Iron Software Logo
CUSTOMER HUB
Iron Software Customer Hub Logo
Licenses Tickets
Sign in
Skip to content
English
Sign in
Go to ironsoftware.com
  • There are no suggestions because the search field is empty.

[Public] Digital Signature Support in IronPDF: Current Capabilities and Future Plans

Which digital signature does IronPDF support and what is in the roadmap

 

Overview

Digital signatures are essential for securing and authenticating documents, especially in legal, government, and enterprise environments. IronPDF enables developers to digitally sign PDF documents within their .NET applications. However, the type of digital signature supported by IronPDF is currently limited, and understanding these limitations can help guide your integration and planning efforts.

This article explores the current digital signature capabilities of IronPDF, the challenges with modern digital signature standards such as Microsoft’s Cryptography Next Generation (CNG), and the roadmap for future development.

Current Support: CSP-Based Digital Signatures

At present, IronPDF supports digital signatures based on Microsoft’s legacy Cryptographic Service Provider (CSP) model.

  • CSP is an older cryptographic framework introduced in earlier versions of Windows.

  • It supports traditional algorithms like RSA but lacks modern extensibility.

  • Digital certificates stored in CSP containers can be used with IronPDF’s Sign() method without issue.

 What works today:

  • Signing PDF documents using certificates stored in a CSP-based PFX file with RSA keys.

  • Verifying signatures created using this legacy format.

Limitations: Lack of Support for CNG Digital Signatures

Microsoft introduced CNG (Cryptography Next Generation) starting with Windows Vista and Windows Server 2008 to replace CSP. It supports modern algorithms like ECDSA and provides a more flexible API for cryptographic operations.

However, as of the current release (IronPDF v2025.06.08), CNG-based digital signatures are not supported in IronPDF.

 Known issues when using CNG certificates:

  • ECDSA (Elliptic Curve Digital Signature Algorithm):

    • Throws: certificate key algorithm not supported

  • RSA via CNG:

    • Throws: requested operation not supported

These errors occur because IronPDF’s current signing implementation does not integrate with Microsoft’s newer CNG key storage provider and API.

What Is a CNG Digital Signature?

CNG (Cryptography Next Generation) is Microsoft’s modern cryptographic framework designed to replace the older CryptoAPI and CSP system.

Key Features of CNG:

  • Supports modern algorithms like RSA, ECDSA, SHA-256, SHA-384, etc.

  • Enables custom and pluggable cryptographic providers.

  • Used by Windows services like BitLocker, TPM, and Windows Hello.

Digital signatures created using CNG offer enhanced security, modern standards compliance, and are preferred in newer security-conscious applications.

Future Plans and Development Roadmap

IronPDF's engineering team is actively reviewing the feasibility of supporting CNG digital signatures in future versions. The goal is to:

  • Enable support for CNG-based RSA and ECDSA certificates.

  • Ensure compatibility with Windows Certificate Store and CNG key storage providers.

  • Pass signing and verification using industry-standard tools and meet PDF signature specification requirements.

Conclusion

IronPDF currently supports only legacy CSP-based digital signatures. The good news is that support for CNG-based signatures — including ECDSA and RSA with CNG — is on the roadmap for future versions.

Copyright © 2025, Iron Software