Screen with bytes of info

RSS Feed
Technology Bytes

Signing PDFs

JSignPdf Logo

     There are many times I create a PDF (Portable Document Format) file.  I do so when I want to send or give someone a document that is portable and that can reproduce the desired output upon print.  I find that it's also a good way to preserve a document.  But I realized that even though I may share a PDF file with others, that doesn't prevent it from being modified or replaced.  This was more of a concern at my work as we save certain e-mails as PDFs to retain information relating to a project.

     I desired to be able to sign my PDFs like an e-mail so that it can be clearly noted that it hadn't changed.  Or if it did, it wouldn't have my key signature.  So I started looking around to see if it was possible.  I knew I had heard of code signing but I wasn't sure if it was possible to sign PDFs with a private key.

     After searching, I did find that PDFs could be signed but there were programs that could be bought to do it.  I was hoping to find something free and after a little patience, I came across JSignPdf.  I found that it is a open-source project that runs on Java.  It takes a private key in the PKCS12 format (among other formats and from the computer's store) and uses it create a new PDF that is signed.

     After trying it out a bit, I found another important feature that it sported: the ability to timestamp from a timestamp server.  There are servers dedicated to keeping a clock and a signature so that when a document is signed, it can be timestamp with a time from a trusted server that tells what time the document was signed.  One timestamp URL that I have used and that is trusted from Adobe's point of view is from GlobalSign:

     Though I was unable to get a free PDF signing certificate that naturally validates in Adobe Reader, I still sign my PDFs with my free e-mail public key.  It does show a warning, but at least it shows that it has been signed and timestamped.