External remote signer

[pebri86]

Hi, i really excited with the project. i want to know for possibility using external remote signing for signing part e.g using aws or other signing service. thanks in advanced

[vanbroup]

You can use a PKCS11 signer or any custom signer to sign, see for example https://github.com/digitorus/pdfsigner/blob/main/docs/command-line-signer.md

Can you provide more details if that is not what you are looking for?

[pebri86]

What I mean by external signing is that the signing is done on an external service and we get signed bytes to be inserted into the pdf, such as the example of external signing in the iText library

[vanbroup]

That is what you can do with a custom Signer, the Sign function of the interface receives the digest and can forward this to your external signer API, the bytes returned would be your signature.

https://pkg.go.dev/crypto#Signer

It's currently not supported to build your own CMS/PKCS7 envelope (externally) and have the library embed this as a adbe.pkcs7.detached signature.

Can you provide more information about the external signer you are trying to implement?

[pebri86]

Ah i see, our external service returned signature bytes is already a cms signed with included validation and tsa, also crl, ocsp and certificate chain list.