Skip to main content
Skip table of contents

Digital Signatures Hub

This area is a central hub to collect our examples, FAQs, articles and other resources related to the topic of digitally signing PDF documents with iText.

eBooks

Digital Signatures for PDF Documents

Our Digital Signatures eBook is available as a free download from the linked page. Although it was originally written for iText 5/iTextSharp, many of the described concepts and operations are still relevant and transferable to the current versions of iText.

NOTE: The iText 5-based code snippets included in the eBook were accompanied by complete examples available on our website. Since then, they have been completely updated and rewritten for iText Core. This meant significant changes in some cases, and some examples were no longer applicable.

Digital Signatures for PDF Documents Examples

The following Java and .NET (C#) examples apply to the latest releases of iText.

Blockchain for PDF Documents

You've paid a digital invoice of your supplier, and afterwards it seemed to be fake - you were a victim of invoicing fraud. These issues and many more can now be solved by Blockchain. This eBook focuses on how you can use Blockchain in combination with PDFs to write applications.

Examples

Resources

This table represents the current support in iText Core for the ISO/TS 32001, ISO/TS 32002 and ISO/TS 32003 extensions to the ISO 32000-2 (PDF 2.0) specification. For more information on these extension standards and their implementation in iText Core version 8, see our recent article on the subject.

FAQs

Articles/Tutorials

To make porting old digital signing solutions and creating new ones from scratch easier, this series of articles describes the iText high level signing API and provides examples for using it with many kinds of signing devices currently in use.


Securing and automating digital document workflows is increasingly important in the modern business world. A crucial part of creating secure digital signatures is generating public and private keys for signing, and cloud providers such as Amazon, Google, and Microsoft now offer highly-secure cryptographic key management services. Since iText is used by many businesses and signing services to integrate secure digital signatures into PDFs, this step-by-step article shows developers how to use iText and the AWS KMS APIs to generate a digital signature and add it to a PDF document.

Related code examples


When we want to sign a PDF with a digital signature, we need to generate a hash from the document’s data and sign it with a private key. A Digital Signing Service (or DSS) is usually cloud-based software that takes the responsibility of signing the document hash. One such signing service is GlobalSign, a widely-used WebTrust-certified certificate authority and provider of Identity Services. This tutorial demonstrates how to use the GlobalSign API and iText Core to sign a PDF document’s hash and then add the digital signature to the PDF.


In February 2019, a team of security researchers published details of vulnerabilities in the digital signing system of many PDF viewers and online PDF digital signing services. After investigating these vulnerabilities, we found that updates to iText introduced in version 7.1.5 and the iText 5.5.13.1 maintenance release meant we were not vulnerable to the described attacks.

However, it was determined that the current names of the methods for checking and verifying signatures could be improved to better reflect their functionality. Therefore we decided to deprecate the SignatureUtil#verifySignature and PdfPKCS7#verify methods, and replace them with SignatureUtil#readSignatureData and PdfPKCS7#verifySignatureIntegrityAndAuthenticity which were introduced in iText 7.1.6. This blog was written for those who would like to know more about the three types of attacks described in the report and how iText document verification works.


Videos/Webinars

In this talk by Matthias Valvekens at FOSDEM 2022, we explore how the ever-continuing push for digitalization has increased our reliance on trust services of various kinds, filling various needs relating to document signing, code signing, authorization tokens, and so forth. Many of these trust services rely on public-key infrastructure (PKI) and X.509 certificates, however, the sensitive nature of these tools makes them difficult to use in a testing environment. On the one hand, exposing access to production keys in your CI is obviously a terrible idea. But on the other hand, setting up and maintaining a fully functional "mock" PKI environment is also pretty tricky. What can you do about that?


The push for paperless bureaucracy has been going on for quite some time, but the circumstances of the past year made the issue even more pressing than it already was. In this talk presented by iText Research Engineer Matthias Valvekens at FOSDEM 2021, we discuss how you can leverage PDF to build secure, yet user-friendly document workflows. We go over what it means to "trust" a digital signature, and how that trust is validated in practice. In addition, we touch upon some of the common pitfalls in PDF security that you should be aware of to prevent your documents from being exploited.


In this webinar from March 2020, iText Research Manager Michaël Demey and Duff Johnson from the PDF Association discuss PDF security options, focusing on encryption and digital signatures and how you can get started in securing your workflows and user experience right away with real examples using iText.


iText has always been at the forefront of digital signatures in PDF by supporting PAdES and being one of the first to support signatures in the latest PDF 2.0 specification. In this introduction to PDF digital signatures, Text Research Manager and digital signatures enthusiast Michaël Demey explores what digital signing is all about, and explains the key goals of integrity, authenticity, and non-repudiation. He then takes you through the core concepts of of hashing, encryption, and certificate authorities, before getting into the technical nitty-gritty like server and client-side signing and deferred signing, and demonstrates the Smart Certificate use case from our customer CVTrust.


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.