New to Telerik Document Processing? Start a free 30-day trial

Getting Started with Digital Signature

Updated on May 11, 2026

RadPdfProcessing allows adding a digital signature while editing a document created from scratch or importing an existing one.

To use the signing functionality in PdfProcessing for .NET Standard/.NET Core, you must add a reference to the System.Security.Cryptography.Pkcs NuGet package, version 6 or later (this functionality is available starting with R1 2022 SP1).

PdfProcessing Digitally Sign Document Demo

Signing a Document

To sign a document, follow these steps:

1. Create a Signature object which takes a X509Certificate2 object as a parameter. This is the certificate that will be used to sign the PDF document.

2. When instantiated, add the Signature to the document's content using a SignatureField.

3. To create a signature, which has a visual representation, you must create a SignatureWidget and associate the Widget annotation with the signed SignatureField. The widget also needs a FormSource object applied to its Content.NormalContentSource property. A FormSource could be filled with data using the FixedContentEditor.

When exporting a digitally signed document, a stream that allows both, reading and writing, should be passed. Otherwise, an exception is thrown: NotSupportedException: 'Stream does not support reading.'.

The following example shows a full code snippet for a simple signing of a newly created document:

Example: Sign a document

int signatureFieldWidth = 200;
int signatureFieldHeight = 50;
int signaturePositionLeft = 10;
int signaturePositionTop = 10;

X509Certificate2 certificate = new X509Certificate2("Certificate.pfx", "johndoe");
SignatureField pdfSignature = new SignatureField("SignatureField");
pdfSignature.Signature = new Signature(certificate);

Form pdfForm = new Form();
pdfForm.FormSource = new FormSource();
pdfForm.FormSource.Size = new Size(signatureFieldWidth, signatureFieldHeight);
FixedContentEditor editor = new FixedContentEditor(pdfForm.FormSource);
pdfForm.Position.Translate(signaturePositionLeft, signaturePositionTop);
editor.DrawText($"{certificate.GetNameInfo(X509NameType.SimpleName, false)} {DateTime.Now.ToString("yyyy.MM.dd HH:mm")}");

SignatureWidget signatureWidget = pdfSignature.Widgets.AddWidget();
signatureWidget.Content.NormalContentSource = pdfForm.FormSource;
signatureWidget.Rect = new Rect(signaturePositionLeft, signaturePositionTop, signatureFieldWidth, signatureFieldHeight);
signatureWidget.RecalculateContent();

RadFixedDocument document = new RadFixedDocument();
RadFixedPage pdfPage = document.Pages.AddPage();
pdfPage.Annotations.Add(signatureWidget);

FixedContentEditor pageEditor = new FixedContentEditor(pdfPage);
pageEditor.Position.Translate(signaturePositionLeft, signaturePositionTop);
pageEditor.DrawForm(pdfForm.FormSource);
document.AcroForm.FormFields.Add(pdfSignature);
signatureWidget.RecalculateContent();

string signedDocumentFilePath = "signed.pdf";
File.Delete(signedDocumentFilePath);
using (Stream output = new FileStream(signedDocumentFilePath, FileMode.OpenOrCreate, FileAccess.ReadWrite))
{
    new Telerik.Windows.Documents.Fixed.FormatProviders.Pdf.PdfFormatProvider().Export(document, output, TimeSpan.FromSeconds(10));
}

In .NET Standard use Telerik.Documents.Primitives.Rect instead of System.Windows.Rect.

Signed PDF

When signing an existing document (after the import) you must verify that the AcroForm ViewersShouldRecalculateWidgetAppearances property is set to false. Otherwise, the exported and signed PDF document may not be displayed as signed.

Signature Settings

The SignatureSettings class (introduced in Q4 2025) provides configurable options for producing digital signatures in PDF documents. It allows developers to specify the digest (hash) algorithm used during certificate-based signing. SignatureSettings are accessed via the Signature.Settings property and expose the following settings:

Property	Description
`DigestAlgorithm`	Gets or sets the digest (hash) algorithm used when producing the CMS (PKCS#7) signature. Default is `DigestAlgorithmType.Sha256`. Supported values: `Sha256` (recommended default), `Sha384` (for higher strength or P-384 key policy), `Sha512` (highest SHA-2 strength or long-term archival).
`TimeStampServer`	Gets or sets the timestamp server settings used to obtain a trusted timestamp for the signature.
`CertificateChainIncludeOption`	Gets or sets the option that determines which certificates are included in the certificate chain. Available values: `None` (no chain info), `ExcludeRoot` (entire chain except root), `EndCertOnly` (only the end certificate), `WholeChain` (entire chain). [Introduced in Q1 2026]

Signature Encodings

RadPdfProcessing enables you to sign and validate signature fields using standard signature encodings:

adbe.x509.rsa_sha1 (PKCS #1)
adbe.pkcs7.sha1 (PKCS #7)
adbe.pkcs7.detached (PKCS #7 Detached)

Signature Flags

The signature flags were introduced in R2 2022 SP1. You can set the flags with the following code:

Example: Set signature flags

document.AcroForm.SignatureFlags = SignatureFlags.None;

The possible values are:

Value	Description
`None`	Indicates no signature fields exist.
`SignaturesExist`	If set, the document contains at least one signature field. This flag allows a viewer to enable signature-related UI (such as menu items or buttons) without scanning the entire document.
`AppendOnly`	The document contains signatures that may be invalidated if the file is saved in a way that alters its previous contents. Viewer applications can use this flag to warn users that saving will invalidate signatures.