Sign PDF documents in C# and VB.NET

Digital signatures are used to authenticate the identity of a user and the PDF document's contents. Signatures allow proving that the PDF document:

  • Has not been modified since it was signed.
  • Was digitally signed by a specific person.

.NET library to sign PDF documents

Use Docotic.Pdf library to sign PDF documents in .NET Framework and .NET Core applications. You can download the binaries of the library or use its NuGet package. To try the library without evaluation mode restrictions, you may get the free time-limited license key here.

Docotic.Pdf can create digital signatures using different digest algorithms (SHA-1, SHA-256, SHA-384, SHA-512, RIPEMD-160) and different signature formats (adbe.pkcs7.detached, or ETSI.CAdES.detached). The library can also verify PDF signatures.

Add digital signature to PDF in C#

You need a digital PKCS#12 certificate (.pfx or .p12 file) issued by a valid Certificate Authority (CA) to sign a PDF document. Here is the basic sample that shows how to sign a PDF document in C#:

using BitMiracle.Docotic.Pdf;

using (var pdf = new PdfDocument("document_to_sign.pdf"))
{
    var options = new PdfSigningOptions("your_cert.p12", "your_cert_password")
    {
        DigestAlgorithm = PdfDigestAlgorithm.Sha256,
        Format = PdfSignatureFormat.Pkcs7Detached,
        Reason = "Testing digital signatures",
        Location = "My workplace",
        ContactInfo = "support@example.com"
    };

    pdf.SignAndSave(options, "signed.pdf");
}

Replace "your_cert.p12" and "your_cert_password" with your own .p12 or .pfx certificate file and password. On GitHub, you can download and try the complete Sign PDF document samples in C# and VB.NET.

The code above implicitly adds an invisible signature field to the PDF document and uses it for signing. Let's look at how to add and customize signature fields in PDF.

Sign a PDF document with a handwritten signature image

You often need to add a handwritten signature image to PDF besides digital signing. This sample shows how to add a digital signature with an associated image in C#:

using (var pdf = new PdfDocument("document_to_sign.pdf"))
{
    var options = new PdfSigningOptions("your_cert.p12", "your_cert_password")
    {
        DigestAlgorithm = PdfDigestAlgorithm.Sha256,
        Format = PdfSignatureFormat.Pkcs7Detached,
    };
    
    PdfSignatureField field = pdf.Pages[0].AddSignatureField(20, 20, 100, 50);
    options.Field = field;

    PdfImage image = pdf.AddImage("your_signature.jpg");
    options.Appearance.Image = image;
    options.Appearance.HideAllText();

    pdf.SignAndSave(options, "signed.pdf");
}

This code adds a signature field, associates the field with signing options, and customizes the field's appearance. You can show text, image, or both in signature fields. Look at PdfSignatureAppearanceOptions class and Sign a signature field using a custom style samples for more detail.

Lock PDF form fields with a signature field

A signature field can be used to lock PDF form fields after the signing. This sample shows how to lock specific form fields after signing in C#:

var first = page.AddSignatureField("first", 100, 100, 200, 50);

// when the first field is signed, fields with "some_text_field" and
// "some_checkbox" names will be locked for editing
first.Lock = PdfSignatureFieldLock.CreateLockFields("some_text_field", "some_checkbox");

And the following code shows how to lock all form fields after signing:

var second = page.AddSignatureField("second", 100, 200, 200, 50);

// when the second field is signed, all fields will be locked for editing
second.Lock = PdfSignatureFieldLock.CreateLockAll();

You can also lock all form fields in the PDF document except the specific fields. Use PdfSignatureFieldLock.CreateLockAllExceptFields method for that.

Download and try the complete Sign signature field with a lock samples in C# and VB.NET from GitHub.

Embed timestamp in a digital signature

You can add extra security to a digital signature by embedding a timestamp. For this, specify the Timestamp Authority URL as one of the signing options. You can also provide a username and password if required.

When signing, the library will get a timestamp from the Timestamp Authority and embed it in the signature.

For compatibility reasons, we recommend using one of the SHA digest algorithms for timestamped signatures.

// Replace the following test URL with your Timestamp Authority URL
options.Timestamp.AuthorityUrl = new Uri("http://tsa.starfieldtech.com/");

// Specify username and password if your Timestamp Authority requires authentication
options.Timestamp.Username = null;
options.Timestamp.Password = null;