PowerShell
PowerShell
Sign PDF using PAdES-Baseline-B
See more PDF Signatures Examples
PAdES-Baseline-B is the most basic, entry-level profile of the PDF Advanced Electronic Signatures (PAdES) standard.
It means:
- A PDF contains a CMS/PKCS#7 detached signature over the document’s byte range.
/SubFiltermust beETSI.CAdES.detached.- The signer’s X.509 certificate is included inside the signature.
- The signature uses recognized secure algorithms (e.g., SHA-256 with RSA/ECDSA).
- It proves document integrity (no changes since signing) and signer authenticity (certificate identifies who signed).
- It does not include time-stamps, revocation data (CRL/OCSP), or long-term validation information — those appear only in higher levels (PAdES-Baseline-T, -LT, -LTA).
In short: Baseline-B = a standard PDF digital signature that ensures integrity and origin, but without time or revocation guarantees.
Chilkat PowerShell Downloads
Add-Type -Path "C:\chilkat\ChilkatDotNet47-x64\ChilkatDotNet47.dll"
$success = $false
$pdf = New-Object Chilkat.Pdf
# Load a PDF to be signed.
$success = $pdf.LoadFile("c:/someDir/my.pdf")
if ($success -eq $false) {
$($pdf.LastErrorText)
exit
}
# Options for signing are specified in JSON.
$json = New-Object Chilkat.JsonObject
$json.UpdateString("subFilter","/ETSI.CAdES.detached")
$json.UpdateBool("signingCertificateV2",$true)
$json.UpdateBool("signingTime",$true)
$json.UpdateString("signingAlgorithm","pkcs")
$json.UpdateString("hashAlgorithm","sha256")
# -----------------------------------------------------------
# The following JSON settings define the signature appearance.
$json.UpdateInt("page",1)
$json.UpdateString("appearance.y","top")
$json.UpdateString("appearance.x","left")
$json.UpdateString("appearance.fontScale","10.0")
$json.UpdateString("appearance.text[0]","Digitally signed by: cert_cn")
$json.UpdateString("appearance.text[1]","current_dt")
$json.UpdateString("appearance.text[2]","Hello 123 ABC")
# --------------------------------------------------------------
# Load the signing certificate. (Use your own certificate.)
# Note: There are other methods for using a certificate on an HSM (smartcard or token)
# or from other sources, such as a cloud HSM, a Windows installed certificate,
# or other file formats.
$cert = New-Object Chilkat.Cert
$success = $cert.LoadPfxFile("c:/myPfxFiles/myPdfSigningCert.pfx","pfxPassword")
if ($success -eq $false) {
$($cert.LastErrorText)
exit
}
# Once we have the certificate object, tell the PDF object to use it for signing
$success = $pdf.SetSigningCert($cert)
if ($success -eq $false) {
$($pdf.LastErrorText)
exit
}
# Sign the PDF, creating the output file.
$outFilePath = "c:/someDir/mySigned.pdf"
$success = $pdf.SignPdf($json,$outFilePath)
if ($success -eq $false) {
$($pdf.LastErrorText)
exit
}
$("Success.")