How To: Sign a PDF File with a Certificate Stored in the Windows Certificate Store

Jul 11, 2025
3 minutes to read

The PDF Document API allows you to sign PDF files with certificates (X.509) and digital signatures (PKCS#7). For example, you can sign documents with certificates stored in the Windows Certificate Store.

The following code snippet executes the following actions:

Creates a PKCS#7 signature with the localhost certificate stored in the Windows Certificate Store.
Applies a digital signature to a form field.
Signs a document with that signature.
C#
VB.NET

csharp

using System;
using System.IO;
using System.Linq;
using DevExpress.Office.DigitalSignatures;
using DevExpress.Office.Tsp;
using DevExpress.Pdf;
using System.Security.Cryptography.X509Certificates;

using (var signer = new PdfDocumentSigner("Document.pdf")) {
    //Specify the name and location of the signature field
    var signatureFieldInfo = new PdfSignatureFieldInfo(1);
    signatureFieldInfo.Name = "SignatureField";
    signatureFieldInfo.SignatureBounds = new PdfRectangle(20, 20, 150, 150);
    signatureFieldInfo.RotationAngle = PdfAcroFormFieldRotation.Rotate90;

    //Create a timestamp
    ITsaClient tsaClient = new TsaClient(new Uri(@"https://freetsa.org/tsr"), HashAlgorithmType.SHA256);

    string certificateSubjectName = "localhost";
    X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
    store.Open(OpenFlags.ReadOnly);
    // Search the certificate by the Subject Name 
    var storeCertificate = store.Certificates
        .Find(X509FindType.FindBySubjectName, certificateSubjectName, validOnly: false)
        .OfType<X509Certificate2>()
        .FirstOrDefault();
    store.Close();

    if(storeCertificate == null)
        Console.WriteLine($"Certificate with subject name '{certificateSubjectName}' not found.");
    else {
        Pkcs7Signer pkcs7StoreSignature = new Pkcs7Signer(
            storeCertificate, HashAlgorithmType.SHA256, tsaClient, null, null, PdfSignatureProfile.PAdES_BES);

        //Apply a signature to a new form field created before
        PdfSignatureBuilder storeSignature = new PdfSignatureBuilder(pkcs7StoreSignature, signatureFieldInfo) {
            Location = "USA",
            Reason = "Acknowledgement",
            Name = "Jane Cooper"
        };
        storeSignature.SetImageData(System.IO.File.ReadAllBytes("Signing Documents/JaneCooper.jpg"));

        //Sign and save the document
        signer.SaveDocument("SignedDocument.pdf", storeSignature);
    }
}

Imports System
Imports System.IO
Imports System.Linq
Imports System.Security.Cryptography.X509Certificates
Imports DevExpress.Office.DigitalSignatures
Imports DevExpress.Office.Tsp
Imports DevExpress.Pdf
'...
Using signer As New PdfDocumentSigner("Document.pdf")
    ' Specify the name and location of the signature field
    Dim signatureFieldInfo As New PdfSignatureFieldInfo(1)
    signatureFieldInfo.Name = "SignatureField"
    signatureFieldInfo.SignatureBounds = New PdfRectangle(20, 20, 150, 150)
    signatureFieldInfo.RotationAngle = PdfAcroFormFieldRotation.Rotate90

    ' Create a timestamp client
    Dim tsaClient As ITsaClient = New TsaClient(New Uri("https://freetsa.org/tsr"), HashAlgorithmType.SHA256)

    Dim certificateSubjectName As String = "localhost"
    Dim store As New X509Store(StoreName.My, StoreLocation.CurrentUser)
    store.Open(OpenFlags.ReadOnly)
    ' Search the certificate by subject name
    Dim storeCertificate As X509Certificate2 = store.Certificates _
        .Find(X509FindType.FindBySubjectName, certificateSubjectName, validOnly:=False) _
        .OfType(Of X509Certificate2)() _
        .FirstOrDefault()
    store.Close()

    If storeCertificate Is Nothing Then
        Console.WriteLine($"Certificate with subject name '{certificateSubjectName}' not found.")
    Else
        Dim pkcs7StoreSignature As New Pkcs7Signer(
            storeCertificate,
            HashAlgorithmType.SHA256,
            tsaClient,
            Nothing,
            Nothing,
            PdfSignatureProfile.PAdES_BES
        )

        ' Apply a signature to the previously created signature field
        Dim storeSignature As New PdfSignatureBuilder(pkcs7StoreSignature, signatureFieldInfo) With {
            .Location = "USA",
            .Reason = "Acknowledgement",
            .Name = "Jane Cooper"
        }
        storeSignature.SetImageData(File.ReadAllBytes("Signing Documents/JaneCooper.jpg"))
        ' Sign and save the document
        signer.SaveDocument("SignedDocument.pdf", storeSignature)
    End If
End Using