Using iText 7 and AWS KMS to digitally sign a PDF document: Part 5
This example was written for the article "Using iText 7 and AWS KMS to digitally sign a PDF document" and shows an implementation of IExternalSignatureContainer
instead of IExternalSignature
for signing While IExternalSignature
is the easiest way, there are some drawbacks as the PdfPKCS7
class does not support RSASSA-PSS usage, and for ECDSA signatures it uses the wrong OID as the signature algorithm OID.
To avoid these issues we can build the complete CMS signature container ourselves using only BouncyCastle functionality.
For .NET, while the AwsKmsSignatureContainer
class uses BouncyCastle to build the CMS signature container to embed just like in the Java version, there are certain differences in the .NET BouncyCastle API. In particular one does not use an instance of ContentSigner
for the actual signing but an instance of ISignatureFactory
; that interface represents a factory of IStreamCalculator
instances which in their function are equivalent to the ContentSigner
in Java. The implementations of these interfaces are AwsKmsSignatureFactory
and AwsKmsStreamCalculator
in the .NET example.
default
section of your ~/.aws/credentials
file and your region in the default
section of your ~/.aws/config
file. Otherwise, you'll have to adapt the KmsClient
instantiation or initialization in the code examples written for this article.
For the other examples relating to this article, please see the following links:
Page Title |
---|
Using iText 7 and AWS KMS to digitally sign a PDF document: Part 1 |
Using iText 7 and AWS KMS to digitally sign a PDF document: Part 2 |
Using iText 7 and AWS KMS to digitally sign a PDF document: Part 3 |
Using iText 7 and AWS KMS to digitally sign a PDF document: Part 4 |