The DevExpress PDF Document API library allows you to retrieve a certificate and sign the document hash using any external client. This example demonstrates how to use the Azure Key Vault API to sign a PDF document.
- An Azure subscription.
- An existing Azure Key Vault. If you need to create an Azure Key Vault, you can use the Azure Portal or Azure CLI.
First, you need to obtain a certificate or the whole certificate chain using Azure Key Vault API. Create a Pkcs7SignerBase descendant and retrieve a certificate/ certificate chain in the constructor. Calculate the document hash using the DevExpress.Office.DigitalSignatures.DigestCalculator class with one of the following hashing algorithms: SHA1, SHA256, SHA384, and SHA512. Then, sign the calculated document hash with a private key using Azure Key Vault API in the SignDigest method of the Pkcs7SignerBase class.
Note that to run this example, you will need to specify your Azure Key Vault URL, certificate Id, and RSA key. If you don't have a configured Key Vault, we recommend you review these articles to learn how to obtain this information:
Follow these steps to configure this example with a self-signed certificate generated by Azure Key Vault:
- Create Azure Key Vault on Azure Portal. Assign the Key Vault URL to the keyVaultUrl variable in this example.
- Generate a self-signed certificate. Assign the certificate name to the certificateId variable.
- Open the certificate properties on Azure Portal. Find the "Key Identifier" field.
- Copy the Azure Key Id from the "Key Identifier" string and assign it to the keyId variable in this example.
(you will be redirected to DevExpress.com to submit your response)