Click here to Skip to main content
15,907,395 members
Please Sign up or sign in to vote.
1.00/5 (2 votes)
See more:
Hi,

I am trying to add a digital signature to a PDF document. My certificate will be stored in IE store and user will select from that. For this I have used Cryptography Class. After he selects the certificate for signature, I m exporting it and passing that file to iTextSharp & it takes care of the digital signature.

My problem is, when I export the certificate from IE store it doesn't ask for the password, exported certificate has no password. So, this is quite surprising that no security/protection for Certificate...
Anyone can simply export that & use? At the time of importing certificate I have to give a password, whats the use of that then? I need to validate the password given at the time of importing the certificate that is given by Certificate Authorities. what can be the solution?
Thanks
Posted

Certificates have a public and a private portion. When a user exports your certificate from their certificate store (via IE), they are only exporting the public portion. In fact, they never have access to the private portion of the certificate. Read more here.

I'm not sure how certificates would be involved in signing a PDF, but I imagine you'd need access to the private key when signing it. Anything that is encrypted with the private key can be decrypted with the public key and anything that is encrypted with the public key can be decrypted with the private key. However, something encrypted with the public key CANNOT be decrypted with the public key; same goes for the private key. At least, if memory serves me correctly.
 
Share this answer
 
Thank you for the quick reply.
I am able to unlock the private key from the exported certificate. Thats the only way to make signing possible, right?
My document is getting signed, without need of password.
 
Share this answer
 
Comments
alexrait1 28-Dec-18 9:02am    
When you import the PFX you can specify whether any interaction with the key requires manual approval.
It's called key strong protection.
Read about it here:
https://blogs.technet.microsoft.com/pki/2009/06/16/what-is-a-strong-key-protection-in-windows/
Depends on where you do the signing. If you do the signing on the client side, then you are basically exposing your certificate to the world giving others the ability to act as if they are you. If, however, you do the signing on the server side (say, on your computer), then to verify the PDF is authentic, the client will only need your public certificate and the signed PDF. Like I said, I'm not familiar with PDF signing and am not even sure what the purpose of that would be, but it's likely that the process of signing the PDF would include the public certificate with the PDF. The client would then look at that certificate, see that it came from a CA, and so would trust it (because it is trusted by the CA).
 
Share this answer
 
Comments
ankursingh 3-Jul-15 7:22am    
Hi there,
I am using Gematlo samrt card for signning in asp.net can anybody guide me how to start as it has to be done with client and server side .with secure token id of gematlo smard card

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900