Skip to main content Skip to footer

How to Add Managed Qualified PDF Digital Signatures Using .NET C#

Real estate agents and contractors may have to deal with a lot of paperwork and collect several signatures and sales to close their target and to complete any property deals. Getting an agreement or contract signed by a home buyer or seller is also a time-consuming task for realtors.

Electronic signatures can be very useful – especially due to the impact of Covid-19, many signatories are confined to working from home or are unable to have documents couriered to or collected from them.

GrapeCity Documents for PDF (GcPdf), a .NET PDF API, has been supporting applying digital signatures programmatically to PDF documents since initial releases. With this support, you can sign documents like:

  • Legal Contracts
  • Budgets
  • Employee contracts
  • Purchase orderss
  • Financial transactions
  • Commercial lease agreements
  • Sales agreements
  • Shareholders agreements

The use of digital signature technology varies significantly between countries that follow open laws, including the United States, United Kingdom, Canada, and Australia, and those that follow tiered models that prefer locally defined standards based on digital signature technology, like in the European Union, South America, and Asia.

In addition, some industries also support specific standards that are based on digital signature technology.

One of the standards for Digital Signatures is set by eIDAS (or "Electronic Identification, Authentication and Trust Services")for electronic identification and trust services for electronic transactions in Europe.

In this blog, we will specifically look at these requirements set by eIDAS.

Download Now!

Add e-Signature (Basic) Signatures to PDF

As defined by the EU regulations on e-signatures (eIDAS), an electronic signature refers to “data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.

In other words, a signer can apply to a document for accepting or approving the document. However, the purpose of signing a document should be to guarantee the integrity or authenticity of the signer. A basic signature is not enough to meet the requirements.

Add Advanced Electronic Signatures (AdES) to PDF in C#

An Advanced Electronic Signature provides a higher level of signer verification, security, and tamper-sealing. These types of signature should:

  • Be unique to the signatory
  • Identify the signatory
  • Restrict signature data to sole usage and control by the signatory
  • Link to the signed data where subsequent changes are detectable

These signatures are based on the Public Key Infrastructure (PKI). The digital signature is applied with a digital certificate issued by a trusted third-party, called a Certificate Authority or CA, that uniquely identifies the signer. This meets the above requirements.

Next, the signatory is the sole holder of the private key, which is used to apply the signature. The person receiving the signed document can be assured that the signer is the actual person who signed the document. Finally, the document can be opened to see if it has been tampered with since it was signed.

A lease agreement is a scenario where AES is required. Let's say both the tenant and landlord reside in different cities. The firm involved has suggested both parties sign the rent agreement using digital signatures.

Then the real estate company will share an online utility for signing the document, since it's likely that both parties will not have Adobe Acrobat for signing the PDF document.

The real estate company prepares a formal agreement for the tenant and landlord, who can sign it electronically with a digital certificate. Once the tenant signs the document, the document can be opened to check if it has been modified since the first signature.

These requirements are programmatically met through GcPDF .NET API. Take a look at the following demos that support the aforementioned example:

Add PDF Advanced Digital Signatures (PAdES) to PDF in C#

Documents signed electronically in PAdES format can be used or stored for years or even decades, so that at any time in the future (despite possible technological improvements) users can validate the document. This is vital in order to confirm the signature's validity at the time of signing; a concept known as “Long-Term Validation” (LTV).

There are various conformance levels for trusted providers:

  1. B-B-Level – Profiles both signed and some unsigned properties of a signature at the time it is created.
  2. B-T-Level – Generates a trusted token to prove the signature was created on a certain date and time.
  3. LT-Level – Incorporates all required material to validate the signature and allow for long-term availability of the signed document.
  4. LTA-Level – Incorporates time-stamped tokens that allow for the long-term availability and integrity of the signed document.

When exchanging digitally-signed information between parties, the signatures should conform to a level that allows the parties to trust the signature when the exchange occurs. This standard is typically used when a signed document is shared in a business-to-consumer or consumer-to-consumer context.

In a recent release, GcPdf added the support of signing documents with PAdES standard:

The following snapshot shows a lease agreement signed using the PAdES B-T standard.

pdf lease

GcPdf is on track to support LT-Level and LTA-Level in upcoming releases.

Add Qualified Electronic Signatures (QES) to PDF in C#

Qualified electronic signature (QES) includes a qualified digital certificate that indicates that identity verification has been completed face to face. The qualified certificates can only be issued by a Qualified Trust Service Provider (QTSP).

The qualified certificate is created on a secured device like cryptographic USB Tokens or Hardware Security Modules (HSMs).

Digitally Sign a PDF Document Using a USB Token in C#

When a PDF is signed, a certificate can be stored in different locations i.e. on a hardware 'token'. In certain government contracts, a USB token is mandatory for storing digital signatures. This enhances the security of your digital signature significantly by having a tamper-proof hardware device with a PIN.

Some common interfaces allow working with such certificate sources, which are supported in GcPdf. The Pkcs11SignatureGenerator class helps sign a PDF using a USB token. | Demo

Digitally Sign a PDF Document Using Azure Key Vault in C#

Azure Key Vault helps in secure storage and management of sensitive information such as keys, passwords, certificates, and more in centralized storage – safeguarded by industry-standard algorithms, key lengths, and even HSMs. PDF documents on the cloud can be signed with digital certificates stored on the Azure Key Vault.

This can be done using the AzureSignatureGenerator class added for demo purposes in our GcPdf Sample browser. | Demo


Following new API have been added in a recent release to GcPdf to support AES and QES standards when signing PDF documents.

  • New ISignatureBuilder, IPkcs7SignatureGenerator interfaces allow users to provide custom implementations of digital signatures
  • The class Pkcs7SignatureBuilder implements ISignatureBuilder, and can be used to create PDF standard signatures in format PKCS#7, with levels B-B and B-T
  • Now ETSI_CAdES_detached signatures can be created when Pkcs7SignatureBuilder.Format property is set to SignatureFormat.ETSI_CAdES_detached
  • Certificate Revocation Lists can be embedded into the signature using the new Pkcs7SignatureBuilder.Crls property
  • OCPS information can be embedded into the signature – using Pkcs7SignatureBuilder.IncludeOcsp property
  • A full chain of certificates can be embedded into the signature (not only the signing certificate) using Pkcs7SignatureBuilder.CertificateChain property
  • ISignatureParser interface enables to retrieve the entire certificate chain from a signature

Read more about digital signature support in GcPdf.

For even more information, check out:

Download Now!

Shilpa Sharma - Product Manager

Shilpa Sharma

Product Manager
comments powered by Disqus