My company needs to implement a way to put an electronic seal on official PDFs to ensure their integrity. I have heard by some of my colleagues that it has been done with OpenPDF, but I have found nothing so far by searching on the Internet.
Is it effectively possible to achieve this with just using OpenPDF? Or do other libraries exist? In this case I would prefer free libraries, but if there are only commercial options I would like to try them first, so that I can see if I am able to use them and if my superiors want to take the economical risk.
This is the definition of e-seal from Wikipedia:
A qualified electronic seal is an electronic seal that is compliant to EU Regulation No 910/2014 (eIDAS Regulation) for electronic transactions within the internal European market. It enables to verify the issuer of a document over long periods of time. Qualified electronic seals can be considered as digital equivalent to seals of legal entities on paper. According to the eIDAS regulation, a qualified electronic seal must be created by a qualified electronic device and based on a qualified certificate for electronic seal.
First off, there were some discussions about electronic seals and signatures in comments to this question.
Legally (in the context of eIDAS) these are strictly different from each other. Technically, though, both are usually implemented as digital signatures, and in the context of PDFs more precisely as PAdES signatures; the main difference is in the signer certificates used which indicate whether you have an electronic seal or signature.
Thus, the question burns down to whether OpenPDF supports the creation of PAdES signatures.
OpenPDF is a fork of the last non-AGPL version of iText, i.e. the unofficial release iText 4.2.0 Bruno Lowagie tagged on 2009-11-27 13:59:39. In that year a first version of the PAdES signatures had just been published by ETSI as a technical specification (TS), not yet an European Standard (EN).
The iText library at that time, therefore, did not contain any explicit PAdES support, only for the interoperable ISO 32000-1 signature types. It offered the option, though, to mostly create the signature dictionary yourself and inject your own, custom-made signature container. Thus, by making use of this option, you could create PAdES signatures, and not only with the ISO 32000-1 compatibility profile but with the BES and EPES profiles, too.
The OpenPDF signature API has hardly changed since then; thus, there still is no explicit support for PAdES yet but the interfaces are open to inject signature dictionaries and signature containers to create signatures matching simple PAdES profiles (Baseline-B, Baseline-T, E-BES, E-EPES).
Is it effectively possible to achieve this with just using OpenPDF?
It is possible with OpenPDF but depending on the exact profile you want you have to add some code to generate signature dictionaries and signature containers accordingly.
Or do other libraries exist?
Yes. For example
(For library recommendations, though, please use the Software Recommendations Stack Exchange instead of stack overflow, strictly speaking they are off-topic here.)