DOCX Digital Signature

A DOCX digital signature enables you to authenticate a DOCX document to establish that the sender of the file is who they say they are and the content of the DOCX file has not been tampered with.

Before running any of the following examples on your machine, please read the Dependency notes.

The following example shows how you can create a digitally signed DOCX file in C# and VB.NET.

DOCX file digitally signed with GemBox.Document
Screenshot of DOCX file digitally signed with GemBox.Document
Upload your file (Drag file here)
using GemBox.Document;

class Program
{
    static void Main()
    {
        // If using Professional version, put your serial key below.
        ComponentInfo.SetLicense("FREE-LIMITED-KEY");

        var document = DocumentModel.Load("%InputFileName%");

        var saveOptions = new DocxSaveOptions();
        saveOptions.DigitalSignatures.Add(new DocxDigitalSignatureSaveOptions()
        {
            CertificatePath = "%InputDigitalId%",
            CertificatePassword = "GemBoxPassword"
        });

        document.Save("DOCX Digital Signature.docx", saveOptions);
    }
}
Imports GemBox.Document

Module Program

    Sub Main()

        ' If using Professional version, put your serial key below.
        ComponentInfo.SetLicense("FREE-LIMITED-KEY")

        Dim document = DocumentModel.Load("%InputFileName%")

        Dim saveOptions As New DocxSaveOptions()
        saveOptions.DigitalSignatures.Add(New DocxDigitalSignatureSaveOptions() With
        {
            .CertificatePath = "%InputDigitalId%",
            .CertificatePassword = "GemBoxPassword"
        })

        document.Save("DOCX Digital Signature.docx", saveOptions)
    End Sub
End Module

To get a valid signature in MS Word, as seen in the screenshot above, you will have to install GemBoxCA.crt certificate as a trusted root certification authority and install either GemBoxRSA.crt or GemBoxECDsa.crt certificate as an Intermediate Certification Authority, as described in the Digital ID notes.

To avoid installing the whole certificate chain, you can embed certificates in the signature. With this approach only the root certificate (GemBoxCA.crt) needs to be installed.

The following example shows how to add multiple signatures, set additional signature properties and embed an intermediate certificate.

Upload your file (Drag file here)
using GemBox.Document;
using GemBox.Document.Security;

class Program
{
    static void Main()
    {
        // If using Professional version, put your serial key below.
        ComponentInfo.SetLicense("FREE-LIMITED-KEY");

        var document = DocumentModel.Load("%InputFileName%");

        var signature1 = new DocxDigitalSignatureSaveOptions()
        {
            CertificatePath = "%#GemBoxECDsa521.pfx%",
            CertificatePassword = "GemBoxPassword",
            CommitmentType = DigitalSignatureCommitmentType.Created,
            SignerRole = "Developer"
        };
        // Embed intermediate certificate.
        signature1.Certificates.Add(new Certificate("%#GemBoxECDsa.crt%"));

        var signature2 = new DocxDigitalSignatureSaveOptions()
        {
            CertificatePath = "%#GemBoxRSA4096.pfx%",
            CertificatePassword = "GemBoxPassword",
            CommitmentType = DigitalSignatureCommitmentType.Approved,
            SignerRole = "Manager"
        };
        // Embed intermediate certificate.
        signature2.Certificates.Add(new Certificate("%#GemBoxRSA.crt%"));

        var saveOptions = new DocxSaveOptions();
        saveOptions.DigitalSignatures.Add(signature1);
        saveOptions.DigitalSignatures.Add(signature2);

        document.Save("DOCX Digital Signatures.docx", saveOptions);
    }
}
Imports GemBox.Document
Imports GemBox.Document.Security

Module Program

    Sub Main()

        ' If using Professional version, put your serial key below.
        ComponentInfo.SetLicense("FREE-LIMITED-KEY")

        Dim document = DocumentModel.Load("%InputFileName%")

        Dim signature1 As New DocxDigitalSignatureSaveOptions() With
        {
            .CertificatePath = "%#GemBoxECDsa521.pfx%",
            .CertificatePassword = "GemBoxPassword",
            .CommitmentType = DigitalSignatureCommitmentType.Created,
            .SignerRole = "Developer"
        }
        ' Embed intermediate certificate.
        signature1.Certificates.Add(New Certificate("%#GemBoxECDsa.crt%"))

        Dim signature2 As New DocxDigitalSignatureSaveOptions() With
        {
            .CertificatePath = "%#GemBoxRSA4096.pfx%",
            .CertificatePassword = "GemBoxPassword",
            .CommitmentType = DigitalSignatureCommitmentType.Approved,
            .SignerRole = "Manager"
        }
        ' Embed intermediate certificate.
        signature2.Certificates.Add(New Certificate("%#GemBoxRSA.crt%"))

        Dim saveOptions As New DocxSaveOptions()
        saveOptions.DigitalSignatures.Add(signature1)
        saveOptions.DigitalSignatures.Add(signature2)

        document.Save("DOCX Digital Signatures.docx", saveOptions)
    End Sub
End Module

Digital ID notes

Digital ID files used in the preceding example are part of a simple Public Key Infrastructure (PKI) created just for this demonstration which contains the following hierarchy of certificates and CRLs:

To get a valid signature in an MS Office Application, as seen in the screenshot above, you will have to add GemBoxCA.crt certificate to the list of Trusted Certificates on your machine using the following steps:

  1. Download GemBoxCA.crt certificate.
  2. Open the file and click Install Certificate....
  3. If you are adding a Root Certificate, choose the option "Place all certificates in the following store" and Browse for "Trusted Root Certification Authorities".
  4. After the installation is finished, you can see the certificate under "User Accounts" > "Manage User Certificates" in the Control Panel.
  5. Once you finish the verification it is safer to uninstall the certificate.

Dependency notes

Except GemBox.Document, your project should reference Portable.BouncyCastle or BouncyCastle if your project targets .NET Framework (required for any advanced digital signature scenario, like using Elliptic Curve keys).

Want more?

Next example GitHub

Check the next example or select an example from the menu. You can also download our examples from the GitHub.


Like it?

Download Buy

If you want to try the GemBox.Document yourself, you can download the free version. It delivers the same performance and set of features as the professional version, but with some operations limited. To remove the limitation, you need to purchase a license.