Click or drag to resize
Pdftools logo

Provider Class

The built-in cryptographic provider

The built-in cryptographic provider requires no cryptographic hardware or external service (except for the optional TimestampUrl).

Signing certificates with private keys can be loaded using CreateSignatureFromCertificate(Stream, String).

Certificates Directory: Additional certificates, e.g. issuer certificates, can be stored in the certificates directory. These certificates are required when adding validation information to signatures that do not have the full trust chain embedded. The certificates directory may contain certificates in either PEM (.pem, ASCII text) or DER (.cer, binary) form.

  • Windows:
    • %LOCALAPPDATA%\PDF Tools AG\Certificates
    • %ProgramData%\PDF Tools AG\Certificates
  • Linux:
    • ~/.pdf-tools/Certificates or $TMP/pdf-tools/Certificates
    • /usr/share/pdf-tools/Certificates
  • macOS:
    • ~/.pdf-tools/Certificates or $TMP/pdf-tools/Certificates

Inheritance Hierarchy

Namespace: PdfTools.Crypto.Providers.BuiltIn
Assembly: PdfTools (in PdfTools.dll) Version: 1.0.0
public class Provider : Provider

The Provider type exposes the following members.

Public methodProvider 
Public propertyTimestampUrl

The URL of the trusted time-stamp authority (TSA) from which time-stamps shall be acquired

The TSA must support the time-stamp protocol as defined in RFC 3161.

The property’s value must be a URL with the following elements:



  • http/https: Protocol for connection to TSA.
  • ‹user›:‹password› (optional): Credentials for connection to TSA (basic authorization).
  • ‹host›: Hostname of TSA.
  • ‹port›: Port for connection to TSA.
  • ‹resource›: The resource.

Applying a time-stamp requires an online connection to a time server; the firewall must be configured accordingly. If a web proxy is used (see Proxy), make sure the following MIME types are supported:

  • application/timestamp-query
  • application/timestamp-reply

Public methodCreatePreparedSignature

Create a configuration to prepare a signature for an external signature handler

This method is part of a very specialized use case requiring an external signature handler. The process using an external signature handler is:
Public methodCreateSignatureFromCertificate

Create a configuration to sign with a PFX (PKCS#12) soft certificate

The file must contain the certificate itself, all certificates of the trust chain, and the private key.
Public methodCreateTimestamp

Create a time-stamp configuration

Note that to create time-stamps, the TimestampUrl must be set.
Public methodDispose

Close the object

Release all resources associated with the object.
(Inherited from Provider)
Public methodEquals
(Inherited from NativeObject)
Public methodGetHashCode
(Inherited from NativeObject)
Public methodReadExternalSignature

Read signature created by an external signature handler

See CreatePreparedSignature(Int32, String, String) for more information on the signing process using an external signature handler.
See Also