Product:

Get started

Overview

Platforms

Linux

Windows

macOS

Frameworks

.NET (C#, VB)

.NET Core

Node.js

Languages

C++

Java

Python2

Python3

PHP

Ruby

C Interface Bindings

Objective-C

Download

Get a trial key

Viewer

Overview

View a document

Coordinates

Samples

APIs

Basic operations

Overview

Open a document

Save a document

Lock a document

Access a PDF page

Access PDF page content

Samples

APIs

Learn more

Add a license key

Optional modules

Demo/trial mode

Platform Specifics

Windows Prerequisites

Windows Deployment

Nodejs Memory Management

File format support

Desktop / Server

Web

Mobile

Annotation

Overview

Import annotations

Export annotations

Style properties

Add sticky note

Add link annotation

Add stamp annotation

Add highlight annotation

Add free text annotation

Add rectangle annotation

Remove annotation

Flatten annotations

Samples

APIs

MS Office

Overview

Convert MS Office to PDF

Convert PDF to MS Office

Samples

APIs

Generate via template

Overview

Data Model

Structured Input

APIs

Conversion

Overview

Convert any printable document

Web/HTML to PDF

MS Office to PDF

SVG to PDF

PDF to MS Office

PDF to HTML

Convert to PDF

Convert from PDF

Convert from DICOM

Convert from CAD

Samples

APIs

Intelligent data extraction

Overview

Workflow

Samples

APIs

Packaging

Barcode extraction

Overview

Workflow

Samples

APIs

Augmenting LLMs with Intelligent Data Extraction

Overview

Setup

Document Context Example

Document RAG Example

Detailed Discussion

PDF/A

Overview

Convert PDF to PDF/A

Validate PDF/A

Samples

APIs

PDF/UA

Overview

Convert PDF to PDF/UA

Samples

APIs

Forms

Overview

Import form data into PDF

Export form data from PDF

Create form fields

Fill form fields

Form flatten

Samples

APIs

Create

Overview

Template generation

Create a blank PDF

Create a thumbnail

Samples

APIs

Page manipulation

Overview

Create a page

Create a thumbnail

Insert pages

Remove pages

Rotate pages

Crop pages

Reorder pages

Split pages

Samples

APIs

Editing page content

Overview

Stamp content

Remove content

Read content

Write content

Replace content

Graphics state

Undo/redo

Samples

APIs

Extraction

Overview

Text extraction

Image extraction

Embedded fonts

Samples

APIs

OCR

Overview

IRIS OCR

Document Resolution

OCR Workflow

Samples

APIs

Digital signature

Overview

Sign a document

Certify a document

Verify a document

Add a DocTimeStamp signature

Enable Long-Term Validation (LTV)

Custom signing

Embedded timestamping

Samples

APIs

Overview

Text search

Search & replace

Samples

APIs

Comparison

Semantic Comparison

Bookmark

Overview

Outline tree

Add bookmark

Edit bookmark

Remove bookmark

Samples

APIs

Optimization

Overview

Optimize

Flatten

Viewer optimized

Samples

APIs

Layer (OCG)

Overview

Add layer

Extract layer

Samples

APIs

Overview

Print a document

Samples

APIs

Redaction

Overview

Redact

Samples

APIs

Security

Overview

Encrypt

Decrypt

Custom Security Handler

Samples

APIs

Portfolio

Overview

Create a package

Samples

APIs

Low-level PDF API

Overview

Info dictionary

PDF format

SDF/COS object model

Filters and streams

Samples

APIs

Changelogs

Latest (v11.1.0)

Version 11

V11.0.0

Version 10

v10.12

v10.11

v10.10

v10.9

v10.8

v10.7

v10.6

v10.5

v10.4

v10.3

v10.2

v10.1

v10.0

Version 9

v9.5

v9.4.2

v9.4

v9.3

v9.2

v9.1

v9.0

Version 8

v8.1

v8.0

Version 7

v7.1

v7.0.1

v7.0

Version 6

v6.10

v6.9

v6.8

v6.7.1

v6.6

Add a DocTimeStamp signature on Server/Desktop

Adding Trusted Certificate

When providing trusted certificate(s) through the VerificationOptions.AddTrustedCertificate method, ensure that it is the root certificate corresponding to the chain used by the timestamp authority to sign the timestamp token.

