The difference is we don’t have the cert on a filesystem, it returned from a method call to Azure , its returned as bytes ,
its those bytes that we were passing to options.DigitalSignature.CertificateBytes , which does not work for us
How to insert PFX like bytes, not a file?
Instead of using the RSAXmlDigitalId class from the example External signature, you will need to implement your own class that derives from the PdfDigitalId and in the implementation you will need to use the Azure’s CryptographyClient Sign method.
And to create a PdfCertificate instance that your class will pass to the base PdfDigitalId constructor, you will need to use the Azure’s CertificateClient to retrieve a certificate and use its KeyVaultCertificate.Cer property to create an instance of an X509Certificate2 which you pass to the PdfCertificate constructor.
After further investigation, I have found that the CertificateClient.DownloadCertificate method downloads both the private key and the X.509 certificate containing the public key in an instance of an X509Certificate2 class.
You can then use the X509Certificate2 instance like in the following code snippet:
DigitalSignature =
{
Certificate = x509Certificate2, // Instance returned from the CertificateClient.DownloadCertificate method.
Signature = signature,
IsAdvancedElectronicSignature = true
}