Sign PDF files digitally from CLI or your webserver
Easily sign PDF files from your command line.
No special certificates needed, you can just reuse your already existing certificates, e.g. from Let's Encrypt.
Cryptographically sign your PDF files in PAdES‑B, PAdES‑T, PAdES‑LT or PAdES‑LTA. This lets your visitors know that PDFs were actually served by your server.
Customize the signature to your liking. You can append a visible or invisible signature. Visible signatures can be further customized.
Docsopen-pdf-sign easily integrates with your existing Nginx web server or can be used in your Node.JS projects
nginx npm moduleThe CLI can be easily invoked. Just run
java -jar open-pdf-sign.jar -i input.pdf -o output.pdf \
-c /etc/letsencrypt/live/openpdfsign.org/fullchain.pem \
-k /etc/letsencrypt/live/openpdfsign.org/privkey.pem
That's it! 🎉
For signature you can use e.g. your domain certificate, or any other certificate.
In its default settings, the document is signed using an invisible electronic signature. In case you want to add a visible signature to the signed documents, you can use the --page, --image, --hint and other options.
java -jar open-pdf-sign.jar -i input.pdf -o output.pdf \
-c /etc/letsencrypt/live/openpdfsign.org/fullchain.pem \
-k /etc/letsencrypt/live/openpdfsign.org/privkey.pem \
--page -1 --image mylogo.png \
--hint "You can check the validity at signaturpruefung.gv.at"
Will sign your PDF on the last page with a textblock containing your given image:
While you can use open-pdf-sign to sign single PDFs, you can also use the open-pdf-sign-configurator to just sign every single PDF that your nginx server hosts on the fly.
But why?
Users that access PDFs of your website directly can be sure of the authenticity of the served PDFs because of the TLS connection.
With the open-pdf-sign server installed, every PDF served is automatically and invisibly signed with the certificate already used for the TLS connection. This allows downstream recipients of the PDF to verify that the PDF actually came from your server.
Open-pdf-sign is a software package that allows for the automatic signing of PDF documents. It is designed to be easy to use for developers, and is released under an permissive Open Source license.
Yes, open-pdf-sign is released under the Apache 2.0 Open Source license, allowing anyone to use and modify the code.
As a Java CLI application, open-pdf-sign supports Windows, Linux and Mac OS, as long as a Java JRE at minimum version 8 is available.
In general, you can use any certificate/key for signatures, even domain keys such as Let's Encrypt. Be aware that with these certificates, some legal consequences of the signature may not be present due to the non-repudiation bit not being set.
Yes, the signature may also be a visible signature, using user-provided text or graphics. Please refer to the documentation for more information and examples.
The open-pdf-sign-configurator package allows an easy integration with nginx web servers. But it can be installed on other servers.
Yes, open-pdf-sign is free to use and distribute.
Yes, open-pdf-sign is designed to be used on a webserver to sign PDFs automatically.
Please refer to the installation instructions in the open-pdf-sign documentation for specific instructions on how to install the software on your server.
Yes, support is available for open-pdf-sign through the project's GitHub page, where you can submit issues and ask questions.
Yes, open-pdf-sign is Open Source and anyone is welcome to contribute to the development of the software.