Check your Certificate Authority's website for a list of root certificates they have publicly available, and choose the root certificate corresponding to the set of certificates that have been signed by that root certificate for your usage.

To add a DocTimeStamp signature:

1using (PDFDoc doc = new PDFDoc(in_docpath))
2{
3	DigitalSignatureField doctimestamp_signature_field = doc.CreateDigitalSignatureField();
4	TimestampingConfiguration tst_config = new TimestampingConfiguration("URL_to_timestamp_authority");
5	VerificationOptions opts = new VerificationOptions(VerificationOptions.SignatureVerificationSecurityLevel.e_compatibility_and_archiving);
6	/* It is necessary to add to the VerificationOptions a trusted root certificate corresponding to 
7	the chain used by the timestamp authority to sign the timestamp token, in order for the timestamp
8	response to be verifiable during DocTimeStamp signing. */
9	opts.AddTrustedCertificate(in_trusted_cert_path);
10	/* By default, we only check online for revocation of certificates using the newer and lighter 
11	OCSP protocol as opposed to CRL, due to lower resource usage and greater reliability. However, 
12	it may be necessary to enable online CRL revocation checking in order to verify some timestamps
13	(i.e. those that do not have an OCSP responder URL for all non-trusted certificates). */
14	opts.EnableOnlineCRLRevocationChecking(true);
15
16	SignatureWidget widgetAnnot = SignatureWidget.Create(doc, new Rect(0, 100, 200, 150), doctimestamp_signature_field);
17	doc.GetPage(1).AnnotPushBack(widgetAnnot);
18	Obj widgetObj = widgetAnnot.GetSDFObj();
19
20	// (OPTIONAL) Add an appearance to the signature field.
21	Image img = Image.Create(doc, in_appearance_img_path);
22	widgetAnnot.CreateSignatureAppearance(img);
23
24	Console.WriteLine("Testing timestamping configuration.");
25	TimestampingTestResult config_result = tst_config.TestConfiguration(opts);
26	if (config_result.GetStatus())
27	{
28		Console.WriteLine("Success: timestamping configuration usable. Attempting to timestamp.");
29	}
30	else
31	{
32		// Print details of timestamping failure.
33		Console.WriteLine(config_result.GetString());
34		if (config_result.HasResponseVerificationResult())
35		{
36			EmbeddedTimestampVerificationResult tst_result = config_result.GetResponseVerificationResult();
37			Console.WriteLine("CMS digest status: %s\n", tst_result.GetCMSDigestStatusAsString());
38			Console.WriteLine("Message digest status: %s\n", tst_result.GetMessageImprintDigestStatusAsString());
39			Console.WriteLine("Trust status: %s\n", tst_result.GetTrustStatusAsString());
40		}
41		return false;
42	}
43
44	doctimestamp_signature_field.TimestampOnNextSave(tst_config, opts);
45
46	// Save/signing throws if timestamping fails.
47	doc.Save(in_outpath, SDFDoc.SaveOptions.e_incremental);
48}

