Adding a Digital Signature to a PDF on iOS
PSPDFKit enables signing both existing signature form elements and documents without a signature form element.
ℹ️ Note: If you want to use the Digital Signatures feature, make sure to include it in your license. Please follow this link to contact sales to start using it.
Creating a Digital Signature
Adding a digital signature on a PDF document is both reliable proof of the document’s origin and protection against modification by third parties.
To create a digital signature, you need two things.
-
First, you need an X509 certificate that contains your public key and your signer information. PSPDFKit supports PEM-encoded and DER-encoded X509 certificates, as well as DER-encoded PKCS#7 certificates. You can check the encoding of a certificate file by using the OpenSSL command-line tool as follows:
openssl pkcs7 -noout -text -print_certs -in example.p7b
The above command will print an error message if “example.p7b” is not a PEM-encoded PKCS#7 certificate or certificate chain.
To verify if a PKCS#7 certificate file is correctly DER encoded, you can use this command instead:
openssl pkcs7 -inform der -noout -text -print_certs -in example.p7b
The above command will print an error message if “example.p7b” is not a DER-encoded PKCS#7 certificate or certificate chain.
-
Second, you need your private key.
Signing Process
The signing process produces the signature by encrypting the message digest from the PDF file with a private key. The certificate with its public key is added to the signature and saved in the PDF file. For your convenience, PSPDFKit provides a PKCS12Signer that loads a certificate with the public and private key from a p12 archive. If you want to customize the signing process, you need to subclass PDFSigner. Keep in mind that certificates installed by a user via opening the .p12 container with built-in apps (via Install Profile) will go to the Apple access group and will only be available to Apple-provided apps such as Safari or Mail. See the Apple Technical Q&A for more details and a suggested workaround.
Here’s an example of how to register a PKCS12Signer:
// `p12Data` is a `p12` archive` NSData` object. let p12 = PKCS12(data: p12Data) // Create a signer with a display name. The display name will show up in the list of identities when you tap on a signature form field. let p12Signer = PKCS12Signer(displayName: "John Appleseed", pkcs12: p12) // Register your signer with the signature manager. let signatureManager = PSPDFKit.SDK.shared.signatureManager signatureManager.register(p12Signer)
// `p12Data` is a `p12` archive `NSData` object. PSPDFPKCS12 *p12 = [[PSPDFPKCS12 alloc] initWithData:p12Data]; // Create a signer with a display name. The display name will show up in the list of identities when you tap on a signature form field. PSPDFPKCS12Signer *p12Signer = [[PSPDFPKCS12Signer alloc] initWithDisplayName:@"John Appleseed" PKCS12:p12]; // Register your signer with the signature manager. PSPDFSignatureManager *signatureManager = PSPDFKitGlobal.sharedInstance.signatureManager; [signatureManager registerSigner:p12Signer];
Editing a Digitally Signed Document
When displaying digitally signed documents, PSPDFKit will allow annotation editing unless a DocMDP transform method is specified under the TransformMethod key of the signature information dictionary. When PSPDFKit is used for the signing process, this method is never set, which means annotation editing remains enabled.