Sign PDFs and Add Custom Encryption on iOS

There are various use cases in which PSPDFKit’s default signing implementation can’t be used. Some example use cases are when:

  • You’re required to use a specific crypto library .

  • You aren’t in direct possession of a signing key (for example, when using an HSM or a signing service).

  • You have a specific multi-step signing flow that is not supported by PSPDFKit’s default implementation (for example, with multiple passwords).

To customize the signing process, you can subclass PDFSigner. Then register the signer with the signature manager, as described above. Please have a look at the documentation in the PDFSigner header file for more information on what methods you need to override.

Signing a Document Using Your Own Encryption

Sometimes it’s not feasible to have access to a private key and load it on an iOS device to sign a document. Or, you may want more control over the signing process than what the PDFSigner class provides by default — for example, to sign information using a web service. For such situations, the delegate property of PDFSigner may be useful. Another alternative is to use the contained digital signatures workflow explained later in this guide.

First create a class that implements the PDFDocumentSignerDelegate protocol, and set it as the delegate property of PDFSigner or one of its subclasses. Then you must implement the following method:

  • documentSigner(_:sign:hashAlgorithm:completion:) will be called during the signing process with two important pieces of information. The data parameter is the hashed document information that must be signed. PSPDFKit follows the security recommendations of the PDF standard and always hashes the entire PDF document, except for a space reserved for the signature itself. hashAlgorithm is the hash function that was used to convert the raw bytes in the PDF document into the Data that was provided to this method. You must return the signed data using the private key associated with the certificate’s public key you passed to the sign methods in PDFSigner.

You can customize the hash and encryption algorithms used to sign the document by implementing a few optional methods of the PDFDocumentSignerDataSource protocol: