Signing PDF documents has become a standard practice for businesses and individuals in the age of digital transactions and paperless workflows. However, not all digital signatures are created equal. There are two main techniques for adding a signature to a PDF document:
- Applying a digital signature to the entire document
- Signing designated signature fields
While both methods serve the purpose of ensuring document authenticity, integrity, and non-repudiation, they differ in execution and use cases.
Signing the Entire Document
When you sign a PDF document, you apply a digital signature to the entire file. A digital signature is the embedding of a cryptographic hash that validates the authenticity and integrity of the document. A digital signature is a mathematical algorithm used to authenticate the signer and ensure that the document has not been altered after being signed. It typically requires a digital certificate issued by a trusted Certificate Authority (CA).
Signing the entire document encrypts the hash of the document with the signer's private key. Any subsequent changes to the document invalidate the signature. The diagram below illustrates the process of signing a PDF document using a digital signature.
This is often used when the entire content of the document needs to be validated as authentic. It is often used in legal contracts, agreements, or regulatory filings where every part of the document must be protected from alteration.
Signing Documents with TX Text Control
TX Text Control provides a comprehensive API for digitally signing PDF documents. PFX, DER Cer, or Base64 CER certificate files can be used to create signatures. In addition, certificates can be loaded from raw data or selected from the local certificate store. The digital signature and signed PDF document are cryptographically bound and secured, ensuring that the document has not been tampered with.
The following method uses the Server
╰ TX Text Control .NET Server for ASP.NET
╰ TXTextControl Namespace
╰ ServerTextControl Class
The ServerTextControl class implements a component that provide high-level text processing features for server-based applications. class to create a document. The document will then be exported as a PDF. During the save process, the digital signature is applied using the Save ╰ TX Text Control .NET Server for ASP.NET
╰ TXTextControl Namespace
╰ SaveSettings Class
╰ DigitalSignature Property
Specifies a DigitalSignature object, which defines an X.509 certificate. property.
| public static void SignDocument() { | |
| using (ServerTextControl tx = new ServerTextControl()) { | |
| tx.Create(); | |
| // add dummy text | |
| tx.Text = "This is a signed document"; | |
| SaveSettings saveSettings = new SaveSettings(); | |
| // add digital signature to sign complete document | |
| saveSettings.DigitalSignature = new DigitalSignature( | |
| new System.Security.Cryptography.X509Certificates.X509Certificate2( | |
| "textcontrolself.pfx", "123"), null); | |
| // export to PDF | |
| tx.Save("signed_documents.pdf", StreamType.AdobePDF, saveSettings); | |
| } | |
| } |
The digital signature is recognized and an invisible signature field appears when the created PDF document is opened in Acrobat Reader.
Signing Signature Fields
Signature fields are predefined areas in a PDF document that are specifically designed to be used for signatures. Without affecting the rest of the document, signers can apply their digital signature to these fields. When a digital signature is applied to a signature field, it is bound only to that specific portion of the document. Changes to other parts of the document will not invalidate the signature as long as the signed portion remains unchanged.
When a document needs to be signed by multiple parties, signing specific fields makes it easier to track who signed and ensures that each signature is independently verifiable.
The second approach uses the Save ╰ TX Text Control .NET Server for ASP.NET
╰ TXTextControl Namespace
╰ SaveSettings Class
╰ SignatureFields Property
Specifies an array of DigitalSignature objects, each of which defines an X.509 certificate and is associated with a SignatureField in the document. property to apply a digital certificate to the signed electronic signature representation. This property specifies an array of Digital ╰ TX Text Control .NET Server for ASP.NET
╰ TXTextControl Namespace
╰ DigitalSignature Class
An instance of the DigitalSignature class represents an X.509 certificate which can be used to digitally sign a PDF or PDF/A document. objects, each of which defines an X.509 certificate and has an associated signature field in the document. A PDF or PDF/A file can be digitally signed with these certificates.
The code snippet below adds a signature field to a new document and adds an SVG image as a visual representation of the signature. The generated digital signature is associated with the signature field and then provided by the SaveSettings to export the document as an Adobe PDF document.
| public static void SignFields() { | |
| using (ServerTextControl tx = new ServerTextControl()) { | |
| tx.Create(); | |
| // create a signature field | |
| SignatureField signatureField = new SignatureField( | |
| new System.Drawing.Size(2000, 2000), "txsign", 10); | |
| // set image representation | |
| signatureField.Image = new SignatureImage("signature.svg", 0); | |
| // insert the field | |
| tx.SignatureFields.Add(signatureField, -1); | |
| // create a digital signature (for each field, if required) | |
| DigitalSignature digitalSignature = new DigitalSignature( | |
| new System.Security.Cryptography.X509Certificates.X509Certificate2( | |
| "textcontrolself.pfx", "123"), null, "txsign"); | |
| // apply the signatures to the SaveSettings | |
| SaveSettings saveSettings = new SaveSettings() { | |
| SignatureFields = new DigitalSignature[] { digitalSignature } | |
| }; | |
| // export to PDF | |
| tx.Save("signed_fields.pdf", StreamType.AdobePDF, saveSettings); | |
| } | |
| } |
When this document is loaded into Acrobat Reader, the signature field appears as a visual representation in the document. When you click the field, a dialog box appears confirming the validation status. In addition, the signature field name is displayed in the sidebar.
Choosing the Right Technique
When deciding between signing the entire document or using signature fields, consider the following factors.
When to sign the entire PDF:
- When the integrity of the entire document must be maintained for a single signer (entity).
- For documents where each piece of content must be authenticated for legal, regulatory or highly sensitive purposes.
- In scenarios where any change to the document must trigger the invalidation of the signature (e.g. contracts, financial agreements).
When to use signature fields:
- Multi-signature workflows where multiple parties must sign different areas of the document.
- When graphical representations of signatures are required.
Conclusion
There are two ways to sign a PDF document: Signing the entire document or signing specific signature fields. Full document signing ensures complete integrity and security, making it ideal for sensitive or critical documents. Signature fields, on the other hand, provide flexibility and are particularly useful for documents with multiple signatories or those that require ongoing changes. TX Text Control provides a powerful API for digitally signing PDF documents. Whether you need to sign the entire document or specific signature fields, TX Text Control offers a flexible and secure solution for adding digital signatures to your PDF files.
