Supported Cryptographic Formats

Information

PSPDFKit Server has been deprecated and replaced by PSPDFKit Document Engine. All PSPDFKit Server and PSPDFKit for Web Server-Backed licenses will work as before and be supported until 15 May 2024 (we will contact you about license migration). To start using Document Engine, refer to the migration guide. With Document Engine, you’ll have access to robust new capabilities (read the blog for more information).

PSPDFKit supports the following signing methods:

  • PAdES (PDF Advanced Electronic Signatures, ETSI.CAdES.detached)

  • CMS (adbe.pkcs7.detached)

Supported signing algorithms are:

  • RSA

  • ECDSA

Supported hashing algorithms include:

  • MD4

  • MD5

  • SHA-2 (SHA-224, SHA-256, SHA-384, SHA-512, SHA-512-256)

A hashing algorithm is an algorithm that converts a large amount of data (your PDF document) to a fixed-length string. If someone changes one bit of data in your PDF document, the hashing algorithm produces a different string, so if you store that hash inside the PDF document, you could potentially know when it has been changed by a third party. However, as easy as it sounds, this approach is insecure. If someone knows the hashing algorithm that was used to sign the PDF, they could replace the hash inside the PDF so that it validates as authentic. To avoid this, PSPDFKit works with encryption algorithms.

More specifically, PSPDFKit supports RSA, one of the most popular public key encryption algorithms. ECDSA, an algorithm based on elliptic curve cryptography, is also supported. Cryptographic systems based on ECDSA are becoming the de facto standard for messaging and systems security.

Supported Certificate Encodings

Certificate stores can be encoded in either of these two formats:

  • DER- or PEM-encoded PKCS#7

  • DER- or PEM-encoded X.509

If you’re unsure about the format of your certificate, try to load it with the format specified (learn more):

openssl x509 -inform pem -in cerfile.cer -noout -text
openssl x509 -inform der -in cerfile.cer -noout -text

Learn how to generate an RSA certificate for testing purposes.