This example was written for the article "Using iText 7 and AWS KMS to digitally sign a PDF document" and shows an implementation of the iText IExternalSignature interface for the purposes of signing a PDF using an AWS KMS Key Pair.

In the constructor we select a signing algorithm available for the key in question. However, as explained in the article you may want to enforce use of a specific hashing algorithm instead of simply taking the first algorithm.

In this example getHashAlgorithm and getEncryptionAlgorithm return the name of the respective part of the signature algorithm and sign simply creates a signature.

Note: The article assumes that you have stored your credentials in the default section of your ~/.aws/credentials file and your region in the default section of your ~/.aws/config file. Otherwise, you'll have to adapt the KmsClient instantiation or initialization in the code examples written for this article.

For the other examples relating to this article, please see the following links: