Namespace iText.Signatures
Classes
- AsymmetricAlgorithmSignature
This class allows you to sign with either an RSACryptoServiceProvider/DSACryptoServiceProvider from a X509Certificate2, or from manually created RSACryptoServiceProvider/DSACryptoServiceProvider. Depending on the certificate's CSP, sometimes you will not be able to sign with SHA-256/SHA-512 hash algorithm with RSACryptoServiceProvider taken directly from the certificate. This class allows you to use a workaround in this case and sign with certificate's private key and SHA-256/SHA-512 anyway.
An example of a workaround for CSP that does not support SHA-256/SHA-512:
if (certificate.PrivateKey is RSACryptoServiceProvider) { RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)certificate.PrivateKey; // Modified by J. Arturo // Workaround for SHA-256 and SHA-512 if (rsa.CspKeyContainerInfo.ProviderName == "Microsoft Strong Cryptographic Provider" || rsa.CspKeyContainerInfo.ProviderName == "Microsoft Enhanced Cryptographic Provider v1.0" || rsa.CspKeyContainerInfo.ProviderName == "Microsoft Base Cryptographic Provider v1.0") { string providerName = "Microsoft Enhanced RSA and AES Cryptographic Provider"; int providerType = 24; Type CspKeyContainerInfo_Type = typeof(CspKeyContainerInfo); FieldInfo CspKeyContainerInfo_m_parameters = CspKeyContainerInfo_Type.GetField("m_parameters", BindingFlags.NonPublic | BindingFlags.Instance); CspParameters parameters = (CspParameters)CspKeyContainerInfo_m_parameters.GetValue(rsa.CspKeyContainerInfo); var cspparams = new CspParameters(providerType, providerName, rsa.CspKeyContainerInfo.KeyContainerName); cspparams.Flags = parameters.Flags; using (var rsaKey = new RSACryptoServiceProvider(cspparams)) { // use rsaKey now } } else { // Use rsa directly } }
- BouncyCastleDigest
Implementation for digests accessed directly from the BouncyCastle library.
- CRLVerifier
Class that allows you to verify a certificate against one or more Certificate Revocation Lists.
- CertificateInfo
Class containing static methods that allow you to get information from an X509 Certificate: the issuer and the subject.
- CertificateInfo.X500Name
Class that holds an X509 name.
- CertificateInfo.X509NameTokenizer
Class for breaking up an X500 Name into it's component tokens, similar to iText.Commons.Utils.StringTokenizer.
- CertificateUtil
This class contains a series of static methods that allow you to retrieve information from a Certificate.
- CertificateVerification
This class consists of some methods that allow you to verify certificates.
- CertificateVerifier
Superclass for a series of certificate verifiers that will typically be used in a chain.
- CrlClientOffline
An implementation of the CrlClient that handles offline Certificate Revocation Lists.
- CrlClientOnline
An implementation of the CrlClient that fetches the CRL bytes from an URL.
- DigestAlgorithms
Class that contains a map with the different message digest algorithms.
- ExternalBlankSignatureContainer
Produces a blank (or empty) signature.
- IssuingCertificateRetriever
IIssuingCertificateRetriever default implementation.
- LtvVerification
Add verification according to PAdES-LTV (part 4).
- LtvVerifier
Verifies the signatures in an LTV document.
- OCSPVerifier
Class that allows you to verify a certificate against one or more OCSP responses.
- OID
Class containing all the OID values used by iText.
- OID.X509Extensions
Contains all OIDs used by iText in the context of Certificate Extensions.
- OcspClientBouncyCastle
OcspClient implementation using BouncyCastle.
- PKCS7ExternalSignatureContainer
Implementation class for IExternalSignatureContainer.
- PadesTwoPhaseSigningHelper
Helper class to perform signing operation in two steps.
- PdfPKCS7
This class does all the processing related to signing and verifying a PKCS#7 / CMS signature.
