Supported Cryptographic Formats
PSPDFKit supports the following signing methods:
PAdES(PDF Advanced Electronic Signatures, ETSI.CAdES.detached)
Supported signing algorithms are:
Supported hashing algorithms include:
SHA-2 (SHA-224, SHA-256, SHA-384, SHA-512, SHA-512-256)
A hashing algorithm is an algorithm that converts a large amount of data (your PDF document) to a fixed-length string. If someone changes one bit of data in your PDF document, the hashing algorithm produces a different string, so if you store that hash inside the PDF document, you could potentially know when it has been changed by a third party. However, as easy as it sounds, this approach is insecure. If someone knows the hashing algorithm that was used to sign the PDF, they could replace the hash inside the PDF so that it validates as authentic. To avoid this, PSPDFKit works with encryption algorithms.
More specifically, PSPDFKit supports
RSA, one of the most popular public key encryption algorithms.
ECDSA, an algorithm based on elliptic curve cryptography, is also supported. Cryptographic systems based on
ECDSA are becoming the de facto standard for messaging and systems security.
Supported Certificate Encodings
Certificate stores can be encoded in either of these two formats:
DER- or PEM-encoded PKCS#7
DER- or PEM-encoded X.509
If you’re unsure about the format of your certificate, try to load it with the format specified (learn more):
openssl x509 -inform pem -in cerfile.cer -noout -text openssl x509 -inform der -in cerfile.cer -noout -text
Learn how to generate an RSA certificate for testing purposes.