Use Safer Signing Process with GdPicture.NET
Hi everyone,
As most of you know, GdPicture.NET 14 toolkit offers, among numerous PDF features, the possibility to digitally sign or certify your PDF documents using digital IDs as well as the ability to decrypt shared PDF documents using digital certificates.
Now we would like to introduce you to the new improved and enriched set of methods supporting this critical feature.
So let’s talk a bit about how it works.
Digital Identity
First of all, if you want to sign your PDF document successfully, you need to have your own digital ID (digital identity). It is like your personal ID card or passport or your driver’s license but in digital form. It states and identifies, who you are.
It is common to have one digital ID only, just like it is with your other ID cards in the ‘real’ world. However, in the digital world, you can have multiple IDs for different purposes. Each digital ID includes a digital certificate, which contains, in general, personal facts about certificate’s owner or holder, like a name, an email address, then the certificate serial number, an expiration date and the name of the issuer.
Public and Private Keys
The most important parts of digital IDs are two keys – public and private.
The public key locks, or encrypts data, while the private key unlocks, or decrypts that data.
When you share a digitally signed document, you send your digital certificate with the public key together, to allow recipients to verify your signature and confirm the document’s integrity.
On the other hand, the private key permits you again to decrypt information previously encrypted using the certificate. This is why both keys are required in the signing process.
Certificate Authority
As said above, your digital ID proves your identity, and therefore they are issued by a trusted third-party provider known as a certificate authority (CA).
There are many commercial CA providers, from which you can either purchase your digital ID or obtain a free one. Choose one that is trusted by major companies to be able to do your business on the Web.
You can even create a so-called self-signed digital ID, and many PDF-oriented software solutions offer this feature. However, this ID cannot be widely used for public purposes. The reason is that other people cannot verify your authenticity as a signer when you use the self-signed ID to sign the document you share with them.
Digital ID File
The form of a digital ID issued by a CA is a file containing all necessary data typically secured with a password. There are several file extension types and encoding formats for such a file.
GdPicture.NET 14 supports .pfx and .p12 digital ID files (both are PKCS#12 file formats) as well as digital IDs contained in the files stored in the Windows Certificate Store.
Be careful about the password of your digital ID obtained from the CA provider. You cannot reset it if you have forgotten it. If it happens, you will need to contact the authority for help.
However, for personal purposes, if you use your self-signed ID, you can create a new one, if you forget your password. Store your digital ID in a safe place, as it contains your private key designated to decrypt information you want to secure.
Signature Properties
So now, if you have your digital ID stored in an appropriate file, you can use the updated feature designed by GdPicture.NET 14 toolkit to sign your PDF documents digitally.
- The very first step, definitely a mandatory one, is to set up your digital ID file.
- The next step is to select the signature certification level – either the standard recipient signature or the certifying signature.
- If you like, you can add your name, reason, a location, some explanatory text, and contact information to your signature. These entries are later displayed within the applied signature itself.
- You can also set a position on the page, where the signature is placed, as well as some image-based stamp.
- Additionally, GdPicture.NET 14 now offers the ability to timestamp your signature.
Sign and Validate
Finally, the last step, again a mandatory one, is the signing process itself.
Technically speaking, the private key contained in your digital ID file applies the digital signature to your PDF document. To ensure the standardly expected security, those skilled in this area certainly appreciate, that from now the set of updated methods use the SHA-256 hash algorithm instead of the deprecated SHA-1. Moreover, you can choose a stronger one if you need to. Thus after applying the digital signature, you can securely share the signed document with the public.
Alternatively, you are also able to validate the signature, in other words, to verify the identity of someone, who shares their signed documents with you. You only need to ask that person for their digital certificate with the public key, which a lot of PDF-oriented software allow to export using the digital ID file.
It is the combination of the public and private keys in the signing process that ensures your authenticity, integrity, and non-repudiation as a signer of the document.
Hope that from now on, signing your PDFs will be easy using GdPicture.NET 14 toolkit and its handy and comfortable set of methods. So, let’s sign and validate!
All our methods are described in our documentation at http://guides.gdpicture.com/content/webframe.html#GdPicture.NET.14~GdPicture14.GdPicturePDF_methods.html
We also have a sample for Digital Signing available in both C# and VB.NET in the WinForm folder. This demo is also available as a compiled application in the Bin folder both located in [INSTALLATION FOLDER]/Samples/.
You will find our enriched set of methods in the latest version of GdPicture.NET 14 (14.0.24):
If you’re thinking about adding this feature in a Web application, it is also possible to do it with DocuVieware, our HTML 5 Viewer and Document Management Kit!
See you next time!
Gabriela
Tags: