Verify PDF signature in C# and VB.NET

Digital signatures in PDF documents allow you to detect if the PDF was tampered with. You can use Docotic.Pdf library to verify digital signatures in PDF files. The library can help you to read signature properties in .NET Framework and .NET Core applications. Get the free time-limited license key here to try the library without evaluation mode restrictions.

Validate digital signature in PDF using C#

Docotic.Pdf library provides means to check if the signed part of a document was changed after signing. You can check if a signature contains embedded OCSP and/or CRL data. And for any signature, it is possible to check if its signing certificate is revoked on any given date.

The following C# sample shows how to verify a PDF signature and to check revocation of the signing certificate:

using BitMiracle.Docotic.Pdf;

using (var pdf = new PdfDocument("signed.pdf"))
{
    PdfControl field = pdf.GetControls().FirstOrDefault(c => c.Type == PdfWidgetType.Signature);
    if (field == null)
    {
        Console.WriteLine("Document does not contain signature fields", "Verification result");
        return;
    }

    PdfSignature signature = ((PdfSignatureField)field).Signature;
    PdfSignatureContents contents = signature.Contents;
    Console.WriteLine("Signed part is intact: {0}", contents.VerifyDigest());

    DateTime signingTime = signature.SigningTime ?? DateTime.MinValue;
    Console.WriteLine("Signed on: {0}\n", signingTime.ToShortDateString());

    if (contents.CheckHasEmbeddedOcsp())
    {
        Console.WriteLine("Signature has OCSP embedded.");
        checkRevocation(signature, PdfCertificateRevocationCheckMode.EmbeddedOcsp);
    }

    if (contents.CheckHasEmbeddedCrl())
    {
        Console.WriteLine("Signature has CRL embedded.");
        checkRevocation(signature, PdfCertificateRevocationCheckMode.EmbeddedCrl);
    }

    checkRevocation(signature, PdfCertificateRevocationCheckMode.OnlineOcsp);
    checkRevocation(signature, PdfCertificateRevocationCheckMode.OnlineCrl);
}

private static void checkRevocation(PdfSignature signature, PdfCertificateRevocationCheckMode mode)
{
    PdfSignatureContents contents = signature.Contents;
    DateTime signingTime = signature.SigningTime ?? DateTime.MinValue;

    foreach (DateTime time in new DateTime[] { signingTime, DateTime.UtcNow })
    {
        bool revoked = contents.CheckIfRevoked(mode, time);
        string status = revoked ? "Revoked" : "Valid";
        string date = time.ToShortDateString();
        Console.WriteLine("Checking using {0} mode: {1} on {2}", mode, status, date);
    }
}

On GitHub, you can download and try the complete Verify PDF signature samples in C# and VB.NET.

Read PDF signature properties in C#

Docotic.Pdf can read signature properties like the name of the signer, the time of signing, the signer's contact info. It is also possible to access the signing certificate embedded in the signature. The library can also retrieve the issuer certificate for the signing certificate if it's embedded in the signature.

This sample shows how to read the signature and corresponding certificates properties in C#:

using (var pdf = new PdfDocument("signed.pdf"))
{
    PdfControl control = pdf.GetControls().FirstOrDefault(c => c.Type == PdfWidgetType.Signature);
    if (control == null)
    {
        Console.WriteLine("Document does not contain signature fields");
        return;
    }

    PdfSignatureField field = (PdfSignatureField)control;
    Console.WriteLine("Signature field is invisible: {0}", isInvisible(field));

    PdfSignature signature = field.Signature;
    Console.WriteLine("Signed by: {0}", signature.Name);
    Console.WriteLine("Signing time: {0}", signature.SigningTime);
    Console.WriteLine("Signed at: {0}", signature.Location);
    Console.WriteLine("Reason for signing: {0}", signature.Reason);
    Console.WriteLine("Signer's contact: {0}", signature.ContactInfo);

    PdfSignatureContents contents = signature.Contents;
    Console.WriteLine("Has OCSP embedded: {0}", contents.CheckHasEmbeddedOcsp());
    Console.WriteLine("Has CRL embedded: {0}", contents.CheckHasEmbeddedCrl());

    PdfSignatureCertificate certificate = contents.GetSigningCertificate();
    Console.WriteLine("== Signing certificate:");
    Console.WriteLine("Name: {0}", certificate.Name);
    Console.WriteLine("Algorithm: {0}", certificate.AlgorithmName);
    Console.WriteLine("Subject DN: {0}", certificate.Subject.Name);
    Console.WriteLine("Issuer DN: {0}", certificate.Issuer.Name);
    Console.WriteLine("Serial number: {0}", certificate.SerialNumber);
    Console.WriteLine("Valid from {0} up to {1}", certificate.ValidFrom, certificate.ValidUpto);

    PdfSignatureCertificate issuer = contents.GetIssuerCertificateFor(certificate);
    Console.WriteLine("== Issuer certificate:");
    Console.WriteLine("Subject DN: {0}", issuer.Subject.Name);
    Console.WriteLine("Issuer DN: {0}", issuer.Issuer.Name);
    Console.WriteLine("Serial number: {0}", issuer.SerialNumber);
}

private static bool isInvisible(PdfSignatureField field)
{
    return (field.Width == 0 && field.Height == 0) ||
            field.Flags.HasFlag(PdfWidgetFlags.Hidden) ||
            field.Flags.HasFlag(PdfWidgetFlags.NoView);
}

Download and try the complete Read PDF signature properties in C# and VB.NET samples from GitHub.

Related resources