使用 C# 对 PDF 进行数字签名的开发人员指南

使用 X509Certificate2 对象

为了最大限度地控制，您可以从您的证书文件创建一个 X509Certificate2 对象。IronPDF 完全符合 X509Certificate2 标准，提供了一种强大且安全的数字签名实现方法。 创建证书对象时，请确保将 X509KeyStorageFlags 设置为 Exportable ，因为底层加密 API 要求这样做。在我们的代码库中查看实用的数字签名示例。

Install-Package IronPdf

using IronPdf;
using IronPdf.Signing;
using System.Security.Cryptography.X509Certificates;

// Create a new PDF from an HTML string for demonstration.
var renderer = new ChromePdfRenderer();
var pdf = renderer.RenderHtmlAsPdf("<h1>Signed Document</h1><p>This document has been digitally signed.</p>");

// Load the certificate from a .pfx file with its password.
// The X509KeyStorageFlags.Exportable flag is crucial for allowing the private key to be used in the signing process.
var cert = new X509Certificate2("IronSoftware.pfx", "123456", X509KeyStorageFlags.Exportable);

// Create a PdfSignature object using the loaded certificate.
var signature = new PdfSignature(cert);

// Apply the signature to the PDF document.
pdf.Sign(signature);

// Save the securely signed PDF document.
pdf.SaveAs("Signed.pdf");

using IronPdf;
using IronPdf.Signing;
using System.Security.Cryptography.X509Certificates;

// Create a new PDF from an HTML string for demonstration.
var renderer = new ChromePdfRenderer();
var pdf = renderer.RenderHtmlAsPdf("<h1>Signed Document</h1><p>This document has been digitally signed.</p>");

// Load the certificate from a .pfx file with its password.
// The X509KeyStorageFlags.Exportable flag is crucial for allowing the private key to be used in the signing process.
var cert = new X509Certificate2("IronSoftware.pfx", "123456", X509KeyStorageFlags.Exportable);

// Create a PdfSignature object using the loaded certificate.
var signature = new PdfSignature(cert);

// Apply the signature to the PDF document.
pdf.Sign(signature);

// Save the securely signed PDF document.
pdf.SaveAs("Signed.pdf");

上述代码首先生成一个简单的 PDF。 然后它将 .pfx 证书文件加载到 X509Certificate2 对象中。 代表数字身份的该对象传递给 PdfSignature 构造函数。 最后，pdf.Sign 方法在保存文档之前应用此签名。 For more information on the X509Certificate2 class, you can refer to the official Microsoft documentation.

在数字签名中添加细节

一个数字签名可以包含的不仅仅是证书； 您可以嵌入丰富的元数据以提供签名的上下文。 这包括签名位置、原因、联系信息和来自可信机构的安全时间戳。 您还可以设置和编辑元数据，以获得更多文档属性。

添加这些细节可以改进文档的审核轨迹，并为验证者提供有价值的信息。 IronPDF 还支持使用现代 SHA256 和 SHA512 哈希算法的时间戳服务器。

using IronPdf;
using IronPdf.Signing;
using IronSoftware.Drawing;
using System;

// Load an existing PDF document to be signed.
var pdf = PdfDocument.FromFile("invoice.pdf");

// Create a PdfSignature object directly from the certificate file and password.
var signature = new PdfSignature("IronSoftware.pfx", "123456");

// Add detailed metadata to the signature for a comprehensive audit trail.
// These properties enhance the signature's credibility and provide context
signature.SignatureDate = DateTime.Now;
signature.SigningContact = "legal@ironsoftware.com";
signature.SigningLocation = "Chicago, USA";
signature.SigningReason = "Contractual Agreement";

// Add a secure timestamp from a trusted Time Stamp Authority (TSA).
// This provides cryptographic proof of the signing time.
signature.TimeStampUrl = new Uri("[http://timestamp.digicert.com](http://timestamp.digicert.com)");
signature.TimestampHashAlgorithm = TimestampHashAlgorithms.SHA256;

// Apply a visual appearance to the signature. (More on this in the next section)
signature.SignatureImage = new PdfSignatureImage("assets/visual-signature.png", 0, new Rectangle(350, 750, 200, 100));

// Sign the PDF document with the configured signature object.
pdf.Sign(signature);

// Save the final, signed PDF document.
pdf.SaveAs("DetailedSignature.pdf");

using IronPdf;
using IronPdf.Signing;
using IronSoftware.Drawing;
using System;

// Load an existing PDF document to be signed.
var pdf = PdfDocument.FromFile("invoice.pdf");

// Create a PdfSignature object directly from the certificate file and password.
var signature = new PdfSignature("IronSoftware.pfx", "123456");

// Add detailed metadata to the signature for a comprehensive audit trail.
// These properties enhance the signature's credibility and provide context
signature.SignatureDate = DateTime.Now;
signature.SigningContact = "legal@ironsoftware.com";
signature.SigningLocation = "Chicago, USA";
signature.SigningReason = "Contractual Agreement";

// Add a secure timestamp from a trusted Time Stamp Authority (TSA).
// This provides cryptographic proof of the signing time.
signature.TimeStampUrl = new Uri("[http://timestamp.digicert.com](http://timestamp.digicert.com)");
signature.TimestampHashAlgorithm = TimestampHashAlgorithms.SHA256;

// Apply a visual appearance to the signature. (More on this in the next section)
signature.SignatureImage = new PdfSignatureImage("assets/visual-signature.png", 0, new Rectangle(350, 750, 200, 100));

// Sign the PDF document with the configured signature object.
pdf.Sign(signature);

// Save the final, signed PDF document.
pdf.SaveAs("DetailedSignature.pdf");

如果签名证书不在系统的可信存储中，某些 PDF 查看器中可能会看到警告图标。 要获得绿色勾号，证书必须添加到查看器的可信身份中。

Saving and Signing a Specific PDF Revision

PDFs can store a history of changes, much like a version control system. This is known as incremental saving. When you sign a PDF, the signature applies to a specific revision of the document. This is crucial for workflows where a document goes through multiple stages of approval. Learn more about managing PDF revision history in our detailed guide.

