature.TryValidate(out validationResult))
{
if (!validationResult.IsDocumentModified)
{
if (validationResult.IsCertificateValid)
{
validationStatus = "Valid";
}
else
{
validationStatus = "Unknown";
}
}
else
{
validationStatus = "Invalid";
}
}
else
{
validationStatus = "Invalid";
}
}
else
{
validationStatus = "None";
}
Limitations
There are few limitations related to the usage of a digital signature in RadPdfViewer.
The validation of a signature depends on the bytes representing the document. Thus, to validate a signature, the stream used to import the document must be still open.
The validation is always performed for the current field, against the state of the document in the moment of importing.