(Objective-C) Sign PDF using PAdES-Baseline-B

See more PDF Signatures Examples

PAdES-Baseline-B is the most basic, entry-level profile of the PDF Advanced Electronic Signatures (PAdES) standard.

It means:

• A PDF contains a CMS/PKCS#7 detached signature over the document’s byte range.
• /SubFilter must be ETSI.CAdES.detached.
• The signer’s X.509 certificate is included inside the signature.
• The signature uses recognized secure algorithms (e.g., SHA-256 with RSA/ECDSA).
• It proves document integrity (no changes since signing) and signer authenticity (certificate identifies who signed).
• It does not include time-stamps, revocation data (CRL/OCSP), or long-term validation information — those appear only in higher levels (PAdES-Baseline-T, -LT, -LTA).

In short: Baseline-B = a standard PDF digital signature that ensures integrity and origin, but without time or revocation guarantees.

Chilkat Objective-C Library Downloads MAC OS X (Cocoa) Libs iOS Libs

#import <CkoPdf.h>
#import <CkoJsonObject.h>
#import <CkoCert.h>
#import <NSString.h>

BOOL success = NO;

CkoPdf *pdf = [[CkoPdf alloc] init];

// Load a PDF to be signed.
success = [pdf LoadFile: @"c:/someDir/my.pdf"];
if (success == NO) {
    NSLog(@"%@",pdf.LastErrorText);
    return;
}

// Options for signing are specified in JSON.
CkoJsonObject *json = [[CkoJsonObject alloc] init];

[json UpdateString: @"subFilter" value: @"/ETSI.CAdES.detached"];
[json UpdateBool: @"signingCertificateV2" value: YES];
[json UpdateBool: @"signingTime" value: YES];
[json UpdateString: @"signingAlgorithm" value: @"pkcs"];
[json UpdateString: @"hashAlgorithm" value: @"sha256"];

// -----------------------------------------------------------
// The following JSON settings define the signature appearance.
[json UpdateInt: @"page" value: [NSNumber numberWithInt: 1]];
[json UpdateString: @"appearance.y" value: @"top"];
[json UpdateString: @"appearance.x" value: @"left"];
[json UpdateString: @"appearance.fontScale" value: @"10.0"];
[json UpdateString: @"appearance.text[0]" value: @"Digitally signed by: cert_cn"];
[json UpdateString: @"appearance.text[1]" value: @"current_dt"];
[json UpdateString: @"appearance.text[2]" value: @"Hello 123 ABC"];

// --------------------------------------------------------------
// Load the signing certificate. (Use your own certificate.)
// Note: There are other methods for using a certificate on an HSM (smartcard or token)
// or from other sources, such as a cloud HSM, a Windows installed certificate,
// or other file formats.
CkoCert *cert = [[CkoCert alloc] init];
success = [cert LoadPfxFile: @"c:/myPfxFiles/myPdfSigningCert.pfx" password: @"pfxPassword"];
if (success == NO) {
    NSLog(@"%@",cert.LastErrorText);
    return;
}

// Once we have the certificate object, tell the PDF object to use it for signing
success = [pdf SetSigningCert: cert];
if (success == NO) {
    NSLog(@"%@",pdf.LastErrorText);
    return;
}

// Sign the PDF, creating the output file.
NSString *outFilePath = @"c:/someDir/mySigned.pdf";
success = [pdf SignPdf: json outFilePath: outFilePath];
if (success == NO) {
    NSLog(@"%@",pdf.LastErrorText);
    return;
}

NSLog(@"%@",@"Success.");