Skip to main content
Version: 1.3

Swisscom cryptographic provider

The SwisscomSigSrv cryptographic provider enables access to the Swisscom Signing Service. The service can then be used to perform cryptographic functions such as sign a document. This provider requires a Swisscom Signing Service account. Accounts with static and on-demand identities are supported.

Quick start

Download the full sample now in C# and Java.

Interested in C or other language samples? Let us know on the contact page and we'll add it to our samples backlog.

The Swisscom Signing Service provides signing certificates using CMS (PKCS#7) signatures. Additional certificates (for example, issuer certificates) are stored in the Certificates directory. These certificates are required when adding validation information to signatures that do not have the full trust chain embedded. The Certificates directory may contain certificates in either PEM (.pem, ASCII text) or DER (.cer, binary) form.

In this example, the SwisscomSigSrv cryptographic provider is used to apply a document approval signature to a PDF document. The signing certificate is loaded from the Swisscom Signing Service using a static identity string provided by Swisscom. Information required for long-term signature validation (LTV) is embedded in the output PDF.

Steps to sign a document:

  1. Configure the HTTP client handler.
  2. Connect to Swisscom Signing Service.
  3. Create the document signature.
  4. (Optional) Add long-term validation information.
  5. Open and sign the document.
Before you begin

You need to initialize the library.

Configuring the HTTP client handler

When using the SwisscomSigSrv cryptographic provider, you need to configure the HttpClientHandler with the SSL client certificate and password from your Swisscom account.

// Configure the SSL client certificate to connect to the Swisscom Signing Service
var httpClientHandler = new HttpClientHandler();
using (var sslClientCert = File.OpenRead(@"C:\path\to\clientcert.p12"))
    httpClientHandler.SetClientCertificate(sslClientCert, password);

Connecting to Swisscom Signing Service

The next step is to open a Session to the Swisscom Signing Service. The Session object provides access to the certificates and private keys stored by Swisscom. In this example, the default URI for the Swisscom Signing Service is used.

// Connect to the Swisscom Signing Service
using var session = new SwisscomSigSrv.Session(new Uri("https://ais.swisscom.com"), httpClientHandler);

Creating the document signature

In this step, the Session object is used to create a signature configuration for a Swisscom Signing Service account using a static identity string provided by Swisscom. With a static identity, the common name is used for the signature appearance and for the signature description stored in the PDF document. The signature configuration may be used to sign one or more documents.

tip

To sign with Mobile ID, you use the CreateSignatureForDynamicIdentity method and pass StepUp authorization parameters.

// Create a signing certificate for a static identity
var signature = session.CreateSignatureForStaticIdentity(identity, commonName);

Adding long-term validation information

As an optional step, long-term validation information can be added to the output document. It embeds revocation information such as online certificate status response and certificate revocation lists. Revocation information is provided by a validation service at the time of signing and acts as proof that the certificate was valid at the time of signing.

// Embed validation information to enable the long term validation (LTV) of the signature (default)
signature.EmbedValidationInformation = true;

Opening and signing the document

After opening the Session and creating the signature configuration, you are ready to apply the digital signature to a document.

The input and output PDF documents are created as streams (in this example, as file streams). The Signer object is used to apply the digital document signature.

Non-critical processing errors raise a Warning event. It is recommended to listen for these events, and review the WarningCategory to determine if further action is needed.

// Open the input document
using var inStr = File.OpenRead(inPath);
using var inDoc = Document.Open(inStr);

// Create a stream for the output file
using var outStr = File.Create(outPath);

// Create the Signer object
Signer signer = new Signer();

// Create an event listener to listen for warning events that are raised and write them to console
signer.Warning += (s, e) => Console.WriteLine("Warning - {0}: {1}: {2}", e.Category, e.Context, e.Message);

// Sign the output document
using var outDoc = signer.Sign(inDoc, signature, outStr);

Full example

// Configure the SSL client certificate to connect to the Swisscom Signing Service
var httpClientHandler = new HttpClientHandler();
using (var sslClientCert = File.OpenRead(@"C:\path\to\clientcert.p12"))
    httpClientHandler.SetClientCertificate(sslClientCert, password);

// Connect to the Swisscom Signing Service
using var session = new SwisscomSigSrv.Session(new Uri("https://ais.swisscom.com"), httpClientHandler);

// Create a signing certificate for a static identity
var signature = session.CreateSignatureForStaticIdentity(identity, commonName);

// Embed validation information to enable the long term validation (LTV) of the signature (default)
signature.EmbedValidationInformation = true;

// Open the input document
using var inStr = File.OpenRead(inPath);
using var inDoc = Document.Open(inStr);

// Create a stream for the output file
using var outStr = File.Create(outPath);

// Create the Signer object
Signer signer = new Signer();

// Create an event listener to listen for warning events that are raised and write them to console
signer.Warning += (s, e) => Console.WriteLine("Warning - {0}: {1}: {2}", e.Category, e.Context, e.Message);

// Sign the output document
using var outDoc = signer.Sign(inDoc, signature, outStr);