PDF 2.0 defines a new filter (Adobe.PPKLite) and sub-filter (ETSI.CAdES.detached) for PAdES signatures, which are compliant with the European eIDAS regulation.

Support for PAdES was added in v2017R1 of Qoppa’s Java PDF libraries.

This sample shows how to add a PAdES signature to a PDF document using Qoppa’s Java PDF library jPDFSecure. It is easy to update this sample to work with jPDFProcess.

// Load the document
PDFSecure pdfDoc = new PDFSecure ("input.pdf", null);
// Load the keystore that contains the digital id to use in signing
FileInputStream pkcs12Stream = new FileInputStream ("keystore.pfx");
KeyStore store = KeyStore.getInstance("PKCS12");
store.load(pkcs12Stream, "store_pwd".toCharArray());
// Create signing information
SigningInformation signInfo = new SigningInformation (store, "key_alias", "key_pwd");
// Create signature field on the first page
Rectangle2D signBounds = new Rectangle2D.Double (36, 36, 144, 48);
SignatureField signField = pdfDoc.addSignatureField(0, "signature", signBounds);
// Apply digital signature
pdfDoc.signDocument(signField, signInfo);
// Save the document
pdfDoc.saveDocument ("output.pdf");

Note 1: This sample is using a PCKS12 keystore but it could also be work with a PKCS11 keystore from a USB token.

Note 2: According to the CAdES specifications, you can either set the signing-certificate attribute OR the signing-certificate-v2 attribute. The former is used with SHA1 and the later can be used with SHA256 or other hashing algorithms. Our signing code creates the signing-certificate attribute and use SHA1.