 | SessionCreate |
Create a signature configuration based on the private key's ID and an external certificate
Create a signature configuration where only the private key is contained in the PKCS#11 device and the signing certificate is provided externally. This is intended for PKCS#11 devices that can only store private keys, e.g. the Google Cloud Key Management (KMS).
The private key object is identified using its ID, i.e. the CKA_ID object attribute in the PKCS#11 store.
The certificates of the trust chain should be added using AddCertificate(Stream).
Namespace: PdfTools.Crypto.Providers.Pkcs11
Assembly: PdfTools (in PdfTools.dll) Version: 1.7.0+cfcc11b476b3e1eb4320f0f37269191f64e36bd8
SyntaxC#
public SignatureConfiguration CreateSignatureFromKeyId( byte[] id, Stream certificate )
Parameters
- id Byte
- The ID of the private key object in the PKCS#11 store
- certificate Stream
- The signing certificate in either PEM (.pem, ASCII text) or DER (.cer, binary) form
Return Value
SignatureConfigurationExceptions| Exception | Condition |
|---|---|
| NotFoundException | If the private key cannot be found in the PKCS#11 store |
| ArgumentException | If the certificate is not a valid signing certificate |
| ArgumentException | If the key specification matches more than one key |
| ArgumentNullException | if id is . |
| ArgumentNullException | if certificate is . |
See Also