 | SessionCreate |
Create a signature configuration based on the private key's label (name) and an external certificate
Create a signature configuration where only the private key is contained in the PKCS#11 device and the signing certificate is provided externally. This is intended for PKCS#11 devices that can only store private keys, e.g. the Google Cloud Key Management (KMS).
The private key object is identified using its label, i.e. the CKA_LABEL object attribute in the PKCS#11 store.
The certificates of the trust chain should be added using AddCertificate(Stream).
Namespace: PdfTools.Crypto.Providers.Pkcs11
Assembly: PdfTools (in PdfTools.dll) Version: 1.6.0+e1db8f4bf6125495a2d29513486ea3e61205c81b
SyntaxC#
public SignatureConfiguration CreateSignatureFromKeyLabel( string label, Stream certificate )
Parameters
- label String
- The label of the private key object in the PKCS#11 store
- certificate Stream
- The signing certificate in either PEM (.pem, ASCII text) or DER (.cer, binary) form
Return Value
SignatureConfigurationExceptions| Exception | Condition |
|---|---|
| NotFoundException | If the private key cannot be found in the PKCS#11 store |
| ArgumentException | If the certificate is not a valid signing certificate |
| ArgumentException | If the key specification matches more than one key |
| ArgumentNullException | if label is . |
| ArgumentNullException | if certificate is . |
See Also