Sample code for 30+ languages & platforms
VB.NET

Sign PDF using ARSS (Aruba Remote Signing Service)

See more Signing in the Cloud Examples

Demonstrates how to digitally sign a PDF using the Aruba Remote Signing Service (ARSS). The example loads a local PDF and certificate, configures the ARSS cloud signer credentials, specifies the OTP authentication type with typeOtpAuth, and creates an LTV-enabled signed PDF where the private key remains protected on the Aruba signing server.

Chilkat VB.NET Downloads

VB.NET
Dim success As Boolean = False

' This example requires the Chilkat API to have been previously unlocked.
' See Global Unlock Sample for sample code.

Dim pdf As New Chilkat.Pdf

' Load the PDF that will be digitally signed.
success = pdf.LoadFile("qa_data/pdf/hello.pdf")
If (success = False) Then
    Debug.WriteLine(pdf.LastErrorText)
    Exit Sub
End If


' Signing options are specified in a JSON object.
Dim json As New Chilkat.JsonObject

' Enable LTV (Long-Term Validation).
' When ltvOcsp is true, OCSP validation information is embedded in the PDF
' so that signature validation can continue to succeed in the future,
' even if the original OCSP responder is no longer available.
json.UpdateBool("ltvOcsp",True)

' Specify the visual appearance of the signature on the PDF page.
json.UpdateInt("page",1)
json.UpdateString("appearance.y","top")
json.UpdateString("appearance.x","left")
json.UpdateString("appearance.fontScale","10.0")

' Text lines displayed in the visible signature appearance.
' Special values such as "cert_cn" and "current_dt" are replaced
' with the certificate common name and current date/time.
json.UpdateString("appearance.text[0]","Digitally signed by: cert_cn")
json.UpdateString("appearance.text[1]","current_dt")
json.UpdateString("appearance.text[2]","This is an LTV-enabled signature.")

' Load the signing certificate.
' 
' The private key is NOT stored locally.  Instead, the private key is
' stored and protected on the Aruba Remote Signing Service (ARSS).
' 
' Even though the signing operation will occur remotely, Chilkat still
' needs the corresponding public certificate locally so that it can
' construct the CMS/PAdES signature and embed the certificate chain
' in the signed PDF.
Dim cert As New Chilkat.Cert
success = cert.LoadFromFile("qa_data/certs/myCert.cer")
If (success = False) Then
    Debug.WriteLine(cert.LastErrorText)
    Exit Sub
End If


' Configure Aruba Remote Signing Service (ARSS) credentials.
' 
' When SetCloudSigner is called, Chilkat is instructed to perform
' cryptographic signing operations through the ARSS web service.
' The PDF is assembled locally, but the actual RSA signature operation
' is performed remotely using the private key held by Aruba.
Dim jsonArss As New Chilkat.JsonObject

' Required.  Indicates that the cloud signing provider is ARSS.
jsonArss.UpdateString("service","ARSS")

' The ARSS certificate identifier (for example, "AS0").
' This identifies which remote certificate/private key pair should be used.
' The remote certificate should correspond to the certificate loaded above.
jsonArss.UpdateString("certID","YOUR_ARSS_CERT_ID")

' OTP password associated with the Aruba remote-signing account.
' Depending on the ARSS configuration, an OTP may be required to
' authorize each signing operation.
jsonArss.UpdateString("otpPwd","YOUR_OTP_PWD")

' Specifies the OTP authentication environment.
' 
' Common values are:
'   "demoprod" - Demo/Test environment
'   "prod"     - Production environment
' 
' This value is sent to the ARSS service and determines how the OTP
' authentication is validated.  The correct value depends on the type
' of Aruba account and environment that has been provisioned.
' 
' If signing fails with an authentication-related error, verify that
' the typeOtpAuth value matches the environment associated with the
' ARSS account credentials being used.
jsonArss.UpdateString("typeOtpAuth","demoprod")

' ARSS account username.
jsonArss.UpdateString("user","YOUR_ARSS_USERNAME")

' ARSS account password.
jsonArss.UpdateString("userPWD","YOUR_ARSS_PASSWORD")

' Beginning with Chilkat v11.5.0, the ARSS endpoint can be explicitly
' specified.  This allows the application to target a particular
' Aruba signing service endpoint when required.
jsonArss.UpdateString("endpoint","https://app1.firma-remota.it/ArubaSignerService/webresources/signerservice")

success = cert.SetCloudSigner(jsonArss)
If (success = False) Then
    Debug.WriteLine(cert.LastErrorText)
    Exit Sub
End If


' Associate the certificate with the PDF object.
' All subsequent signing operations will use this certificate.
success = pdf.SetSigningCert(cert)
If (success = False) Then
    Debug.WriteLine(pdf.LastErrorText)
    Exit Sub
End If


' Create the signed PDF.
' 
' Chilkat performs all PDF processing locally.  When the time comes
' to generate the cryptographic signature value, Chilkat sends the
' hash to ARSS, which signs it using the remote private key and returns
' the signature.  The private key never leaves the Aruba service.
success = pdf.SignPdf(json,"qa_output/hello_ltv_signed.pdf")
If (success = False) Then
    Debug.WriteLine(pdf.LastErrorText)
    Exit Sub
End If


Debug.WriteLine("The PDF has been successfully cryptographically signed with long-term validation.")