Skip to main content
All docs
V24.2

DevExpress v24.2 Update — Your Feedback Matters

Our What's New in v24.2 webpage includes product-specific surveys. Your response to our survey questions will help us measure product satisfaction for features released in this major update and help us refine our plans for our next major release.

Take the survey Not interested

How to: Sign a PDF Document with a Certificate Stored on a Hardware Device

  • 3 minutes to read

The PDF Document API allows you to retrieve a certificate from a hardware device (such as the Windows Certificate Store, SmartCard, USB Token). This example demonstrates how to use a certificate stored on a user’s machine. You can also adapt this solution to sign documents with certificates from any physical store.

View Example: PDF Document API - Sign a PDF document with a certificate stored on a hardware device

Obtain a certificate from a Windows certificate store. In this example, the X509Certificate2UI class object displays a system dialog. This dialog allows you to select an X.509 certificate installed on the current machine.

certificate dialog

Tip

You can adapt this code to read a certificate from a SmartCard or USB Token: How to enter a PIN for an X509Certificate2 certificate programmatically when signing a PDF (in C#)

Pass the retrieved certificate to the Pkcs7Signer object constructor to create a PKCS#7 signature with the selected certificate. Call the PdfDocumentSigner.SaveDocument method to sign and save a document.

using DevExpress.Pdf;
using System;
using System.Diagnostics;
using System.IO;
using System.Security.Cryptography.X509Certificates;
using DevExpress.Office.DigitalSignatures;

namespace SignPDFWithHardwareCertificate
{
  class Program
  {
    static void Main(string[] args)
    {
        X509Certificate2 cert = GetCertificate();
        if (cert != null)
        {
          SignPDF(cert);
        }
        else
          Console.WriteLine("There are no installed certificates on this machine.");
    }

    static X509Certificate2 GetCertificate()
    {
      // Get a certificate from a Windows Store
      X509Store store = new X509Store(StoreLocation.CurrentUser);
      store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);

      // Display a dialog box to select a certificate from the Windows Store
      X509Certificate2Collection selectedCertificates =
              X509Certificate2UI.SelectFromCollection(store.Certificates, null, null, X509SelectionFlag.SingleSelection);

      // Get the first certificate that has a primary key
      foreach (var certificate in selectedCertificates)
      {
        if (certificate.HasPrivateKey)
             return certificate;
      }

      return null;
    }

   static void SignPDF(X509Certificate2 cert)
   {
     using (var signer = new PdfDocumentSigner(File.OpenRead("Demo.pdf")))
     {
       // Create a PKCS#7 signature
       Pkcs7Signer pkcs7Signature = new Pkcs7Signer(cert, HashAlgorithmType.SHA256);

       // Create a signature field on the first page
       var signatureFieldInfo = new PdfSignatureFieldInfo(1);

       // Specify the field's name and location
       signatureFieldInfo.Name = "SignatureField";
       signatureFieldInfo.SignatureBounds = new PdfRectangle(20, 20, 150, 150);

       // Apply a signature to a newly created signature field
       var cooperSignature = new PdfSignatureBuilder(pkcs7Signature, signatureFieldInfo);
       cooperSignature.SetImageData(System.IO.File.ReadAllBytes("JaneCooper.jpg"));

       // Sign and save the document
       signer.SaveDocument("SignedDocument.pdf", cooperSignature);
     }
          Process.Start("SignedDocument.pdf");
   }
 }
}