1PDFDoc doc(in_docpath);
2DigitalSignatureField doctimestamp_signature_field = doc.CreateDigitalSignatureField();
3TimestampingConfiguration tst_config("URL_to_timestamp_authority");
4VerificationOptions opts(VerificationOptions::e_compatibility_and_archiving);
5/* It is necessary to add to the VerificationOptions a trusted root certificate corresponding to 
6the chain used by the timestamp authority to sign the timestamp token, in order for the timestamp
7response to be verifiable during DocTimeStamp signing. */
8opts.AddTrustedCertificate(in_trusted_cert_path);
9/* By default, we only check online for revocation of certificates using the newer and lighter 
10OCSP protocol as opposed to CRL, due to lower resource usage and greater reliability. However, 
11it may be necessary to enable online CRL revocation checking in order to verify some timestamps
12(i.e. those that do not have an OCSP responder URL for all non-trusted certificates). */
13opts.EnableOnlineCRLRevocationChecking(true);
14
15Annots::SignatureWidget widgetAnnot = Annots::SignatureWidget::Create(doc, Rect(0, 100, 200, 150), doctimestamp_signature_field);
16doc.GetPage(1).AnnotPushBack(widgetAnnot);
17
18// (OPTIONAL) Add an appearance to the signature field.
19PDF::Image img = PDF::Image::Create(doc, in_appearance_img_path);
20widgetAnnot.CreateSignatureAppearance(img);
21
22puts("Testing timestamping configuration.");
23const TimestampingTestResult config_result(tst_config.TestConfiguration(opts));
24if (config_result.GetStatus())
25{
26	puts("Success: timestamping configuration usable. Attempting to timestamp.");
27}
28else
29{
30	// Print details of timestamping failure.
31	puts(config_result.GetString().ConvertToUtf8().c_str());
32	if (config_result.HasResponseVerificationResult())
33	{
34		EmbeddedTimestampVerificationResult tst_result(config_result.GetResponseVerificationResult());
35		printf("CMS digest status: %s\n", tst_result.GetCMSDigestStatusAsString().ConvertToUtf8().c_str());
36		printf("Message digest status: %s\n", tst_result.GetMessageImprintDigestStatusAsString().ConvertToUtf8().c_str());
37		printf("Trust status: %s\n", tst_result.GetTrustStatusAsString().ConvertToUtf8().c_str());
38	}
39	return false;
40}
41
42doctimestamp_signature_field.TimestampOnNextSave(tst_config, opts);
43
44// Save/signing throws if timestamping fails.
45doc.Save(in_outpath, SDFDoc::e_incremental, 0);

1doc := NewPDFDoc(inDocpath)
2doctimestampSignatureField := doc.CreateDigitalSignatureField()
3tstConfig := NewTimestampingConfiguration("URL_to_timestamp_authority")
4opts := NewVerificationOptions(VerificationOptionsE_compatibility_and_archiving)
5//   It is necessary to add to the VerificationOptions a trusted root certificate corresponding to 
6//   the chain used by the timestamp authority to sign the timestamp token, in order for the timestamp
7//   response to be verifiable during DocTimeStamp signing. It is also necessary in the context of this 
8//   function to do this for the later LTV section, because one needs to be able to verify the DocTimeStamp 
9//   in order to enable LTV for it, and we re-use the VerificationOptions opts object in that part.
10
11opts.AddTrustedCertificate(inTrustedCertPath)
12//       By default, we only check online for revocation of certificates using the newer and lighter 
13//   OCSP protocol as opposed to CRL, due to lower resource usage and greater reliability. However, 
14//   it may be necessary to enable online CRL revocation checking in order to verify some timestamps
15//   (i.e. those that do not have an OCSP responder URL for all non-trusted certificates).
16
17opts.EnableOnlineCRLRevocationChecking(true)
18
19widgetAnnot := SignatureWidgetCreate(doc, NewRect(0.0, 100.0, 200.0, 150.0), doctimestampSignatureField)
20doc.GetPage(1).AnnotPushBack(widgetAnnot)
21
22// (OPTIONAL) Add an appearance to the signature field.
23img := ImageCreate(doc.GetSDFDoc(), inAppearanceImgPath)
24widgetAnnot.CreateSignatureAppearance(img)
25
26fmt.Println("Testing timestamping configuration.")
27configResult := tstConfig.TestConfiguration(opts)
28if configResult.GetStatus(){
29		fmt.Println("Success: timestamping configuration usable. Attempting to timestamp.")
30}else{
31		// Print details of timestamping failure.
32		fmt.Println(configResult.GetString())
33		if configResult.HasResponseVerificationResult(){
34				tstResult := configResult.GetResponseVerificationResult()
35				fmt.Println("CMS digest status: "+ tstResult.GetCMSDigestStatusAsString())
36				fmt.Println("Message digest status: " + tstResult.GetMessageImprintDigestStatusAsString())
37				fmt.Println("Trust status: " + tstResult.GetTrustStatusAsString())
38		}
39		return false
40}
41
42doctimestampSignatureField.TimestampOnNextSave(tstConfig, opts)
43
44// Save/signing throws if timestamping fails.
45doc.Save(inOutpath, uint(SDFDocE_incremental))

