How to Sign a PDF Document with a PKI Certificate on iOS

The PlugPDF SDK allows you to sign and validate your PDF documents with one or more signatures. To do so, please follow these steps.

  1. Prepare an image object. This is the visual appearance of a signature field (optional)
  2. Create a signature field (this is a form field containing a digital signature)
  3. Compute a byte range digest
  4. Inject the computed byte range into the signature field created in Step 2.

Then, validating a PDF document is a two step process:

  1. Get a signature field
  2. Get a computed byte range digest data in the signature field

Signing your PDF

1. Prepare an image object

The signature field’s visual appearance can be set using an image.

Screenshot 2014-10-21 17.06.50

To achieve this, insert an image object into your PDF document as shown in the following code snippet.

2. Create a signature field

Before computing the byte range digest, we need first to create a signature field  that contains zero-filled digest data as a place holder. The SignatureField object containing the offset value returned from the prepareSignatureSrc method tells the file offset where the digest data starts in the file and the title of the signature field. Then the computed digest should be injected at this offset position.

ByteRange is a four numbers array (more info), and this is how it can be obtained with the PlugPDF SDK.

3. Compute a byte range digest

As you can see in step 2, the content file corresponds to the third parameter of the createSignatureField method.

It is necessary to compute the signature value, however, PlugPDF doesn’t provide any built-in method to compute a byte range digest; a DER-encoded PKCS#7 binary data object containing the signature can be used as the digest data.

The SHA1 digest of the byte range should be encapsulated in the PKCS#7 signed-data field. The PKCS#7 object must conform to the PKCS#7 specification in Internet RFC 2315, PKCS #7: Cryptographic Message Syntax, Version 1.5.

At minimum, it must include the signer’s X.509 signing certificate, which is used to verify the signature value. The PKCS#7 object may optionally contain one or more issuer certificates from the signer’s trust chain.

4. Inject the byte range digest

Finally, inject the computed byte range digest data into your PDF file.

Validating your PDF

Let’s finish this post by looking at the two step process of validating a PDF document.

1. Get a signature field property

Remember: This is a form field containing a digital signature, and is needed to know the signature field information in the PDF file for validation.

The SignatureField class has three properties. It contains values for signature validation.

2. Get a computed byte range digest data in the signature field

The last step needed in order to compute the digest consists in getting the computed byte range digest data and the content file path; then, you’ll be able to validate your PDF document with the digest data and the content file.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *