Sign PDF documents
With the Pdftools SDK, you can create, manage, and validate different types of digital signatures in a PDF document. You can choose from a variety of local and online cryptographic providers to support your legal and regulatory requirements.
Digital signature types
A digital signature is a technique that verifies the authenticity and integrity of an electronic document or message. To create one, you apply a cryptographic algorithm to the document or message using a private key. Anyone with the corresponding public key can then verify the resulting digital signature. Digital signatures prove that no one has altered the document or message, and that it came from the person who claims to have sent it.
The Pdftools SDK supports three types of digital signature:
For theoretical information about digital signatures, review Digital signature basics.
Document approval signatures
Document approval signatures add a digital signature to a document as part of a workflow, such as approving and signing contracts. This type of digital signature records the identity of the signer and confirms that the document hasn’t changed since signing. A document can carry multiple document approval signatures. For example, if multiple parties sign a contract, each document approval signature has a unique digital signature. Signers apply the signatures successively to create a signature chain.
Learn how to sign a PDF document with a document approval signature.
Document certification signatures
Document certification signatures are also known as Modification Detection and Prevention (MDP) signatures. This type of signature records the identity of the document author. A document certification signature lets users make specific changes to the document while retaining the validity of the signature. For example, the author may allow users to fill in the document’s form fields while retaining the validity of the signature. If a change occurs that the author hasn’t permitted, the signature becomes invalid.
A document can have at most one document certification signature, and it must come before any other signatures. A typical workflow involving a document certification signature looks like:
- The author applies a document certification signature to a template document, allowing form filling.
- A user fills the form fields with their personal information.
- The user applies a document approval signature to the document, preventing further changes.
Document certification signatures support the following settings:
- No changes: The document certification signature permits no changes; any change invalidates the signature.
- Form filling: The user may fill forms, instantiate page templates, and sign; any other change invalidates the signature.
- Annotate: The user may make the same changes as for form filling, as well as create, delete, and modify annotations; any other change invalidates the signature.
Learn how to certify a PDF document with a document certification signature.
Time-stamp signatures
Time-stamp signatures provide evidence that a document existed at a specific time and hasn’t changed since. You can use time-stamp signatures to “re-sign” a previously signed document to confirm that it remains unchanged. An independent, trusted time-stamp authority issues the time-stamp.
Learn how to apply a digital time-stamp to a PDF document with a time-stamp signature.
Supported cryptographic providers
The cryptographic provider manages certificates and the associated private keys, and implements cryptographic algorithms. The Pdftools SDK supports a range of cryptographic providers.
Embed long-term validation information
To ensure a signature stays valid over time, embed long-term validation information in the document during signing. With LTV information embedded, the signature remains valid even after the certificate expires or after the issuer revokes it.
Long-term validation (LTV) isn’t always possible. The certificate authority and the cryptographic provider must support it.
Sign PDF/A documents
Many types of documents that require digital signatures also require archiving. For example, the recipient of a signed contract may need to archive it. For archiving, PDF/A conformance is typically required to ensure that the file isn’t corrupt and that its visual appearance is well defined and reproducible.
However, the conversion process from PDF to PDF/A removes any signatures from the file before producing the PDF/A. Therefore, archive files to PDF/A format before applying any digital signatures. For more information, review archive files to PDF/A format.
Validate signatures
The Pdftools SDK lets you validate document approval and document certification signatures and timestamps according to specific criteria (constraints). Validation can use sources such as certificates, Online Certificate Status Protocol (OCSP) results, and Certificate Revocation List (CRL) results. These sources can originate from the PDF file, the local machine, or the issuer. The validation process can return a list of all signatures and their corresponding details and even trigger specific business logic using events.
Learn how to validate signatures in a document.
Create a signature visual appearance
The Pdftools SDK allows for adding a visual appearance for a signature. This applies for document approval signatures, document certification signatures, time-stamp signatures and signing existing unsigned signatures.