Digital PDF Signatures

In this short guide, I will show you how to apply a digital signature to a PDF document with the PDF Writer.

Get a Certificate

Before you can sign anything, you need to get a certificate. Certificates for digital signatures are normally issued by a limited number of companies, who are certified to do this. Ordering certificates from these companies often cost anywhere from $10 to $1000 depending on the type of certificate you need.

You can also make your own certificate if you like and I recommend that you do that for testing the procedure described in this short guide. Please go to www.pdfpowertool.com to create a test certificate.

Place your certificate in a folder on your computer. I have placed my test certificate in C:\Certificates\Test.pfx.

Digital Certificate

Using the Signature

You can open the printer options from the start menu and go to the signature tab. Here you can specify a file name for your signature file. Remember to also set your signature password as shown below.

Signature Options

Modifying the Configuration Files

As an alternative to the options dialog mentioned above, you can also set the the values for the signing certificate in one of the configuration files that the PDF Writer use. I will show you how to do this.

With the certificate in place, you just need to modify one of the configuration files that control the printer. If you are controlling the printer using the API then you are most likely writing the runonce.ini. In this example, I will use the global.ini to apply my signature.

Locate your global.ini and edit it in Notepad. You need to set two values. The first one is SignCertificate that tells the PDF Writer, which certificate to use. The second one is SignPassword that holds the password for the certificate.

[PDF Printer]
SignCertificate=C:\Certificates\test.pfx
SignPassword=test

Save the changes and make a print to the PDF Writer.

The Result

In my test I just printed a simple text from Notepad.

Adobe Signature Has Problems

Open the signature panel to see the signature.

Adobe Signature Panel

Visible Signatures

The example above did not have a signature that was visible in the document itself. It only made the Adobe Reader show that the document was signed. You can use a set of additional signature settings to make the signature visible in the PDF document.

Try adding the following information to your global.ini.

[PDF Printer]
SignCertificate=C:\Certificates\test.pfx
SignPassword=test
ShowSignature=yes
SignReason=Test Signature
SignLocation=My Office
SignLLX=10
SignLLY=10
SignRUX=300
SignRUY=100
SignPage=1

Print a new PDF document and check the signature at the bottom of page 1. If your certificate is trusted then it will look something like this:

Valid Visible Signature

Use the Certificate Store

The program can also use certificates from the computer's certificate store. Signing with a certificate from the certificate store is very similar to using a certificate in a file.

Instead of setting the SignCertificate and SignPassword you need to use the following settings:

SignThumbprint	Certificates that can sign your documents have a property named Thumbprint. The thumbprint is a code that uniquely identifies the certificate within the store.
SignStoreName	The certificate store contains a set of certificate folders. Each of these folders contains a set of installed certificates. When you try to locate a certificate, you need to tell in which folder the certificate is stored. Valid folder names are `AddressBook, AuthRoot, CertificateAuthority, Disallowed, My (default), Root, TrustedPeople, TrustedPublisher`.
SignStoreLocation	On the computer, you can find certificate stores for the current user and the local machine. Normally you want to access the user's personal certificates. In that case, you can set the SignStoreLocation to `CurrentUser`. This is the default setting, which means that it will assume this location if you omit this setting. In case you want to access certificates for the local machine, you can set the SignStoreLocation to `LocalMachine`.

SignStoreName and SignStoreLocation are optional settings and can be left blank if you want to use the default values.

Additional Information

More information on certificates.