1PDFDoc doc = new PDFDoc(in_docpath); 
2DigitalSignatureField doctimestamp_signature_field = doc.createDigitalSignatureField();  
3TimestampingConfiguration tst_config = new TimestampingConfiguration("URL_to_timestamp_authority");
4VerificationOptions opts = new VerificationOptions(VerificationOptions.SecurityLevel.e_compatibility_and_archiving); 
5/* It is necessary to add to the VerificationOptions a trusted root certificate corresponding to 
6the chain used by the timestamp authority to sign the timestamp token, in order for the timestamp
7response to be verifiable during DocTimeStamp signing. */
8opts.addTrustedCertificate(in_trusted_cert_path);
9/* By default, we only check online for revocation of certificates using the newer and lighter 
10OCSP protocol as opposed to CRL, due to lower resource usage and greater reliability. However, 
11it may be necessary to enable online CRL revocation checking in order to verify some timestamps
12(i.e. those that do not have an OCSP responder URL for all non-trusted certificates). */
13opts.enableOnlineCRLRevocationChecking(true);
14
15SignatureWidget widgetAnnot = SignatureWidget.create(doc, new Rect(0, 100, 200, 150), doctimestamp_signature_field);
16doc.getPage(1).annotPushBack(widgetAnnot);
17
18// (OPTIONAL) Add an appearance to the signature field.
19Image img = Image.create(doc, in_appearance_img_path);
20widgetAnnot.createSignatureAppearance(img);
21
22System.out.println("Testing timestamping configuration.");
23TimestampingTestResult config_result = tst_config.testConfiguration(opts);
24if (config_result.getStatus())
25{
26	System.out.println("Success: timestamping configuration usable. Attempting to timestamp.");
27}
28else
29{
30	// Print details of timestamping failure.
31	System.out.println(config_result.getString());
32	if (config_result.hasResponseVerificationResult())
33	{
34		EmbeddedTimestampVerificationResult tst_result = config_result.getResponseVerificationResult();
35		System.out.println(String.format("CMS digest status: %s", tst_result.getCMSDigestStatusAsString()));
36		System.out.println(String.format("Message digest status: %s", tst_result.getMessageImprintDigestStatusAsString()));
37		System.out.println(String.format("Trust status: %s", tst_result.getTrustStatusAsString()));
38	}
39	return false;
40}
41
42doctimestamp_signature_field.timestampOnNextSave(tst_config, opts);
43
44// Save/signing throws if timestamping fails.
45doc.save(in_outpath, SDFDoc.SaveMode.INCREMENTAL, null);

