

In addition, we also point out some things you’ll need to consider if you plan to do mass-signing operations with AWS KMS. We walk through the whole process of accessing the AWS KMS API to generate a digital signature, and then applying that signature to a PDF with iText 7. This topic came up in a recent Stack Overflow question, and the comprehensive answer provided by Michael Klink led to this article which we hope many of you will benefit from. Since AWS KMS doesn’t store or associate digital certificates with asymmetric CMKs it creates, it’s not directly possible to use the asymmetric CMK for signing PDFs, as you would first have to generate a certificate for the public key of your AWS KMS signing key pair. Since it’s a scalable service with no upfront charges, AWS KMS can be an attractive option for digitally signing PDFs. Similar to the symmetric key features that were previously available, asymmetric keys can be generated as customer master keys (CMKs) where the private portion never leaves the service, or as a data key where the private portion is returned to your calling application encrypted under a CMK. However, Amazon Web Services now offers the generation of asymmetric keys as part of its Key Management Service (KMS) which makes it easy to create and manage cryptographic keys and control their use across a range of AWS services and in your applications. This is a physical computing device and is usually very expensive. There are a number of ways to generate such a key pair, but one of the most secure is the use of a hardware security module (or HSM).

#JAVA SIGN PDF DOCUMENT CODE#
We’ve also kept pace with advances in the field, supporting the PAdES framework and PDF 2.0, and updating our Java and C# (.NET) code examples to apply to the latest versions of iText 7.Īn essential component in creating a secure digital signature is the generation of an asymmetric key pair, consisting of both a public and a private key. Since then, we’ve continued to promote the technology for secure PDF documents, as it provides integrity, authenticity, non-repudiation, and assurance of when a document was signed.

We first published our digital signatures eBook back in 2013, which provided a comprehensive overview of PDF features, industry standards and technology options relating to secure digital signatures, together with in-depth best practices, real-life examples, and code samples for PDF development. Here at iText we’ve long been involved with PDF digital signatures.
