Skip to main content
BuyLog In
Office File API
Search in…
Docs > PDF Document API > Examples > Document Protection > How to: Sign a PDF Document with a Certificate Stored on a Hardware Device
All docs
V25.1
    • Office File API
    Demo Application
    Prerequisites
    Install NuGet Packages
    Redistribution and Deployment (.NET Framework)
    .NET/.NET Core Support
    What's New
    Cloud Integration
    Blazor Integration
    Dockerize an Office File API Application
    Use Office File API in .NET MAUI Applications
    Backend Web/REST API for Office File API
    Load and Use Custom Fonts in Office File API
    Sign Office Documents
    Spreadsheet Document API
    Word Processing Document API
    PDF Document API
    Get Started
    Coordinate Systems
    Document Generation
    PDF Graphics API
    Manage Documents
    Additional Content
    Interactive Forms
    Annotations
    Document Security
    Printing
    XMP Metadata
    Examples
    PDF Graphics and Additional Content
    Interactive Form
    Extract Content from a PDF Document
    Document Protection
    How to: Protect a PDF Document with a Password
    How to: Use PdfDocumentProcessor to Add a Visual Signature to a Document
    How to: Sign a PDF Document with a Certificate Stored on a Hardware Device
    How to: Use Azure Key Vault API to Sign a PDF Document
    How to: Sign a PDF File with a Certificate Stored in a .PFX File
    How To: Sign a PDF File with a Certificate Stored in the Windows Certificate Store
    How to: Validate a PDF Document Signature
    Export a PDF Document to an Image
    Presentation API
    Excel Export Library
    Snap Report API
    Zip Compression and Archive API
    Barcode Generation API
    Unit Conversion API
    API Reference
    Download CHM

    How to: Sign a PDF Document with a Certificate Stored on a Hardware Device

    • 3 minutes to read

    The PDF Document API allows you to retrieve a certificate from a hardware device (such as the Windows Certificate Store, SmartCard, USB Token). This example uses a certificate stored on a user’s machine. You can also adapt this solution to sign documents with certificates from any physical store.

    View Example: PDF Document API - Sign a PDF document with a certificate stored on a hardware device

    Obtain a certificate from a Windows certificate store. In this example, the X509Certificate2UI class object displays a system dialog. This dialog allows you to select an X.509 certificate installed on the current machine.

    certificate dialog

    Tip

    You can adapt this code to read a certificate from a SmartCard or USB Token: How to enter a PIN for an X509Certificate2 certificate programmatically when signing a PDF (in C#)

    Pass the retrieved certificate to the Pkcs7Signer object constructor to create a PKCS#7 signature with the selected certificate. Call the PdfDocumentSigner.SaveDocument method to sign and save a document.

    using DevExpress.Pdf;
using System;
using System.Diagnostics;
using System.IO;
using System.Security.Cryptography.X509Certificates;
using DevExpress.Office.DigitalSignatures;

namespace SignPDFWithHardwareCertificate
{
  class Program
  {
    static void Main(string[] args)
    {
        X509Certificate2 cert = GetCertificate();
        if (cert != null)
        {
          SignPDF(cert);
        }
        else
          Console.WriteLine("There are no installed certificates on this machine.");
    }

    static X509Certificate2 GetCertificate()
    {
      // Get a certificate from a Windows Store
      X509Store store = new X509Store(StoreLocation.CurrentUser);
      store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);

      // Display a dialog box to select a certificate from the Windows Store
      X509Certificate2Collection selectedCertificates =
              X509Certificate2UI.SelectFromCollection(store.Certificates, null, null, X509SelectionFlag.SingleSelection);

      // Get the first certificate that has a primary key
      foreach (var certificate in selectedCertificates)
      {
        if (certificate.HasPrivateKey)
             return certificate;
      }

      return null;
    }

   static void SignPDF(X509Certificate2 cert)
   {
     using (var signer = new PdfDocumentSigner(File.OpenRead("Demo.pdf")))
     {
       // Create a PKCS#7 signature
       Pkcs7Signer pkcs7Signature = new Pkcs7Signer(cert, HashAlgorithmType.SHA256);

       // Create a signature field on the first page
       var signatureFieldInfo = new PdfSignatureFieldInfo(1);

       // Specify the field's name and location
       signatureFieldInfo.Name = "SignatureField";
       signatureFieldInfo.SignatureBounds = new PdfRectangle(20, 20, 150, 150);

       // Apply a signature to a newly created signature field
       var cooperSignature = new PdfSignatureBuilder(pkcs7Signature, signatureFieldInfo);
       cooperSignature.SetImageData(System.IO.File.ReadAllBytes("JaneCooper.jpg"));

       // Sign and save the document
       signer.SaveDocument("SignedDocument.pdf", cooperSignature);
     }
          Process.Start("SignedDocument.pdf");
   }
 }
}