1async function main() {
2	const doc = await PDFNet.PDFDoc.createFromFilePath(in_docpath);
3	doc.initSecurityHandler();
4	const doctimestamp_signature_field = await doc.createDigitalSignatureField();
5	const tst_config = await PDFNet.TimestampingConfiguration.createFromURL("URL_to_timestamp_authority");
6	const opts = await PDFNet.VerificationOptions.create(PDFNet.VerificationOptions.SecurityLevel.e_compatibility_and_archiving);
7	/* It is necessary to add to the VerificationOptions a trusted root certificate corresponding to 
8	the chain used by the timestamp authority to sign the timestamp token, in order for the timestamp
9	response to be verifiable during DocTimeStamp signing. */
10	await opts.addTrustedCertificateUString(in_trusted_cert_path);
11	/* By default, we only check online for revocation of certificates using the newer and lighter 
12	OCSP protocol as opposed to CRL, due to lower resource usage and greater reliability. However, 
13	it may be necessary to enable online CRL revocation checking in order to verify some timestamps
14	(i.e. those that do not have an OCSP responder URL for all non-trusted certificates). */
15	await opts.enableOnlineCRLRevocationChecking(true);
16
17	const widgetAnnot = await PDFNet.SignatureWidget.createWithDigitalSignatureField(doc, new PDFNet.Rect(0, 100, 200, 150), doctimestamp_signature_field);
18	await (await doc.getPage(1)).annotPushBack(widgetAnnot);
19
20	// (OPTIONAL) Add an appearance to the signature field.
21	const img = await PDFNet.Image.createFromFile(doc, in_appearance_img_path);
22	await widgetAnnot.createSignatureAppearance(img);
23
24	console.log('Testing timestamping configuration.');
25	const config_result = await tst_config.testConfiguration(opts);
26	if (await config_result.getStatus()) {
27		console.log('Success: timestamping configuration usable. Attempting to timestamp.');
28	} else {
29		// Print details of timestamping failure.
30		console.log(await config_result.getString());
31		if (await config_result.hasResponseVerificationResult()) {
32			const tst_result = await config_result.getResponseVerificationResult();
33			console.log('CMS digest status: ' + await tst_result.getCMSDigestStatusAsString());
34			console.log('Message digest status: ' + await tst_result.getMessageImprintDigestStatusAsString());
35			console.log('Trust status: ' + await tst_result.getTrustStatusAsString());
36		}
37		return false;
38	}
39
40	await doctimestamp_signature_field.timestampOnNextSave(tst_config, opts);
41
42	// Save/signing throws if timestamping fails.
43	await doc.save(in_outpath, PDFNet.SDFDoc.SaveOptions.e_incremental);
44}
45PDFNet.runWithCleanup(main);

1PTPDFDoc* doc = [[PTPDFDoc alloc] initWithFilepath: in_docpath];
2PTDigitalSignatureField* doctimestamp_signature_field = [doc CreateDigitalSignatureField: @""];
3PTTimestampingConfiguration* tst_config = [[PTTimestampingConfiguration alloc] initWithIn_url: @"URL_to_timestamp_authority"];
4PTVerificationOptions* opts = [[PTVerificationOptions alloc] initWithLevel:e_ptcompatibility_and_archiving];
5
6/* It is necessary to add to the VerificationOptions a trusted root certificate corresponding to 
7the chain used by the timestamp authority to sign the timestamp token, in order for the timestamp
8response to be verifiable during DocTimeStamp signing. */
9[ opts AddTrustedCertificateWithFilePath: in_trusted_cert_path];
10/* By default, we only check online for revocation of certificates using the newer and lighter 
11OCSP protocol as opposed to CRL, due to lower resource usage and greater reliability. However, 
12it may be necessary to enable online CRL revocation checking in order to verify some timestamps
13(i.e. those that do not have an OCSP responder URL for all non-trusted certificates). */
14[ opts EnableOnlineCRLRevocationChecking: YES];
15
16PTSignatureWidget* widgetAnnot = [PTSignatureWidget CreateWithDigitalSignatureField: doc pos: [[PTPDFRect alloc] initWithX1: 0 y1: 100 x2: 200 y2: 150] field: doctimestamp_signature_field];
17[[doc GetPage: 1] AnnotPushBack: widgetAnnot];
18
19// (OPTIONAL) Add an appearance to the signature field.
20PTImage* img = [PTImage CreateWithFile: [doc GetSDFDoc] filename: in_appearance_img_path encoder_hints: [[PTObj alloc]init]];
21
22[widgetAnnot CreateSignatureAppearance: img];
23
24NSLog(@"Testing timestamping configuration.");
25PTTimestampingTestResult* config_result = [tst_config TestConfiguration:opts];
26if([ config_result GetStatus])
27{
28	NSLog(@"Success: timestamping configuration usable. Attempting to timestamp.");
29}
30else
31{
32	// Print details of timestamping failure.
33	NSLog(@"%@", [config_result GetString]);
34	if ([config_result HasResponseVerificationResult])
35	{
36		PTEmbeddedTimestampVerificationResult* tst_result = [config_result GetResponseVerificationResult];
37		NSLog(@"CMS digest status: %@\n", [tst_result GetCMSDigestStatusAsString]);
38		NSLog(@"Message digest status: %@\n", [tst_result GetMessageImprintDigestStatusAsString]);
39		NSLog(@"Trust status: %@\n", [tst_result GetTrustStatusAsString]);
40	}
41	return NO;
42}
43
44[doctimestamp_signature_field TimestampOnNextSave: tst_config in_timestamp_response_verification_options: opts];
45
46// Save/signing throws if timestamping fails.
47[doc SaveToFile: in_outpath flags: e_ptincremental];

