Get PFX bytes instead a file ?

Dekan · November 3, 2023, 10:04am

Hi.

 DigitalSignature =
            {
                CertificatePath = "GemBoxECDsa521.pfx",
                CertificatePassword = "GemBoxPassword",
                Signature = signature,
                IsAdvancedElectronicSignature = true
            }

The difference is we don’t have the cert on a filesystem, it returned from a method call to Azure , its returned as bytes ,
its those bytes that we were passing to options.DigitalSignature.CertificateBytes , which does not work for us
How to insert PFX like bytes, not a file?

stipo.gembox · November 3, 2023, 3:13pm

Hi Dekan,

I doubt that Azure Key Vault service allows exporting a private key (to the PFX file) because that would make the private key insecure.

Instead, you will probably need to use a combination of code from the examples:

Instead of using the RSAXmlDigitalId class from the example External signature, you will need to implement your own class that derives from the PdfDigitalId and in the implementation you will need to use the Azure’s CryptographyClient Sign method.
And to create a PdfCertificate instance that your class will pass to the base PdfDigitalId constructor, you will need to use the Azure’s CertificateClient to retrieve a certificate and use its KeyVaultCertificate.Cer property to create an instance of an X509Certificate2 which you pass to the PdfCertificate constructor.

Regards,
Stipo

stipo.gembox · November 3, 2023, 5:16pm

After further investigation, I have found that the CertificateClient.DownloadCertificate method downloads both the private key and the X.509 certificate containing the public key in an instance of an X509Certificate2 class.
You can then use the X509Certificate2 instance like in the following code snippet:

DigitalSignature =
{
    Certificate = x509Certificate2, // Instance returned from the CertificateClient.DownloadCertificate method.
    Signature = signature,
    IsAdvancedElectronicSignature = true
}

Regards,
Stipo