Click or drag to resize
Pdftools logo

SessionCreateSignatureFromKeyId Method

Create a signature configuration based on the private key's ID and an external certificate

Create a signature configuration where only the private key is contained in the PKCS#11 device and the signing certificate is provided externally. This is intended for PKCS#11 devices that can only store private keys, e.g. the Google Cloud Key Management (KMS).

The private key object is identified using its ID, i.e. the CKA_ID object attribute in the PKCS#11 store.

The certificates of the trust chain should be added using AddCertificate(Stream).


Namespace: PdfTools.Crypto.Providers.Pkcs11
Assembly: PdfTools (in PdfTools.dll) Version: 1.1.0.0
Syntax
C#
public SignatureConfiguration CreateSignatureFromKeyId(
	byte[] id,
	Stream certificate
)

Parameters

id  Byte
The ID of the private key object in the PKCS#11 store
certificate  Stream
The signing certificate in either PEM (.pem, ASCII text) or DER (.cer, binary) form

Return Value

SignatureConfiguration
Exceptions
ExceptionCondition
NotFoundExceptionIf the private key cannot be found in the PKCS#11 store
ArgumentExceptionIf the certificate is not a valid signing certificate
ArgumentExceptionIf the key specification matches more than one key
ArgumentNullExceptionif id is .
ArgumentNullExceptionif certificate is .
See Also