Digital Signatures
Implement PDF digital signature support (PKCS#7/CMS detached signatures).
Signature field: a widget annotation with /FT /Sig and /V pointing to a signature dictionary.
Signature dictionary: /Type /Sig, /Filter /Adobe.PPKLite, /SubFilter /adbe.pkcs7.detached, /ByteRange, /Contents.
Signing workflow:
- Serialize PDF with placeholder /Contents and /ByteRange
- Compute byte range (everything except /Contents value)
- Hash and sign with private key
- Insert signature into placeholder
Requires incremental update capability (PdfReader + append) for signing existing documents.
PAdES (PDF Advanced Electronic Signatures) profile for EU/legal compliance as stretch goal.
Tests: signature dictionary present, byte range covers correct regions, PKCS#7 structure valid, signed PDF verifiable with openssl.
Digital Signatures
Implement PDF digital signature support (PKCS#7/CMS detached signatures).
Signature field: a widget annotation with /FT /Sig and /V pointing to a signature dictionary.
Signature dictionary: /Type /Sig, /Filter /Adobe.PPKLite, /SubFilter /adbe.pkcs7.detached, /ByteRange, /Contents.
Signing workflow:
Requires incremental update capability (PdfReader + append) for signing existing documents.
PAdES (PDF Advanced Electronic Signatures) profile for EU/legal compliance as stretch goal.
Tests: signature dictionary present, byte range covers correct regions, PKCS#7 structure valid, signed PDF verifiable with openssl.