Tcl
Tcl
Sign PDF using PAdES-Baseline-B
See more PDF Signatures Examples
PAdES-Baseline-B is the most basic, entry-level profile of the PDF Advanced Electronic Signatures (PAdES) standard.
It means:
- A PDF contains a CMS/PKCS#7 detached signature over the document’s byte range.
/SubFiltermust beETSI.CAdES.detached.- The signer’s X.509 certificate is included inside the signature.
- The signature uses recognized secure algorithms (e.g., SHA-256 with RSA/ECDSA).
- It proves document integrity (no changes since signing) and signer authenticity (certificate identifies who signed).
- It does not include time-stamps, revocation data (CRL/OCSP), or long-term validation information — those appear only in higher levels (PAdES-Baseline-T, -LT, -LTA).
In short: Baseline-B = a standard PDF digital signature that ensures integrity and origin, but without time or revocation guarantees.
Chilkat Tcl Downloads
load ./chilkat.dll
set success 0
set pdf [new_CkPdf]
# Load a PDF to be signed.
set success [CkPdf_LoadFile $pdf "c:/someDir/my.pdf"]
if {$success == 0} then {
puts [CkPdf_lastErrorText $pdf]
delete_CkPdf $pdf
exit
}
# Options for signing are specified in JSON.
set json [new_CkJsonObject]
CkJsonObject_UpdateString $json "subFilter" "/ETSI.CAdES.detached"
CkJsonObject_UpdateBool $json "signingCertificateV2" 1
CkJsonObject_UpdateBool $json "signingTime" 1
CkJsonObject_UpdateString $json "signingAlgorithm" "pkcs"
CkJsonObject_UpdateString $json "hashAlgorithm" "sha256"
# -----------------------------------------------------------
# The following JSON settings define the signature appearance.
CkJsonObject_UpdateInt $json "page" 1
CkJsonObject_UpdateString $json "appearance.y" "top"
CkJsonObject_UpdateString $json "appearance.x" "left"
CkJsonObject_UpdateString $json "appearance.fontScale" "10.0"
CkJsonObject_UpdateString $json "appearance.text[0]" "Digitally signed by: cert_cn"
CkJsonObject_UpdateString $json "appearance.text[1]" "current_dt"
CkJsonObject_UpdateString $json "appearance.text[2]" "Hello 123 ABC"
# --------------------------------------------------------------
# Load the signing certificate. (Use your own certificate.)
# Note: There are other methods for using a certificate on an HSM (smartcard or token)
# or from other sources, such as a cloud HSM, a Windows installed certificate,
# or other file formats.
set cert [new_CkCert]
set success [CkCert_LoadPfxFile $cert "c:/myPfxFiles/myPdfSigningCert.pfx" "pfxPassword"]
if {$success == 0} then {
puts [CkCert_lastErrorText $cert]
delete_CkPdf $pdf
delete_CkJsonObject $json
delete_CkCert $cert
exit
}
# Once we have the certificate object, tell the PDF object to use it for signing
set success [CkPdf_SetSigningCert $pdf $cert]
if {$success == 0} then {
puts [CkPdf_lastErrorText $pdf]
delete_CkPdf $pdf
delete_CkJsonObject $json
delete_CkCert $cert
exit
}
# Sign the PDF, creating the output file.
set outFilePath "c:/someDir/mySigned.pdf"
set success [CkPdf_SignPdf $pdf $json $outFilePath]
if {$success == 0} then {
puts [CkPdf_lastErrorText $pdf]
delete_CkPdf $pdf
delete_CkJsonObject $json
delete_CkCert $cert
exit
}
puts "Success."
delete_CkPdf $pdf
delete_CkJsonObject $json
delete_CkCert $cert