1$doc = new PDFDoc($in_docpath);
2$doctimestamp_signature_field = $doc->CreateDigitalSignatureField();
3$tst_config = new TimestampingConfiguration("URL_to_timestamp_authority");
4$opts = new VerificationOptions(VerificationOptions::e_compatibility_and_archiving);
5/* It is necessary to add to the VerificationOptions a trusted root certificate corresponding to 
6the chain used by the timestamp authority to sign the timestamp token, in order for the timestamp
7response to be verifiable during DocTimeStamp signing. */
8$opts->AddTrustedCertificate($in_trusted_cert_path);
9/* By default, we only check online for revocation of certificates using the newer and lighter 
10OCSP protocol as opposed to CRL, due to lower resource usage and greater reliability. However, 
11it may be necessary to enable online CRL revocation checking in order to verify some timestamps
12(i.e. those that do not have an OCSP responder URL for all non-trusted certificates). */
13$opts->EnableOnlineCRLRevocationChecking(true);
14
15$widgetAnnot = SignatureWidget::Create($doc, new Rect(0.0, 100.0, 200.0, 150.0), $doctimestamp_signature_field);
16$doc->GetPage(1)->AnnotPushBack($widgetAnnot);
17
18// (OPTIONAL) Add an appearance to the signature field.
19$img = Image::Create($doc->GetSDFDoc(), $in_appearance_img_path);
20$widgetAnnot->CreateSignatureAppearance($img);
21
22echo(nl2br('Testing timestamping configuration.'.PHP_EOL));
23$config_result = $tst_config->TestConfiguration($opts);
24if ($config_result->GetStatus())
25{
26	echo(nl2br('Success: timestamping configuration usable. Attempting to timestamp.'.PHP_EOL));
27}
28else
29{
30	// Print details of timestamping failure.
31	echo(nl2br($config_result->GetString().PHP_EOL));
32	if ($config_result->HasResponseVerificationResult())
33	{
34		$tst_result = $config_result->GetResponseVerificationResult();
35		echo(nl2br('CMS digest status: '.$tst_result->GetCMSDigestStatusAsString().PHP_EOL));
36		echo(nl2br('Message digest status: '.$tst_result->GetMessageImprintDigestStatusAsString().PHP_EOL));
37		echo(nl2br('Trust status: '.$tst_result->GetTrustStatusAsString().PHP_EOL));
38	}
39	return false;
40}
41
42$doctimestamp_signature_field->TimestampOnNextSave($tst_config, $opts);
43
44// Save/signing throws if timestamping fails.
45$doc->Save($in_outpath, SDFDoc::e_incremental);

1doctimestamp_signature_field = doc.CreateDigitalSignatureField()
2# It is necessary to add to the VerificationOptions a trusted root certificate corresponding to 
3# the chain used by the timestamp authority to sign the timestamp token, in order for the timestamp
4# response to be verifiable during DocTimeStamp signing. 
5opts.AddTrustedCertificate(in_trusted_cert_path)
6# By default, we only check online for revocation of certificates using the newer and lighter 
7# OCSP protocol as opposed to CRL, due to lower resource usage and greater reliability. However, 
8# it may be necessary to enable online CRL revocation checking in order to verify some timestamps
9# (i.e. those that do not have an OCSP responder URL for all non-trusted certificates).
10opts.EnableOnlineCRLRevocationChecking(True)
11
12widgetAnnot = SignatureWidget.Create(doc, Rect(0.0, 100.0, 200.0, 150.0), doctimestamp_signature_field)
13doc.GetPage(1).AnnotPushBack(widgetAnnot)
14
15# (OPTIONAL) Add an appearance to the signature field.
16img = Image.Create(doc.GetSDFDoc(), in_appearance_img_path)
17widgetAnnot.CreateSignatureAppearance(img)
18
19print('Testing timestamping configuration.')
20config_result = tst_config.TestConfiguration(opts)
21if config_result.GetStatus():
22	print('Success: timestamping configuration usable. Attempting to timestamp.')
23else:
24	# Print details of timestamping failure.
25	print(config_result.GetString())
26	if config_result.HasResponseVerificationResult():
27		tst_result = config_result.GetResponseVerificationResult()
28		print('CMS digest status: '+ tst_result.GetCMSDigestStatusAsString())
29		print('Message digest status: ' + tst_result.GetMessageImprintDigestStatusAsString())
30		print('Trust status: ' + tst_result.GetTrustStatusAsString())
31	return False
32
33
34doctimestamp_signature_field.TimestampOnNextSave(tst_config, opts)
35
36# Save/signing throws if timestamping fails.
37doc.Save(in_outpath, SDFDoc.e_incremental)