In the following example, we load a PDF, make edits, and then sign the current revision while allowing only form-filling as a future change. We use SaveAsRevision to commit the current state to the document's history before saving the file.

using IronPdf.Signing;

// Load a PDF file with change tracking enabled.
// This enables incremental save functionality for revision management
var pdf = PdfDocument.FromFile("annual_census.pdf", ChangeTrackingModes.EnableChangeTracking);

// Placeholder for edits: You might add text, fill forms, or add annotations here.
// For example: pdf.Annotations.Add(new TextAnnotation(...));
// Or: pdf.Form["fieldName"].Value = "New Value";

// Sign the current state of the document using SignWithFile for convenience.
// We set permissions to allow further signatures and form filling.
pdf.SignWithFile(
    "assets/IronSignature.p12", 
    "password", 
    SignaturePermissions.AdditionalSignaturesAndFormFillingAllowed);

// Save the current state as a distinct revision within the PDF's history.
// This creates a snapshot that can be referenced later
PdfDocument pdfWithRevision = pdf.SaveAsRevision();

// Save the final PDF with its full revision history to a new file.
pdfWithRevision.SaveAs("annual_census_signed.pdf");

using IronPdf.Signing;

// Load a PDF file with change tracking enabled.
// This enables incremental save functionality for revision management
var pdf = PdfDocument.FromFile("annual_census.pdf", ChangeTrackingModes.EnableChangeTracking);

// Placeholder for edits: You might add text, fill forms, or add annotations here.
// For example: pdf.Annotations.Add(new TextAnnotation(...));
// Or: pdf.Form["fieldName"].Value = "New Value";

// Sign the current state of the document using SignWithFile for convenience.
// We set permissions to allow further signatures and form filling.
pdf.SignWithFile(
    "assets/IronSignature.p12", 
    "password", 
    SignaturePermissions.AdditionalSignaturesAndFormFillingAllowed);

// Save the current state as a distinct revision within the PDF's history.
// This creates a snapshot that can be referenced later
PdfDocument pdfWithRevision = pdf.SaveAsRevision();

// Save the final PDF with its full revision history to a new file.
pdfWithRevision.SaveAs("annual_census_signed.pdf");

Understanding incremental saves is key to advanced PDF workflows. While a simple viewer might only show the latest version, a tool like Adobe Acrobat can reveal the entire revision history, showing who signed which version and what changes were made between signatures. IronPDF gives you full programmatic control over this process.

For businesses managing complex document workflows that require high security and compliance, a comprehensive solution may be needed. Iron Software offers Iron Suite, which includes IronPDF for signing and manipulation, plus other libraries for a wide range of document processing tasks, available for a single one-time payment.

How Can I Manage and Verify Signatures Across Revisions?

A PDF document can have multiple signatures applied across its various revisions. IronPDF provides tools to manage this history effectively.

• Roll Back to a Previous Revision: You can revert a document to an earlier state using the GetRevision method. This will discard all changes and signatures made after that revision.
• Verify All Signatures: The VerifySignatures method checks the validity of all signatures across all revisions of the document. It returns true only if every signature is valid and no unauthorized changes have been made.
• Remove Signatures: The RemoveSignatures method will strip all digital signatures from every revision of the document, creating a clean, unsigned version.

// Load a PDF with a complex signature history.
var pdf = PdfDocument.FromFile("multi_signed_report.pdf");

// Verify all signatures across all revisions.
// This ensures document integrity throughout its entire history
bool allSignaturesValid = pdf.VerifySignatures();
Console.WriteLine($"All signatures are valid: {allSignaturesValid}");

// Roll back to the first revision (index 0).
// Useful for reviewing the original document state
if (pdf.RevisionCount > 1)
{
    PdfDocument firstRevision = pdf.GetRevision(0);
    firstRevision.SaveAs("report_first_revision.pdf");
}

// Create a completely unsigned version of the document.
// This removes all digital signatures while preserving content
pdf.RemoveSignatures();
pdf.SaveAs("report_unsigned.pdf");

// Load a PDF with a complex signature history.
var pdf = PdfDocument.FromFile("multi_signed_report.pdf");

// Verify all signatures across all revisions.
// This ensures document integrity throughout its entire history
bool allSignaturesValid = pdf.VerifySignatures();
Console.WriteLine($"All signatures are valid: {allSignaturesValid}");

// Roll back to the first revision (index 0).
// Useful for reviewing the original document state
if (pdf.RevisionCount > 1)
{
    PdfDocument firstRevision = pdf.GetRevision(0);
    firstRevision.SaveAs("report_first_revision.pdf");
}

// Create a completely unsigned version of the document.
// This removes all digital signatures while preserving content
pdf.RemoveSignatures();
pdf.SaveAs("report_unsigned.pdf");

What Does the Stamped PDF Result Look Like?

After running the code, the signature image is stamped onto the document, creating a visually signed invoice.

The final PDF with the handwritten signature image stamped in the bottom-right corner.