(Perl) Sign PDF using PAdES-Baseline-B

See more PDF Signatures Examples

PAdES-Baseline-B is the most basic, entry-level profile of the PDF Advanced Electronic Signatures (PAdES) standard.

It means:

• A PDF contains a CMS/PKCS#7 detached signature over the document’s byte range.
• /SubFilter must be ETSI.CAdES.detached.
• The signer’s X.509 certificate is included inside the signature.
• The signature uses recognized secure algorithms (e.g., SHA-256 with RSA/ECDSA).
• It proves document integrity (no changes since signing) and signer authenticity (certificate identifies who signed).
• It does not include time-stamps, revocation data (CRL/OCSP), or long-term validation information — those appear only in higher levels (PAdES-Baseline-T, -LT, -LTA).

In short: Baseline-B = a standard PDF digital signature that ensures integrity and origin, but without time or revocation guarantees.

Chilkat Perl Downloads Perl Module for Windows, MacOS, Linux, Alpine Linux

use chilkat();

$success = 0;

$pdf = chilkat::CkPdf->new();

# Load a PDF to be signed.
$success = $pdf->LoadFile("c:/someDir/my.pdf");
if ($success == 0) {
    print $pdf->lastErrorText() . "\r\n";
    exit;
}

# Options for signing are specified in JSON.
$json = chilkat::CkJsonObject->new();

$json->UpdateString("subFilter","/ETSI.CAdES.detached");
$json->UpdateBool("signingCertificateV2",1);
$json->UpdateBool("signingTime",1);
$json->UpdateString("signingAlgorithm","pkcs");
$json->UpdateString("hashAlgorithm","sha256");

# -----------------------------------------------------------
# The following JSON settings define the signature appearance.
$json->UpdateInt("page",1);
$json->UpdateString("appearance.y","top");
$json->UpdateString("appearance.x","left");
$json->UpdateString("appearance.fontScale","10.0");
$json->UpdateString("appearance.text[0]","Digitally signed by: cert_cn");
$json->UpdateString("appearance.text[1]","current_dt");
$json->UpdateString("appearance.text[2]","Hello 123 ABC");

# --------------------------------------------------------------
# Load the signing certificate. (Use your own certificate.)
# Note: There are other methods for using a certificate on an HSM (smartcard or token)
# or from other sources, such as a cloud HSM, a Windows installed certificate,
# or other file formats.
$cert = chilkat::CkCert->new();
$success = $cert->LoadPfxFile("c:/myPfxFiles/myPdfSigningCert.pfx","pfxPassword");
if ($success == 0) {
    print $cert->lastErrorText() . "\r\n";
    exit;
}

# Once we have the certificate object, tell the PDF object to use it for signing
$success = $pdf->SetSigningCert($cert);
if ($success == 0) {
    print $pdf->lastErrorText() . "\r\n";
    exit;
}

# Sign the PDF, creating the output file.
$outFilePath = "c:/someDir/mySigned.pdf";
$success = $pdf->SignPdf($json,$outFilePath);
if ($success == 0) {
    print $pdf->lastErrorText() . "\r\n";
    exit;
}

print "Success." . "\r\n";