1doc = PDFDoc.new(in_docpath);
2doctimestamp_signature_field = doc.CreateDigitalSignatureField();
3tst_config = TimestampingConfiguration.new("URL_to_timestamp_authority");
4opts = VerificationOptions.new(VerificationOptions::E_compatibility_and_archiving);
5# It is necessary to add to the VerificationOptions a trusted root certificate corresponding to 
6# the chain used by the timestamp authority to sign the timestamp token, in order for the timestamp
7# response to be verifiable during DocTimeStamp signing.
8
9	opts.AddTrustedCertificate(in_trusted_cert_path);
10# By default, we only check online for revocation of certificates using the newer and lighter 
11# OCSP protocol as opposed to CRL, due to lower resource usage and greater reliability. However, 
12# it may be necessary to enable online CRL revocation checking in order to verify some timestamps
13# (i.e. those that do not have an OCSP responder URL for all non-trusted certificates).
14
15opts.EnableOnlineCRLRevocationChecking(true);
16
17widgetAnnot = SignatureWidget.Create(doc, Rect.new(0.0, 100.0, 200.0, 150.0), doctimestamp_signature_field);
18doc.GetPage(1).AnnotPushBack(widgetAnnot);
19
20# (OPTIONAL) Add an appearance to the signature field.
21img = Image.Create(doc.GetSDFDoc(), in_appearance_img_path);
22widgetAnnot.CreateSignatureAppearance(img);
23
24puts('Testing timestamping configuration.');
25config_result = tst_config.TestConfiguration(opts);
26if (config_result.GetStatus())
27	puts('Success: timestamping configuration usable. Attempting to timestamp.');
28else
29	# Print details of timestamping failure.
30	puts(config_result.GetString());
31	if config_result.HasResponseVerificationResult()
32		tst_result = config_result.GetResponseVerificationResult();
33		puts('CMS digest status: '+ tst_result.GetCMSDigestStatusAsString());
34		puts('Message digest status: ' + tst_result.GetMessageImprintDigestStatusAsString());
35		puts('Trust status: ' + tst_result.GetTrustStatusAsString());
36	end
37	return false;
38end
39
40doctimestamp_signature_field.TimestampOnNextSave(tst_config, opts);
41
42# Save/signing throws if timestamping fails.
43doc.Save(in_outpath, SDFDoc::E_incremental);

