/ 
PDF-Make-0.02
/ PDF::Make::Signature

NAME

PDF::Make::Signature - Digital signature support for PDF documents

SYNOPSIS

use PDF::Make;

my $pdf = PDF::Make->new();
$pdf->page;
$pdf->text("Signed Document", 100, 700);

# Load signing identity from PKCS#12 file
my $identity = PDF::Make::Signature->load_identity(
    file     => 'signer.p12',
    password => 'secret'
);

# Sign the document
my $signed_pdf = $pdf->sign(
    identity => $identity,
    reason   => 'Document approval',
    location => 'New York, NY',
    contact  => 'signer@example.com'
);

# Write signed PDF
open my $fh, '>', 'signed.pdf' or die;
binmode $fh;
print $fh $signed_pdf;
close $fh;

# Verify a signature
my $result = PDF::Make::Signature->verify(
    file => 'signed.pdf'
);

if ($result->is_valid) {
    print "Signature is valid\n";
    print "Signed by: ", $result->signer_name, "\n";
    print "Signed at: ", $result->signing_time, "\n";
}

DESCRIPTION

PDF::Make::Signature provides digital signature capabilities for PDF documents, implementing the signature format specified in ISO 32000-2:2020 §12.8.

Features:

  • RSA and ECDSA signatures with SHA-256/384/512

  • PKCS#7 detached signature format (adbe.pkcs7.detached)

  • Certificate chain embedding

  • Signature verification

  • Visual and invisible signature fields

  • Certification signatures (MDP)

CLASS METHODS

load_identity

Load a signing identity from a PKCS#12 file or separate key/certificate files.

# From PKCS#12
my $identity = PDF::Make::Signature->load_identity(
    file     => 'signer.p12',
    password => 'secret'
);

# From separate files
my $identity = PDF::Make::Signature->load_identity(
    key_file  => 'private.pem',
    cert_file => 'cert.pem',
    chain_file => 'chain.pem',  # optional
    password  => 'keypass'      # for encrypted keys
);

Returns a PDF::Make::SigningIdentity object.

verify

Verify a digital signature in a PDF file.

my $result = PDF::Make::Signature->verify(
    file  => 'signed.pdf',
    index => 0,  # optional, signature field index (default: 0)
);

# Or verify from bytes
my $result = PDF::Make::Signature->verify(
    data => $pdf_bytes,
);

Returns a PDF::Make::SignatureResult object.

count_signatures

Count the number of signature fields in a PDF.

my $count = PDF::Make::Signature->count_signatures(
    file => 'document.pdf'
);

INSTANCE METHODS (for PDF::Make documents)

These methods are called on PDF::Make document objects.

sign

Sign the document with a digital signature.

my $signed_pdf = $pdf->sign(
    identity => $identity,
    
    # Optional metadata
    reason   => 'Document approval',
    location => 'New York, NY',
    contact  => 'signer@example.com',
    name     => 'John Doe',  # default: from certificate
    
    # Signature options
    hash     => 'sha256',  # sha256, sha384, sha512
    
    # Certification (MDP) - makes this a certification signature
    certify  => 0,  # 0=none, 1=no changes, 2=form fill, 3=annotate
    
    # Visual signature (optional)
    visible  => 0,  # default: invisible signature
    page     => 1,  # page number for visible signature
    rect     => [100, 100, 300, 200],  # signature rectangle
    
    # Timestamp (optional)
    timestamp_url => 'http://timestamp.example.com/tsa',
);

Returns the signed PDF as bytes.

add_signature_field

Add a signature field to the document (without signing).

my $field = $pdf->add_signature_field(
    name    => 'Signature1',
    page    => 1,
    rect    => [100, 100, 300, 200],
);

This creates an unsigned signature field that can be signed later.

NAME

PDF::Make::SigningIdentity - Signing key and certificate pair

DESCRIPTION

Represents a signing identity consisting of a private key and certificate chain.

NAME

PDF::Make::SignatureResult - Signature verification result

DESCRIPTION

Represents the result of signature verification.

NAME

PDF::Make::Certificate - X.509 certificate wrapper

DESCRIPTION

Represents an X.509 certificate for digital signatures.

SIGNATURE FORMAT

PDF::Make::Signature implements the adbe.pkcs7.detached signature format, which is the recommended format for PDF signatures per ISO 32000-2:2020.

The signature is a PKCS#7 SignedData structure containing:

  • Signer certificate and chain

  • Signed attributes (content type, message digest, signing time)

  • RSA or ECDSA signature

  • Optional timestamp token (RFC 3161)

CERTIFICATION SIGNATURES

Certification signatures (MDP - Modification Detection and Prevention) can restrict what changes are allowed after signing:

MDP_NO_CHANGES (1) - No changes allowed
MDP_FORM_FILL (2) - Form filling and signing allowed
MDP_ANNOTATE (3) - Annotations, form fill, and signing allowed

Only the first signature in a document can be a certification signature.

SEE ALSO

PDF::Make, PDF::Make::Form

ISO 32000-2:2020 §12.8 - Digital Signatures

RFC 5652 - Cryptographic Message Syntax (CMS)

AUTHOR

LNATION <email@lnation.org>

LICENSE

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

1 POD Error

The following errors were encountered while parsing the POD:

Around line 54:

Non-ASCII character seen before =encoding in '§12.8.'. Assuming UTF-8