Adding a certified signature field to a PDF on Server/Desktop

To add a certification signature field to a PDF document and sign it:

1$doc = new PDFDoc($docpath);
2$page1 = $doc->GetPage(1);
3
4// Create a text field that we can lock using the field permissions feature.
5$annot1 = TextWidget::Create($doc->GetSDFDoc(), new Rect(50.0, 550.0, 350.0, 600.0), "asdf_test_field");
6$page1->AnnotPushBack($annot1);
7
8// Create a new signature form field in the PDFDoc. The name argument is optional;
9// leaving it empty causes it to be auto-generated. However, you may need the name for later.
10// Acrobat doesn't show digsigfield in side panel if it's without a widget. Using a
11// Rect with 0 width and 0 height, or setting the NoPrint/Invisible flags makes it invisible.
12$certification_sig_field = $doc->CreateDigitalSignatureField($cert_field_name);
13$widgetAnnot = SignatureWidget::Create($doc, new Rect(0.0, 100.0, 200.0, 150.0), $certification_sig_field);
14$page1->AnnotPushBack($widgetAnnot);
15
16// (OPTIONAL) Add an appearance to the signature field.
17$img = Image::Create($doc->GetSDFDoc(), $appearance_image_path);
18$widgetAnnot->CreateSignatureAppearance($img);
19
20// Prepare the document locking permission level to be applied upon document certification.
21$certification_sig_field->SetDocumentPermissions(DigitalSignatureField::e_annotating_formfilling_signing_allowed);
22
23// Prepare to lock the text field that we created earlier.
24
25$certification_sig_field->SetFieldPermissions(DigitalSignatureField::e_include, array('asdf_test_field'));
26
27$certification_sig_field->CertifyOnNextSave($private_key_file_path, $keyfile_password);
28
29// (OPTIONAL) Add more information to the signature dictionary.
30$certification_sig_field->SetLocation('Vancouver, BC');
31$certification_sig_field->SetReason('Document certification.');
32$certification_sig_field->SetContactInfo('www.apryse.com');
33
34// Save the PDFDoc. Once the method below is called, PDFNet will also sign the document using the information provided.
35$doc->Save($outpath, 0);

Digitally sign PDF files
Full code sample which demonstrates using the digital signature API to digitally sign and/or certify PDF documents.

About certifying a PDF document

Unlike, approval signatures, there can be only one certification per PDF document. Only the first signature in the PDF document can be used as the certification signature. Certifying a document is like notarizing a document. The process of certifying a document is almost exactly the same as adding approval signatures with the exception of certification signatures requires an entry in the "Perms" dictionary.

About certifying a PDF/A document

If you want to certify a PDF/A document, it is best to convert to PDF/A first, then certify. This is because PDF/A changes the contents of the document, while digital signatures, including certifications, rely on the document's bytes remaining the same so that they can be digested and compared with the embedded cryptographic digital signature.

A DigitalSignatureField can be added before or after PDF/A conversion, since there aren't any requirements in PDF/A upon it.

The PDF/A-2 specification allows adbe.pkcs7.detached and adbe.pkcs7.sha1 certification-type or UR3-type cryptographic digital signatures, with or without secure timestamps, with or without embedded revocation information, which must be signed if present. A single SignerInfo must be present. Attribute certificates must not be used. The PDFNet SDK's signing support is sufficient to meet the requirements of PDF/A-2 compliance if used properly.

There shouldn't be any problem with retaining PDF/A compliance after digitally signing a document, so long as there is no annotation appearance for the digital signature field, or there is an appearance and that appearance conforms to PDF/A, i.e. e.g. sections 6.3.2 and 6.3.3 of the PDF/A-2 specification (ISO-19005-2).

An additional limitation of PDF/A for digital signing is the implementation limit that says that a conforming file shall not contain any string longer than 32767 bytes. Sometimes, signatures with a large amount of data will cause the Contents byte string in the digital signature dictionary to exceed this limit.

The PDF/A-2 specification also mentions the following:

sh

1A Widget annotation dictionary or Field dictionary shall not
2contain the A or AA keys. The NeedAppearances flag of the
3interactive form dictionary shall either not be present
4or shall be false.

Here is what 6.3.2 and 6.3.3 say about the annotation:

sh

16.3.2 Annotation dictionaries
2
3Except for annotation dictionaries whose Subtype value
4is Popup, all annotation dictionaries shall contain
5the F key. If present, the F key’s Print flag bit shall
6be set to 1 and its Hidden, Invisible, ToggleNoView, and
7NoView flag bits shall be set to 0.
8
9Text annotations should set the NoZoom and NoRotate
10flag bits of the F key to 1.
11
12NOTE The restrictions on annotation flags prevent the
13use of annotations that are hidden or that are viewable
14but not printable. The NoZoom and NoRotate flags are
15permitted, which allows the use of annotation types that
16have the same behaviour as the commonly-used text
17annotation type. By definition, text annotations exhibit
18the NoZoom and NoRotate behaviour even if the flags are
19not set, as described in ISO 32000-1:2008, 12.5.3;
20explicitly setting these flags removes any potential
21ambiguity between the annotation dictionary settings and
22reader behaviour.
23
246.3.3 Annotation Appearances
25
26Every annotation (including those whose Subtype value
27is Widget, as used for form fields), except for the two
28cases listed below, shall have at least one appearance
29dictionary.
30
31-- Annotations where the value of the Rect key consists
32of an array where value 1 is equal to value 3 and value
332 is equal to value 4.
34
35-- Annotations whose Subtype value is Popup or Link.
36
37A conforming reader shall render the appearance dictionary
38without regard to any other keys and values in the
39annotation dictionary and shall ignore the values of
40the C, IC, Border, BS, BE, CA, H, DA, Q, DS, LE, LL,
41LLE, and Sy keys.
42
43NOTE 1 Requiring an appearance dictionary for each
44annotation ensures the reliable rendering of the
45annotations.
46
47For all annotation dictionaries containing an AP key,
48the appearance dictionary that it defines as its value
49shall contain only the N key. If an annotation
50dictionary’s Subtype key has a value of Widget and
51its FT key has a value of Btn, the value of the N
52key shall be an appearance subdictionary otherwise
53the value of the N key shall be an appearance stream.
54
55NOTE 2 In accordance with the requirements of 12.7.4.2.3
56and 12.7.4.2.4 of ISO 32000-1:2008, a Button form field
57needs to have multiple appearance states, each one
58associated with the specific values that the button can take.

Did you find this helpful?

Trial setup questions?

Ask experts on Discord

Need other help?

Contact Support

Pricing or product questions?

Contact Sales