1Using doc As PDFDoc = New PDFDoc(in_docpath)
2	Dim doctimestamp_signature_field As DigitalSignatureField = doc.CreateDigitalSignatureField()
3	Dim tst_config As TimestampingConfiguration = New TimestampingConfiguration("URL_to_timestamp_authority")
4	Dim opts As VerificationOptions = New VerificationOptions(VerificationOptions.SignatureVerificationSecurityLevel.e_compatibility_and_archiving)
5	
6	opts.AddTrustedCertificate(in_trusted_cert_path)
7	opts.EnableOnlineCRLRevocationChecking(True)
8	Dim widgetAnnot As SignatureWidget = SignatureWidget.Create(doc, New Rect(0, 100, 200, 150), doctimestamp_signature_field)
9	doc.GetPage(1).AnnotPushBack(widgetAnnot)
10	Dim widgetObj As Obj = widgetAnnot.GetSDFObj()
11	Dim img As Image = Image.Create(doc, in_appearance_img_path)
12	widgetAnnot.CreateSignatureAppearance(img)
13	Console.WriteLine("Testing timestamping configuration.")
14	Dim config_result As TimestampingTestResult = tst_config.TestConfiguration(opts)
15
16	If config_result.GetStatus() Then
17		Console.WriteLine("Success: timestamping configuration usable. Attempting to timestamp.")
18	Else
19		Console.WriteLine(config_result.GetString())
20
21		If config_result.HasResponseVerificationResult() Then
22			Dim tst_result As EmbeddedTimestampVerificationResult = config_result.GetResponseVerificationResult()
23			Console.WriteLine("CMS digest status: %s" & vbLf, tst_result.GetCMSDigestStatusAsString())
24			Console.WriteLine("Message digest status: %s" & vbLf, tst_result.GetMessageImprintDigestStatusAsString())
25			Console.WriteLine("Trust status: %s" & vbLf, tst_result.GetTrustStatusAsString())
26		End If
27
28		Return False
29	End If
30
31	doctimestamp_signature_field.TimestampOnNextSave(tst_config, opts)
32	doc.Save(in_outpath, SDFDoc.SaveOptions.e_incremental)
33End Using

Digital signatures
Full code sample which demonstrates using the digital signature API to digitally sign, certify, and/or verify PDF documents.

About DocTimeStamp (DTS)

If it is important that a signature in a document have a timestamp that is verifiable with a third-party entity (i.e. Certificate Authority), then performing DTS would allow verification of when the document was signed. A Certificate Authority that hosts a timestamp server publicly is known as a Timestamp Authority (TSA). Timestamping a signature can be achieved by sending a hash of the signature data to the TSA's timestamping server ( which is what is achieved with the above code sample). If the request is deemed valid, the server will combine the hash provided by the client and an authoritative date-time of timestamping, signed by a private key from the Certificate Authority. The Timestamp Token is then recorded into the document alongside the signature.

If future viewers that open the timestamped and signed document have the same TSA as part of their trust list, then the viewer's PDF viewing application will acknowledge that the signature has been verifiably timestamped.

Definition of Terms

Chain of Trust

A chain of certificates, starting with a root certificate, an intermediate certificate and an end-entity certificate, forming a linked path of validation and verification from a trust anchor (i.e. Certificate Authority) down to an end-entity certificate. As the name implies, a root certificate is analogous to the root of a tree, where each branch of the tree is it's own chain of trust.

Note that "chain of trust" is also sometimes known as a "trust path"

Root Certificate

A root certificate is the top-most certificate in a chain of trust/trust path, the private key of which is used to "sign" other certificates. All certificates signed by the root certificate inherit the trustworthiness of the root certificate.

Intermediate Certificate

Act as a middle-man between the protected root certificate and the end-entity certificate. Note there is always at least one intermediate certificate in a chain of trust, but there could be more than one.

End-entity Certificate

The last in a chain of trust (i.e. a leaf node of the tree) that identifies either a business, a website, or a person. With respect to digital signatures, identifying the individuals who signed a document is where the trust worthiness of the chain(s) (i.e. where the end-entity certificates originated from) is important.

Timestamp Authority (TSA)

A trusted third party acting as the authoratative entity providing a timestamp, via a timestamp token. Clients who contact a TSA server will create a hashed value (as a unique identifier of the data or file that needs to be timestamped), and send the hashed value to the TSA.

More information about TSAs can be read about in the Time-Stamp Protocol (RFC 3161) industry standard.

Timestamp Token

A combination of the hash provided by the client and the authoritative date-time of timestamping, digitally signed with the TSA's private key, that is received by the client, and recorded into the document.

Future client applications who open the document will use the TSA's public key to

Authenticate the TSA
Re-calculate the hash of the original data

This new hash is compared to the originally created hash, and if any changes to the data has been made since the timestamp was originally created, then a warning should be raised by the client application.

Did you find this helpful?

Trial setup questions?

Ask experts on Discord

Need other help?

Contact Support

Pricing or product questions?

Contact Sales