MATIOS · OPEN SOURCE

Quick start

Six zero-dependency packages for .NET & the web. Install, see the API at a glance, copy the example, and ship. Pick one to get started.

6 packages · zero dependencies · MIT

Matios.DocumentSign

Sign and verify documents with a detached CMS / CAdES-B signature. One verb — Sign — overloaded by where the certificate comes from. The document is never touched.

Zero dependencies .NET 10 MIT OpenSSL interop
1

Install

2

API at a glance

IDocumentSigner interface
Sign — one verb, by certificate origin
byte[] Sign(Stream document, string certificatePath, string? password, SignOptions options)
Certificate from a file on disk (PFX, or PEM carrying the key).
byte[] Sign(Stream document, byte[] certificateData, string? password, SignOptions options)
Certificate from raw bytes (an upload, an API response…).
byte[] Sign(Stream document, X509Certificate2 certificate, SignOptions options)
An already-loaded certificate (from a store, token, anywhere).
byte[] Sign(Stream document, StoreLocation location, X509FindType findType, object findValue, SignOptions options)
Certificate from the OS store (by thumbprint, subject, serial or issuer).
Verify and list
VerifyResult Verify(Stream document, byte[] signature)
Checks a detached signature against the original document.
IReadOnlyList<CertInfo> List(StoreLocation location)
Lists the certificates in the personal store, for a picker.
Supporting types
class SignOptions { Level=SignatureLevel.B; HashAlgorithm=SHA256; SigningTime?; static Default }
Defaults: CAdES-B, SHA-256. Supports SHA-256 / 384 / 512.
class VerifyResult { bool IsValid; string? SignerSubject, SignerThumbprint; SigningTime?; Level; Errors }
Verify result: validity + signer details.
enum SignatureLevel { B, T, LT, LTA }
This version: B (basic). T / LT / LTA on the roadmap.
3

Full example

sign a PDF and verify it
4

Verify with tools you already trust

OpenSSL interop

Take it and ship 🚀

The sample project is ready to clone and run. Want more? The repo and the full docs.