PKCS#7 Signatures

PKCS#7 in PDF

PDF digital signatures use PKCS#7 (CMS) containers to embed the cryptographic signature value, signer certificate, and signing algorithm. The signature is stored in the PDF signature dictionary.

PKCS7SignedData

PKCS7SignedData represents a CMS SignedData structure. The factory method createDetached(privateKey, certificate, chain, digestAlgorithm, dataToSign) creates a detached signature container:

byte[] signedData = PKCS7SignedData.createDetached(
    privateKey, certificate, certChain,
    "SHA-256", dataBytes
);

PdfFileSignature

PdfFileSignature provides signing and verification operations on existing PDF documents, applying the signature to a designated signature field.

PdfSigner

PdfSigner provides the high-level signing workflow, combining signature field management with PKCS#7 container creation.

Signature Verification

Signature verification checks the cryptographic integrity of the signed data and validates the signer certificate chain against a trusted root.

See Also

• Aspose.PDF — Enterprise Documentation