A delegate called to perform a custom signing of the PDF content
digest and signed attributes.
The definition of the SigningDelegate delegate is as
delegate byte SigningDelegate(byte data);;
Delegate Function SigningDelegate(data As Byte()) As Byte();
The type of data passed to your delegate is determined by the
data type you specify when you call the Sign method. The default type is
DataType.Pkcs9Digest which is what will be used if you do not
specify a type.
For DataType.Pkcs9Digest the data is an ASN.1 encoded PKCS9
digest of the PDF content which includes the digest of the document
data with additional attributes required according to any desired
CompliancePades level that you
have specified. For DataType.RawDigest the data is the raw digest
of the document data.
In either case ABCpdf will create the digest using the algorithm
specified by the Oid passed to the Signature.Sign method. Where the Sign
method overload does not take an Oid the default algorithm of
SHA256 will be used.
For best results the CustomSigner should return the raw
signature of this data such as that returned by
RSACryptoServiceProvider.SignData (.NET 4) or RSACng.SignData (.NET
5). This ensures that ABCpdf can add any additional unsigned
attributes required for PAdES
If ABCpdf detects that the data returned is already in PKCS7 CMS
format it will embed that data into the document as is, with no
further processing. This is sometimes needed to accommodate certain
third-party signing solutions. In this case any desired compliance
will be dependent upon your solution provider.
The best way to determine the type of data your signing provider
returns, is to paste the byte array as a hexadecimal string into a
decoder such as the LAPO ASN.1
format. If it cannot then it is most likely the raw signature of
When writing code against your signing provider it is prudent to
Validate the document to
ensure you are providing correct data. See the example below for