How Do I Sign a PDF Using Smart Cards or Hardware Security Module?

98 views
Skip to first unread message

Vincent Ycasas

unread,
Feb 18, 2014, 2:48:28 PM2/18/14
to pdfne...@googlegroups.com
Question:

How Do I Sign a PDF Using Smart Cards or Hardware Security Module? Is it possible to do so with PDFNet?

Answer:

It is definitely possible to sign a PDF via PDFNet using other types and formats of private keys. PDFNet, however, does not currently provide support other than the most common PKCS#12 format.

To sign a PDF in PDFNet using other digital signature certificate standards, you will have to extend the SignatureHandler class. Our sample: http://www.pdftron.com/pdfnet/samplecode/DigitalSignaturesTest.cpp.html already shows how to extend the SignatureHandler class. You will need to do the same if you want to use other formats of signing certificates.
 
When using smart cards or HSMs to obtain your certificates, you will want to use the PKCS#11 standards. OpenSSL supports PKCS#11 engine (via a special contrib branch): http://www.openssl.org/contrib/. Or you can also use OpenSC: https://www.opensc-project.org/opensc/wiki/engine_pkcs11
 
If you wish to use either of the two above, you will need to modify the OpenSSLSignatureHandler to handle PKCS#11 instead of PKCS#12 when obtaining the signing certificates from the key store.
 
Reply all
Reply to author
Forward
0 new messages