- PdfPadesSigner
This class performs signing with PaDES related profiles using provided parameters.
- PdfSignature
Represents the signature dictionary.
- PdfSignatureApp
A dictionary that stores the name of the application that signs the PDF.
- PdfSignatureAppearance
Provides convenient methods to make a signature appearance.
- PdfSignatureBuildProperties
Dictionary that stores signature build properties.
- PdfSigner
Takes care of the cryptographic options and appearances that form a signature.
- PdfTwoPhaseSigner
Class that prepares document and adds the signature to it while performing signing operation in two steps (see PadesTwoPhaseSigningHelper for more info).
- PrivateKeySignature
Implementation of the IExternalSignature interface that can be used when you have a iText.Commons.Bouncycastle.Crypto.IPrivateKey object.
- RSASSAPSSMechanismParams
Encode the signer's parameters for producing an RSASSA-PSS signature.
- RootStoreVerifier
Verifies a certificate against a
KeyStorecontaining trusted anchors.
- SecurityIDs
A list of IDs that are used by the security classes
- SignatureMechanisms
Class that contains OID mappings to extract a signature algorithm name from a signature mechanism OID, and conversely, to retrieve the appropriate signature mechanism OID given a signature algorithm and a digest function.
- SignaturePermissions
A helper class that tells you more about the type of signature (certification or approval) and the signature's DMP settings.
- SignaturePermissions.FieldLock
Class that contains a field lock action and an array of the fields that are involved.
- SignaturePolicyInfo
Class that encapsulates the signature policy information
- SignatureUtil
Utility class that provides several convenience methods concerning digital signatures.
- SignerProperties
Properties to be used in signing operations.
- TSAClientBouncyCastle
Time Stamp Authority Client interface implementation using Bouncy Castle org.bouncycastle.tsp package.
- TimestampConstants
Timestamp constants util class for internal usage only.
- VerificationException
An exception that is thrown when something is wrong with a certificate.
- VerificationOK
Class that informs you that the verification of a Certificate succeeded using a specific CertificateVerifier and for a specific reason.
Interfaces
- IApplicableSignatureParams
Extension interface of ISignatureMechanismParams that also supports applying the parameters to a iText.Commons.Bouncycastle.Crypto.ISigner.
- ICrlClient
Interface that needs to be implemented if you want to embed Certificate Revocation Lists (CRL) into your PDF.
- IExternalDigest
ExternalDigest allows the use of implementations of iText.Commons.Digest.IMessageDigest other than BouncyCastleDigest.
- IExternalSignature
Interface that needs to be implemented to do the actual signing.
- IExternalSignatureContainer
Interface to sign a document.
- IIssuingCertificateRetriever
Interface helper to support retrieving CAIssuers certificates from Authority Information Access (AIA) Extension in order to support certificate chains with missing certificates and getting CRL response issuer certificates.
- IOcspClient
Interface for the Online Certificate Status Protocol (OCSP) Client.
- ISignatureMechanismParams
Interface to encode the parameters to a signature algorithm for inclusion in a signature object.
- ITSAClient
Time Stamp Authority client (caller) interface.
- ITSAInfoBouncyCastle
Interface you can implement and pass to TSAClientBouncyCastle in case you want to do something with the information returned
- PdfSigner.ISignatureEvent
An interface to retrieve the signature dictionary for modification.
Enums
- AccessPermissions
Access permissions value to be set to certification signature as a part of DocMDP configuration.
- LtvVerification.CertificateInclusion
Certificate inclusion in the DSS and VRI dictionaries in the CERT and CERTS keys.
- LtvVerification.CertificateOption
Options for how many certificates to include.
- LtvVerification.Level
What type of verification to include.
- LtvVerification.RevocationDataNecessity
Option to determine whether revocation information is required for the signing certificate.
- PdfSignatureAppearance.RenderingMode
Signature rendering modes.
- PdfSigner.CryptoStandard
Enum containing the Cryptographic Standards.