Digital Signatures in C#

• Digital signature is a way to ensure that the person who uses the electronic data,
document and information is an authorized person.
• Digital signature is a stamp user places on the data that is unique to him/her and is very difficult to forge.

Use of key in digital signature

1. Private key: The person who made his signature, uses his/her private key to encrypt the hash into encrypted form.
2. Public key: In the process of verification of the digital signature, the public key of that
person who encrypted the hash is used to decrypt the hash.
Note: If the hashes of both the signing and the verification is the same then the signature is valid and the person is authorized to use the data and information

create digital signature in #c

1. Sender applies hash algorithm to the data being sent and creates a message digest.
Message digest is compact representation of the data being sent.
2. Sender then encrypts the message digest with the private key to get a digital signature
3. Sender sends the data over a secure channel
4. Receiver receives the data and decrypts the digital signature using public key and retrieves the message digest
5. Receiver applies the same hash algorithm as the sender to the data and creates a new message digest
6. If sender’s digest and receiver’s digest match then it means that the message really came from the said sender


1. Presign:

Required: pdf, certificate chain Serverside, setup signature infrastructure, extract message digest and send the digest to client as a byte-array

2. Signing:

Required: message digest as byte-array, private key Clientside, apply cryptographic algorithms to message digest to generate the signed digest from the hash and send this signature to the server

3. Postsign:

Required: signed digest as byte-array, pdf Server-side insert the signed digest
into the prepared signature, insert the signature into the PDF-document

Related .net Framework Provide

.NET Framework provides classes RSACrypto Service Provider, RSAPKCS1 Signature Formatter and RSAPKCS1 Signature Deformatter that allow you create and verify digital signatures. All of them reside in System.Security.Cryptography namespace

Example (Using itextshap):

using iTextSharp.text.pdf;

using System;

using System.Collections.Generic;

using System.IO;

using System.Security.Cryptography.X509Certificates;

using Org.BouncyCastle.Security;

using Org.BouncyCastle.X509;

using X509Certificate = Org.BouncyCastle.X509.X509Certificate;


All the above-mentioned references are used for accessing DSC, Signing DSC, Reading PDF and Creating new signed PDF.

Create a variable for X509Certificate2 and Get all the DSC users registered to local store and for current user using X509Store, PFB then X509Store “st” will collect all the certificates

X509Certificate2 certClient = null;

X509Store st = new X509Store(StoreName.My, StoreLocation.CurrentUser);


X509Certificate2Collection collection = st.Certificates;

C# code :

Pkcs12Store store = new Pkcs12Store(new FileStream(KEYSTORE, FileMode.Open), PASSWORD);

String alias = “”;

ICollection<X509Certificate> chain = new List<X509Certificate>();

// searching for private key

foreach (string al in store.Aliases)

if (store.IsKeyEntry(al) && store.GetKey(al).Key.IsPrivate) {
alias = al;

AsymmetricKeyEntry pk = store.GetKey(alias);

foreach (X509CertificateEntry c in store.GetCertificateChain(alias))

RsaPrivateCrtKeyParameters parameters = pk.Key as RsaPrivateCrtKeyParameters;

PdfReader reader = new PdfReader(src);

FileStream os = new FileStream(dest, FileMode.Create);

PdfStamper stamper = PdfStamper.CreateSignature(reader, os, ‘\0’);

// Creating the appearance

PdfSignatureAppearance appearance = stamper.SignatureAppearance;

appearance.Reason = “Test signing”; appearance.Location = “test Location”;

appearance.SetVisibleSignature(new Rectangle(36, 748, 144, 780), 1, “sig”);

// Creating the signature

IExternalSignature pks = new PrivateKeySignature(parameters, DigestAlgorithms.SHA256);

MakeSignature.SignDetached(appearance, pks, chain, null, null, null, 0, CryptoStandard.CMS);

Get a Quote