officefileapi-devexpress-dot-office-dot-digitalsignatures-dot-signatureoptions-0b0a4391.md
Using weak or outdated hash algorithms (such as SHA-1) may allow threat actors to manipulate or predict hash values. Use modern, secure alternatives (such as SHA-256 or stronger).
Gets or sets the signature digest method (the algorithm used to hash the signature).
Namespace : DevExpress.Office.DigitalSignatures
Assembly : DevExpress.Docs.v25.2.dll
NuGet Package : DevExpress.Document.Processor
public HashAlgorithmType DigestMethod { get; set; }
Public Property DigestMethod As HashAlgorithmType
| Type | Description |
|---|---|
| HashAlgorithmType |
An enumeration value that indicates the digest method.
|
Available values:
| Name | Description |
|---|---|
| SHA1 |
SHA1 hashing algorithm. This type can affect the signature’s integrity, authenticity, and legal validity.
| | SHA256 |
SHA256 hashing algorithm.
| | SHA384 |
SHA384 hashing algorithm.
| | SHA512 |
SHA512 hashing algorithm.
|
The code sample below signs and saves a Word and Excel document:
using DevExpress.Office.DigitalSignatures;
using System;
using System.Diagnostics;
using System.Security.Cryptography.X509Certificates;
static void Main(string[] args)
{
//Sign a workbook:
SignDocument("Template.xlsx", "Workbook_signed.xlsx");
//Sign a document:
SignDocument("Template.docx", "Template_signed.docx");
}
static void SignDocument(string path, string output)
{
DocumentSigner documentSigner = new DocumentSigner();
documentSigner.Sign(path, output,
CreateSignatureOptions(), CreateSignatureInfo());
}
//Specify a signature certificate and digest method:
static SignatureOptions CreateSignatureOptions()
{
X509Certificate2 certificate = new X509Certificate2("Certificate/SignDemo.pfx", "dxdemo");
Uri tsaServer = new Uri("https://freetsa.org/tsr");
SignatureOptions options = new SignatureOptions();
options.Certificate = certificate;
if (tsaServer != null)
options.TsaClient = new TsaClient(tsaServer, HashAlgorithmType.SHA256);
//In this example, certificate validation is skipped
options.SignatureFlags &= ~SignatureFlags.ValidateCertificate;
options.CertificateKeyUsageFlags = X509KeyUsageFlags.None;
options.DigestMethod = HashAlgorithmType.SHA256;
X509ChainPolicy policy = new X509ChainPolicy();
policy.RevocationMode = X509RevocationMode.NoCheck;
policy.RevocationFlag = X509RevocationFlag.ExcludeRoot;
policy.VerificationFlags |= X509VerificationFlags.AllowUnknownCertificateAuthority |
X509VerificationFlags.IgnoreCertificateAuthorityRevocationUnknown;
options.CertificatePolicy = policy;
options.TimestampCertificatePolicy = policy;
return options;
}
//Specify signer information:
static SignatureInfo CreateSignatureInfo()
{
SignatureInfo signatureInfo = new SignatureInfo();
signatureInfo.CommitmentType = CommitmentType.ProofOfApproval;
signatureInfo.Time = DateTime.UtcNow;
signatureInfo.ClaimedRoles.Clear();
signatureInfo.ClaimedRoles.Add("Sales Representative");
signatureInfo.Comments = "Demo Digital Signature";
return signatureInfo;
}
Imports DevExpress.Office.DigitalSignatures
Imports System
Imports System.Diagnostics
Imports System.Security.Cryptography.X509Certificates
Shared Sub Main(ByVal args() As String)
'Sign a workbook:
SignDocument("Template.xlsx", "Workbook_signed.xlsx")
'Sign a document:
SignDocument("Template.docx", "Document_signed.docx")
End Sub
Shared Sub SignDocument(ByVal path As String, ByVal output As String)
Dim documentSigner As New DocumentSigner()
documentSigner.Sign(path, output,
CreateSignatureOptions(), CreateSignatureInfo())
Process.Start(output)
End Sub
' Specify a signature certificate and digest method:
Private Shared Function CreateSignatureOptions() As SignatureOptions
Dim certificate As New X509Certificate2("Certificate/SignDemo.pfx", "dxdemo")
Dim tsaServer As New Uri("https://freetsa.org/tsr")
Dim options As New SignatureOptions()
options.Certificate = certificate
If tsaServer IsNot Nothing Then
options.TsaClient = New TsaClient(tsaServer, HashAlgorithmType.SHA256)
End If
'In this example, certificate validation is skipped
options.SignatureFlags = options.SignatureFlags And Not SignatureFlags.ValidateCertificate
options.CertificateKeyUsageFlags = X509KeyUsageFlags.None
options.DigestMethod = HashAlgorithmType.SHA256
Dim policy As New X509ChainPolicy()
policy.RevocationMode = X509RevocationMode.NoCheck
policy.RevocationFlag = X509RevocationFlag.ExcludeRoot
policy.VerificationFlags = policy.VerificationFlags Or X509VerificationFlags.AllowUnknownCertificateAuthority Or X509VerificationFlags.IgnoreCertificateAuthorityRevocationUnknown
options.CertificatePolicy = policy
options.TimestampCertificatePolicy = policy
Return options
End Function
' Specify signer information:
Shared Function CreateSignatureInfo() As SignatureInfo
Dim signatureInfo As New SignatureInfo()
signatureInfo.CommitmentType = CommitmentType.ProofOfApproval
signatureInfo.Time = Date.UtcNow
signatureInfo.ClaimedRoles.Clear()
signatureInfo.ClaimedRoles.Add("Sales Representative")
signatureInfo.Comments = "Demo Digital Signature"
Return signatureInfo
End Function
The following code snippets (auto-collected from DevExpress Examples) contain references to the DigestMethod property.
Note
The algorithm used to collect these code examples remains a work in progress. Accordingly, the links and snippets below may produce inaccurate results. If you encounter an issue with code examples below, please use the feedback form on this page to report the issue.
word-document-api-sign-document-and-validate-signature/CS/Program.cs#L41
options.CertificateKeyUsageFlags = X509KeyUsageFlags.None;
options.DigestMethod = HashAlgorithmType.SHA256;
options.CertificateKeyUsageFlags = X509KeyUsageFlags.None;
options.DigestMethod = HashAlgorithmType.SHA256;
word-document-api-sign-document-and-validate-signature/VB/Program.vb#L39
options.CertificateKeyUsageFlags = X509KeyUsageFlags.None
options.DigestMethod = HashAlgorithmType.SHA256
Dim policy As X509ChainPolicy = New X509ChainPolicy()
options.CertificateKeyUsageFlags = X509KeyUsageFlags.None
options.DigestMethod = HashAlgorithmType.SHA256
See Also