Sign PDF documents
With the Pdftools SDK, you can create, manage, and validate different types of digital signatures in a PDF document. You can choose from a variety of local and online cryptographic providers to support your legal and regulatory requirements.
Digital signature types
A digital signature is a technique used to verify the authenticity and integrity of an electronic document or message. It is created by applying a cryptographic algorithm to the document or message, using a private key. The resulting digital signature can then be verified using the corresponding public key, which is made available to anyone who wants to verify the signature. Digital signatures are used to ensure that a document or message has not been tampered with or altered in any way, and that it was sent by the person who claims to have sent it.
The Pdftools SDK supports three types of digital signature:
Document approval signatures
Document approval signatures add a digital signature to a document as part of a workflow, such as approving and signing contracts. This type of digital signature records the identity of the signer, and confirms that the content of the document has not changed after the signature was applied. There can be multiple document approval signatures associated with a document. For example, if multiple parties sign a contract, each document approval signature has a unique digital signature. The signatures are applied successively to create a signature chain.
Learn how to sign a PDF document with a document approval signature.
Document certification signatures
Document certification signatures are also known as Modification Detection and Prevention (MDP) signatures. This type of signatures records the identity of the document author. It allows users to make specific changes to the document, while retaining the validity of the signature. For example, the author may allow a document's form fields to be filled by the user, while retaining the validity of the signature. If changes occur to the document that have not been permitted by the author, the signature is invalidated.
There can be at most one document certification signature in a document, and it must be added before any other signatures are added to the document. A typical workflow involving a document certification signature would be:
- A document certification signature is applied to a template document, allowing form filling.
- A user fills the form fields with their personal information.
- A document approval signature is applied to the document, preventing any further changes from being made.
The following settings can be used for document certification signatures:
- No changes: No changes to the document are permitted; any change to the document invalidates the signature.
- Form filling: The user may fill forms, instantiate page templates, and sign; any other change invalidates the signature.
- Annotate: The user may make the same changes as for form filling, as well as create, delete, and modify annotations; any other change invalidates the signature.
Learn how to certify a PDF document with a document certification signature.
Time-stamp signatures
Time-stamp signatures provide evidence that a document existed at a specific time, and that the content of the document has not changed since that time. Often, time-stamp signatures are used to "re-sign" a previously signed document to confirm that it remains unchanged. The time-stamp is provided by an independent, trusted time-stamp authority.
Learn how to apply a digital time-stamp to a PDF document with a time-stamp signature.
Supported cryptographic providers
The cryptographic provider manages certificates and the associated private keys, and implements cryptographic algorithms. The Pdftools SDK supports a range of cryptographic providers.
Embedding long-term validation information
To ensure a signature can be validated over time, long-term validation information should be embedded in the document during the signing process. If you embed LTV information in a document, the signature in the document remains valid even after the certificate expires or if the certificate is later revoked.
Long-term validation (LTV) is not always possible. It must be supported by the certificate authority and the cryptographic provider.
Signing PDF/A documents
Many types of documents that require digital signatures also require archiving. For example, by the recipient of a signed contract. For archiving, PDF/A conformance is typically required to ensure that the file is not corrupt and that its visual appearance is well defined and reproducible.
However, during the conversion process from PDF to PDF/A, any signatures are removed from the file before it is converted to PDF/A for archival. Therefore, files that require archiving should be archived to PDF/A format before any digital signatures are applied.
Validating signatures
The Pdftools SDK lets you validate document approval and document certification signatures and timestamps according to a specific criteria (constraints). Signatures can be validated using sources such as certificates, Online Certificate Status Protocol (OCSP) results, and Certificate Revocation List (CRL) results. These sources can be embedded in the PDF file, stored on the local machine, or downloaded from the issuer. The validation process can return a list of all signatures and their corresponding details and even trigger specific business logic using events.
Learn how to validate signatures in a document.
Creating a signature visual appearance
The Pdftools SDK allows for adding a visual appearance for a signature. This applies for document approval signatures, document certification signatures, time-stamp signatures and signing existing unsigned signatures.