(C) Sign PDF using PAdES-Baseline-B

See more PDF Signatures Examples

PAdES-Baseline-B is the most basic, entry-level profile of the PDF Advanced Electronic Signatures (PAdES) standard.

It means:

• A PDF contains a CMS/PKCS#7 detached signature over the document’s byte range.
• /SubFilter must be ETSI.CAdES.detached.
• The signer’s X.509 certificate is included inside the signature.
• The signature uses recognized secure algorithms (e.g., SHA-256 with RSA/ECDSA).
• It proves document integrity (no changes since signing) and signer authenticity (certificate identifies who signed).
• It does not include time-stamps, revocation data (CRL/OCSP), or long-term validation information — those appear only in higher levels (PAdES-Baseline-T, -LT, -LTA).

In short: Baseline-B = a standard PDF digital signature that ensures integrity and origin, but without time or revocation guarantees.

Chilkat C/C++ Library Downloads
MS Visual C/C++ C++ Builder Linux C/C++ Alpine Linux C/C++	MacOS C/C++ iOS C/C++ Android C/C++ MinGW C/C++

#include <C_CkPdf.h>
#include <C_CkJsonObject.h>
#include <C_CkCert.h>

void ChilkatSample(void)
    {
    BOOL success;
    HCkPdf pdf;
    HCkJsonObject json;
    HCkCert cert;
    const char *outFilePath;

    success = FALSE;

    pdf = CkPdf_Create();

    // Load a PDF to be signed.
    success = CkPdf_LoadFile(pdf,"c:/someDir/my.pdf");
    if (success == FALSE) {
        printf("%s\n",CkPdf_lastErrorText(pdf));
        CkPdf_Dispose(pdf);
        return;
    }

    // Options for signing are specified in JSON.
    json = CkJsonObject_Create();

    CkJsonObject_UpdateString(json,"subFilter","/ETSI.CAdES.detached");
    CkJsonObject_UpdateBool(json,"signingCertificateV2",TRUE);
    CkJsonObject_UpdateBool(json,"signingTime",TRUE);
    CkJsonObject_UpdateString(json,"signingAlgorithm","pkcs");
    CkJsonObject_UpdateString(json,"hashAlgorithm","sha256");

    // -----------------------------------------------------------
    // The following JSON settings define the signature appearance.
    CkJsonObject_UpdateInt(json,"page",1);
    CkJsonObject_UpdateString(json,"appearance.y","top");
    CkJsonObject_UpdateString(json,"appearance.x","left");
    CkJsonObject_UpdateString(json,"appearance.fontScale","10.0");
    CkJsonObject_UpdateString(json,"appearance.text[0]","Digitally signed by: cert_cn");
    CkJsonObject_UpdateString(json,"appearance.text[1]","current_dt");
    CkJsonObject_UpdateString(json,"appearance.text[2]","Hello 123 ABC");

    // --------------------------------------------------------------
    // Load the signing certificate. (Use your own certificate.)
    // Note: There are other methods for using a certificate on an HSM (smartcard or token)
    // or from other sources, such as a cloud HSM, a Windows installed certificate,
    // or other file formats.
    cert = CkCert_Create();
    success = CkCert_LoadPfxFile(cert,"c:/myPfxFiles/myPdfSigningCert.pfx","pfxPassword");
    if (success == FALSE) {
        printf("%s\n",CkCert_lastErrorText(cert));
        CkPdf_Dispose(pdf);
        CkJsonObject_Dispose(json);
        CkCert_Dispose(cert);
        return;
    }

    // Once we have the certificate object, tell the PDF object to use it for signing
    success = CkPdf_SetSigningCert(pdf,cert);
    if (success == FALSE) {
        printf("%s\n",CkPdf_lastErrorText(pdf));
        CkPdf_Dispose(pdf);
        CkJsonObject_Dispose(json);
        CkCert_Dispose(cert);
        return;
    }

    // Sign the PDF, creating the output file.
    outFilePath = "c:/someDir/mySigned.pdf";
    success = CkPdf_SignPdf(pdf,json,outFilePath);
    if (success == FALSE) {
        printf("%s\n",CkPdf_lastErrorText(pdf));
        CkPdf_Dispose(pdf);
        CkJsonObject_Dispose(json);
        CkCert_Dispose(cert);
        return;
    }

    printf("Success.\n");


    CkPdf_Dispose(pdf);
    CkJsonObject_Dispose(json);
    CkCert_Dispose(cert);

    }