This example was written for the article "Using iText and AWS KMS to digitally sign a PDF document" and shows an implementation of the iText IExternalSignature interface for the purposes of signing a PDF using an AWS KMS Key Pair.

In the constructor we select a signing algorithm available for the key in question. The single argument constructor simply takes the first algorithm from the available ones, the double argument constructor allows you to select a specific one.

In this example getDigestAlgorithmName (renamed in iText 8) returns the name of the respective part of the signature algorithm, getSignatureMechanismParameters (added in iText 8) returns additional parameters where required, and sign simply creates a signature.

Note: The article assumes that you have stored your credentials in the default section of your ~/.aws/credentials file and your region in the default section of your ~/.aws/config file. Otherwise, you'll have to adapt the KmsClient instantiation or initialization in the code examples written for this article.

For the other examples relating to this article, please see the following links: