itext7 sign pdf with certificate from user's store without "exportable" property

Question

So we have this C# code that uses the itext7 library to sign pdf's:

public static void SignPDFDocument(string src, string dest, string thumbprint)
    {
        GetStoreCertificates("MY", StoreLocation.CurrentUser);
        cert = GetCertificateFromCollection(thumbprint);

        var privateKey = Org.BouncyCastle.Security  //I think this part needs "exportable" cert
            .DotNetUtilities
            .GetKeyPair(cert.GetRSAPrivateKey())
            .Private;

        var boucyCertParsed = new Org.BouncyCastle.X509
            .X509CertificateParser()
            .ReadCertificate(cert.GetRawCertData());

        Org.BouncyCastle.X509
            .X509Certificate[] bouncyCert = { boucyCertParsed };

        PdfReader reader = new PdfReader(src);
        StampingProperties stampProp = new StampingProperties();
        stampProp.PreserveEncryption();
        PdfSigner signer = new PdfSigner(
            reader,
            new FileStream(dest, FileMode.Create),
            stampProp);

        string digestAlgorithm = DigestAlgorithms.SHA256;
        IExternalSignature signature = new PrivateKeySignature(privateKey, digestAlgorithm);

        signer.SignDetached(signature, bouncyCert, null, null, null, 0, CryptoStandard.CADES);

        reader.Close();
    }

The only problem I have with this, is that the user, needs to have the certificate installed and marked as exportable for this to work. Is there any workaround?

Essentially one needs to port the `X509Certificate2Signature` from itext 5 for .net to itext 7. — mkl, Jun 15 '20 at 12:05
Have you already checked [this answer](https://stackoverflow.com/a/50627944/1729265) to a related question? — mkl, Jun 16 '20 at 16:16

itext7 sign pdf with certificate from user's store without "exportable" property

0 Answers0