Digital Signatures with PDFlib PLOP DS
PDFlib PLOP DS applies PDF signatures which can be validated with Adobe Reader, Acrobat, or any other validator which supports PDF signatures. PLOP DS reads the signers digital ID (i.e. the certificate plus corresponding private key) from memory, a disk file, or a secure hardware token such as a smartcard. The digital ID is used to create a cryptographic signature for the PDF document. Applying a signature can be combined with encryption.
PDF Signature Properties
- Create signatures in existing PDF signature fields or generate new fields which hold the signature. The signatures can be invisible or visible at a particular location on the page.
- Visualize digital signatures by importing a logo, scan of a handwritten signature or other representation as PDF page.
- Create PDF certification (author) signatures which allow document changes such as form-filling without breaking the signature.
- Validation information can be stored directly in the signature according to ISO 32000-1 or in a Document Security Store (DSS) as specified in ISO 32000-2 and PAdES part 4.
- Signatures can be applied in an incremental PDF update section to preserve existing signatures and document structure, or by rewriting the document structure which allows optimization and encryption.
PDF Versions and Standards
PLOP DS supports all relevant PDF versions and standards. PLOP DS processes all PDF versions up to Acrobat DC, i.e PDF 1.7 (ISO 32000-1) up to extension level 8. PLOP DS can also process documents according to the forthcoming standard PDF 2.0 (ISO 32000-2). PLOP DS is aware of the PDF/A-1/2/3 (ISO 19005) archiving standards. Similarly, PLOP DS is aware of the PDF/X-1a/3/4/5 (ISO 15930) print production standards, PDF/VT-1/2 (ISO 16612-2) for variable and transactional printing and PDF/UA-1 (ISO 14289) for accessible PDF.
Signature Characteristics
- PLOP DS supports major signature standards, such as Signatures for Long-Term Validation (LTV) according to the forthcoming ISO 32000-2 as well as PAdES (PDF Advanced Electronic Signatures) conformance levels.
- Signatures with certificates from a CA (Certificate Authority) on the Adobe Approved Trust List (AATL) or European Union Trust List (EUTL) can be validated in Acrobat and Adobe Reader without any configuration on the client side.
- Time-stamping: Time-stamps can be retrieved from a trusted Time-Stamp Authority (TSA) according to RFC 3161, RFC 5816 and ETSI EN 319 422, and embedded in the generated signatures. Document-level time-stamp signatures can be created according to the relevant standards.
- Signature Engines: PLOP DS supports multiple cryptographic engines, i.e. components for generating digital signatures, such as a Hardware Security Module (HSM).
Supported Development Environments
PDFlib PLOP DS is everywhere - it runs on practically all computing platforms. We offer 32-bit and 64-bit packages for all common flavors of Windows, OS X, Linux and Unix. Versions for mobile and embedded systems are available on request. The PLOP DS core is written in highly optimized C and C++ code for maximum performance and small overhead.