Search code examples
pdfitextdigital-signaturepades

Does iText Community 5.4.2 support creating Digital Signature 'PAdES'

Does 'iText' community version 5.4.2 support creating 'PAdES' Digital Signature standard for PDF files ?

Thank you very much in Advance Best Regards Pearapon S. Bangkok, Thailand

Solution

  • You might want to read the white paper Digital Signatures for PDF documents by Bruno Lowagie (iText Software). It is from 2013, so some details might be out of date, but it still is a good introduction to the iText 5 signing API and an interesting read in the context of PDF signing in general.

    Concerning your question it in particular explains:

    PAdES is a set of restrictions and extensions to PDF and ISO-32000-1 making it suitable for advanced electronic signatures. It’s described in TS 102 778 (ETSI, 2009), and it will be implemented in ISO-32000-2. PAdES consists of six parts:

    • Part 1—the first part is an overview of support for signatures in PDF documents, and it lists the features of the PDF profiles in the other documents.

    • Part 2—PAdES Basic is based on ISO-32000-1. If you want to know more about digital signatures in PDF, you should read this specification before starting to dig into the PDF reference. PAdES part 2 is supported in iText since version 5.0.0.

    • Part 3—PAdES Enhanced describes profiles that are based on CAdES: PAdES Basic Electronic Signature (BES) and Explicit Policy Electronic Signature (EPES). PAdES part 3 is supported in iText since version 5.3.0.

    • Part 4—PAdES Long-Term Validation (LTV) is about protecting data beyond the expiry of the user’s signing certificate. This mechanism requires a Document Security Store (DSS). PAdES part 4 is supported in iText since version 5.1.3.

    • Part 5—PAdES for XML content describes profiles for XAdES signatures. For instance, after filling an XFA form, which is XML content embedded in a PDF file, a user may sign selected parts of the form. This isn’t supported in iText yet.

    • Part 6—Visual representations of Electronic Signatures. This is supported in iText, but it also depends on other factors. For instance: does your certificate contain sufficient information?

    As mentioned before, the document is from 2013 and, therefore, references the early ETSI TS on PAdES and not the newer ETSI EN documents. Changes required by the newer ENs have been implemented in the current iText 5 version, though, so basically the statements still hold.

    PS: The online version of the code of the examples in the whitepaper has continuously been updated. Thus, if you want to try the examples, be sure to look for the updated code.