This example was written for the article "Using iText and AWS KMS to digitally sign a PDF document" and demonstrates signing a PDF with iText using an AWS KMS Key Pair.

Assuming your AWS KMS signing key pair has the alias SigningExamples-ECC_NIST_P256 and is indeed an ECC_NIST_P256 key pair you can use the AwsKmsSignature code from Part 3 to sign a PDF like this:

Note: The article assumes that you have stored your credentials in the default section of your ~/.aws/credentials file and your region in the default section of your ~/.aws/config file. Otherwise, you'll have to adapt the KmsClient instantiation or initialization in the code examples written for this article.

For the other examples relating to this article, please see the following links:

Page Title

Using iText and AWS KMS to digitally sign a PDF document: Part 1

https://kb.itextpdf.com/home/it7kb/examples/using-itext-and-aws-kms-to-digitally-sign-a-pdf-document-part-1

Using iText and AWS KMS to digitally sign a PDF document: Part 2

https://kb.itextpdf.com/home/it7kb/examples/using-itext-and-aws-kms-to-digitally-sign-a-pdf-document-part-2

Using iText and AWS KMS to digitally sign a PDF document: Part 3

https://kb.itextpdf.com/home/it7kb/examples/using-itext-and-aws-kms-to-digitally-sign-a-pdf-document-part-3

Using iText and AWS KMS to digitally sign a PDF document: Part 5

https://kb.itextpdf.com/home/it7kb/examples/using-itext-and-aws-kms-to-digitally-sign-a-pdf-document-part-5