Search code examples
c#itextpdfstamper

How to display "✔" when signature is valid with iTextSharp?

I need to do a signature in pdf like this when trusted certificate:

Signature in PDF

When certificate is unknown origin then display a "?".

I can do the signature, but not display "✔" or "?".

Solution

  • Please consult PAdES part 6 (aka ETSI TS 102 778-6), more specifically section 6 entitled "The visual representation of AdES signature verification".

    I quote:

    A conforming signature handler shall not display the result of the signature validation inside the page content.

    NOTE: The conforming signature handler will use off-page display to present the verification result.

    If you are asking a way to use iText(Sharp) to add a green check mark to the visual representation of a signature in a PDF file, you are looking to achieve something that is in violation with PAdES-6, and that will be in violation of ISO-32000-2.

    I have access to the draft of section 12.8 of ISO-32000-2 (I redacted it), and this is what it will say:

    the information included in the appearance dictionary shall not be used by a signature verification handler at the time of signature verification. It is there strictly for the purpose of providing a way for a human verifier to perform their own verification of the visual representation. A PDF processor shall not incorporate the validation status of a signature (e.g. a checkmark for passed or an X for failed) into the appearance of the signature field.

    In other words: your question is wrong. You are asking a way to produce PDFs that will not be valid according to the PDF specification.

    The green check mark, the red cross, the yellow rectangle,... Those are all visual indications regarding the state of the signature (valid, invalid, unknown) that should be used by the application that consumes the signed PDF (e.g. the PDF viewer). You are asking for a way to add such a symbol through an application that produces the signed PDF, which is forbidden by the PDF specification.

    The question you should ask is: "when do I get a green check mark in a PDF viewer for a signed PDF with a valid signature?"

    • If you are using a certificate from a partner in Adobe's CDS (discontinued) or ATTL (the successor of CDS) program, then this green check mark will appear automatically in Adobe Reader. Other rules may apply to other viewers.
    • If you are using a certificate from a CA that isn't paying Adobe to have its root certificate in the collection of trusted root certificates, then you should add the root certificate of your CA to the trusted identities of your PDF viewer yourself. This can be done manually, but there are also ways to automate this.

    Read http://itextpdf.com/book/digitalsignatures for more info.