Sample code for 30+ languages & platforms
Delphi ActiveX

Sign PDF using ARSS (Aruba Remote Signing Service)

See more Signing in the Cloud Examples

Demonstrates how to digitally sign a PDF using the Aruba Remote Signing Service (ARSS). The example loads a local PDF and certificate, configures the ARSS cloud signer credentials, specifies the OTP authentication type with typeOtpAuth, and creates an LTV-enabled signed PDF where the private key remains protected on the Aruba signing server.

Chilkat Delphi ActiveX Downloads

Delphi ActiveX
uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Chilkat_TLB;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Integer;
pdf: TChilkatPdf;
json: TChilkatJsonObject;
cert: TChilkatCert;
jsonArss: TChilkatJsonObject;

begin
success := 0;

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

pdf := TChilkatPdf.Create(Self);

// Load the PDF that will be digitally signed.
success := pdf.LoadFile('qa_data/pdf/hello.pdf');
if (success = 0) then
  begin
    Memo1.Lines.Add(pdf.LastErrorText);
    Exit;
  end;

// Signing options are specified in a JSON object.
json := TChilkatJsonObject.Create(Self);

// Enable LTV (Long-Term Validation).
// When ltvOcsp is true, OCSP validation information is embedded in the PDF
// so that signature validation can continue to succeed in the future,
// even if the original OCSP responder is no longer available.
json.UpdateBool('ltvOcsp',1);

// Specify the visual appearance of the signature on the PDF page.
json.UpdateInt('page',1);
json.UpdateString('appearance.y','top');
json.UpdateString('appearance.x','left');
json.UpdateString('appearance.fontScale','10.0');

// Text lines displayed in the visible signature appearance.
// Special values such as "cert_cn" and "current_dt" are replaced
// with the certificate common name and current date/time.
json.UpdateString('appearance.text[0]','Digitally signed by: cert_cn');
json.UpdateString('appearance.text[1]','current_dt');
json.UpdateString('appearance.text[2]','This is an LTV-enabled signature.');

// Load the signing certificate.
// 
// The private key is NOT stored locally.  Instead, the private key is
// stored and protected on the Aruba Remote Signing Service (ARSS).
// 
// Even though the signing operation will occur remotely, Chilkat still
// needs the corresponding public certificate locally so that it can
// construct the CMS/PAdES signature and embed the certificate chain
// in the signed PDF.
cert := TChilkatCert.Create(Self);
success := cert.LoadFromFile('qa_data/certs/myCert.cer');
if (success = 0) then
  begin
    Memo1.Lines.Add(cert.LastErrorText);
    Exit;
  end;

// Configure Aruba Remote Signing Service (ARSS) credentials.
// 
// When SetCloudSigner is called, Chilkat is instructed to perform
// cryptographic signing operations through the ARSS web service.
// The PDF is assembled locally, but the actual RSA signature operation
// is performed remotely using the private key held by Aruba.
jsonArss := TChilkatJsonObject.Create(Self);

// Required.  Indicates that the cloud signing provider is ARSS.
jsonArss.UpdateString('service','ARSS');

// The ARSS certificate identifier (for example, "AS0").
// This identifies which remote certificate/private key pair should be used.
// The remote certificate should correspond to the certificate loaded above.
jsonArss.UpdateString('certID','YOUR_ARSS_CERT_ID');

// OTP password associated with the Aruba remote-signing account.
// Depending on the ARSS configuration, an OTP may be required to
// authorize each signing operation.
jsonArss.UpdateString('otpPwd','YOUR_OTP_PWD');

// Specifies the OTP authentication environment.
// 
// Common values are:
//   "demoprod" - Demo/Test environment
//   "prod"     - Production environment
// 
// This value is sent to the ARSS service and determines how the OTP
// authentication is validated.  The correct value depends on the type
// of Aruba account and environment that has been provisioned.
// 
// If signing fails with an authentication-related error, verify that
// the typeOtpAuth value matches the environment associated with the
// ARSS account credentials being used.
jsonArss.UpdateString('typeOtpAuth','demoprod');

// ARSS account username.
jsonArss.UpdateString('user','YOUR_ARSS_USERNAME');

// ARSS account password.
jsonArss.UpdateString('userPWD','YOUR_ARSS_PASSWORD');

// Beginning with Chilkat v11.5.0, the ARSS endpoint can be explicitly
// specified.  This allows the application to target a particular
// Aruba signing service endpoint when required.
jsonArss.UpdateString('endpoint','https://app1.firma-remota.it/ArubaSignerService/webresources/signerservice');

success := cert.SetCloudSigner(jsonArss.ControlInterface);
if (success = 0) then
  begin
    Memo1.Lines.Add(cert.LastErrorText);
    Exit;
  end;

// Associate the certificate with the PDF object.
// All subsequent signing operations will use this certificate.
success := pdf.SetSigningCert(cert.ControlInterface);
if (success = 0) then
  begin
    Memo1.Lines.Add(pdf.LastErrorText);
    Exit;
  end;

// Create the signed PDF.
// 
// Chilkat performs all PDF processing locally.  When the time comes
// to generate the cryptographic signature value, Chilkat sends the
// hash to ARSS, which signs it using the remote private key and returns
// the signature.  The private key never leaves the Aruba service.
success := pdf.SignPdf(json.ControlInterface,'qa_output/hello_ltv_signed.pdf');
if (success = 0) then
  begin
    Memo1.Lines.Add(pdf.LastErrorText);
    Exit;
  end;

Memo1.Lines.Add('The PDF has been successfully cryptographically signed with long-term validation.');
end;