(Delphi ActiveX) Sign PDF using PAdES-Baseline-B

See more PDF Signatures Examples

PAdES-Baseline-B is the most basic, entry-level profile of the PDF Advanced Electronic Signatures (PAdES) standard.

It means:

• A PDF contains a CMS/PKCS#7 detached signature over the document’s byte range.
• /SubFilter must be ETSI.CAdES.detached.
• The signer’s X.509 certificate is included inside the signature.
• The signature uses recognized secure algorithms (e.g., SHA-256 with RSA/ECDSA).
• It proves document integrity (no changes since signing) and signer authenticity (certificate identifies who signed).
• It does not include time-stamps, revocation data (CRL/OCSP), or long-term validation information — those appear only in higher levels (PAdES-Baseline-T, -LT, -LTA).

In short: Baseline-B = a standard PDF digital signature that ensures integrity and origin, but without time or revocation guarantees.

Chilkat for Delphi Downloads Chilkat ActiveX DLL for Delphi Chilkat non-ActiveX DLL for Delphi * The examples here use the ActiveX DLL.

uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Chilkat_TLB;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Integer;
pdf: TChilkatPdf;
json: TChilkatJsonObject;
cert: TChilkatCert;
outFilePath: WideString;

begin
success := 0;

pdf := TChilkatPdf.Create(Self);

// Load a PDF to be signed.
success := pdf.LoadFile('c:/someDir/my.pdf');
if (success = 0) then
  begin
    Memo1.Lines.Add(pdf.LastErrorText);
    Exit;
  end;

// Options for signing are specified in JSON.
json := TChilkatJsonObject.Create(Self);

json.UpdateString('subFilter','/ETSI.CAdES.detached');
json.UpdateBool('signingCertificateV2',1);
json.UpdateBool('signingTime',1);
json.UpdateString('signingAlgorithm','pkcs');
json.UpdateString('hashAlgorithm','sha256');

// -----------------------------------------------------------
// The following JSON settings define the signature appearance.
json.UpdateInt('page',1);
json.UpdateString('appearance.y','top');
json.UpdateString('appearance.x','left');
json.UpdateString('appearance.fontScale','10.0');
json.UpdateString('appearance.text[0]','Digitally signed by: cert_cn');
json.UpdateString('appearance.text[1]','current_dt');
json.UpdateString('appearance.text[2]','Hello 123 ABC');

// --------------------------------------------------------------
// Load the signing certificate. (Use your own certificate.)
// Note: There are other methods for using a certificate on an HSM (smartcard or token)
// or from other sources, such as a cloud HSM, a Windows installed certificate,
// or other file formats.
cert := TChilkatCert.Create(Self);
success := cert.LoadPfxFile('c:/myPfxFiles/myPdfSigningCert.pfx','pfxPassword');
if (success = 0) then
  begin
    Memo1.Lines.Add(cert.LastErrorText);
    Exit;
  end;

// Once we have the certificate object, tell the PDF object to use it for signing
success := pdf.SetSigningCert(cert.ControlInterface);
if (success = 0) then
  begin
    Memo1.Lines.Add(pdf.LastErrorText);
    Exit;
  end;

// Sign the PDF, creating the output file.
outFilePath := 'c:/someDir/mySigned.pdf';
success := pdf.SignPdf(json.ControlInterface,outFilePath);
if (success = 0) then
  begin
    Memo1.Lines.Add(pdf.LastErrorText);
    Exit;
  end;

Memo1.Lines.Add('Success.');
end;