PDF 2.0 defines a new filter (Adobe.PPKLite) and sub-filter (ETSI.CAdES.detached) for PAdES signatures, which are compliant with the European eIDAS regulation.
Support for PAdES was added in v2017R1 of Qoppa’s Java PDF libraries.
This sample shows how to add a PAdES signature to a PDF document using Qoppa’s Java PDF library jPDFSecure. It is easy to update this sample to work with jPDFProcess.
// Load the document PDFSecure pdfDoc = new PDFSecure ("input.pdf", null); // Load the keystore that contains the digital id to use in signing FileInputStream pkcs12Stream = new FileInputStream ("keystore.pfx"); KeyStore store = KeyStore.getInstance("PKCS12"); store.load(pkcs12Stream, "store_pwd".toCharArray()); pkcs12Stream.close(); // Create signing information SigningInformation signInfo = new SigningInformation (store, "key_alias", "key_pwd"); signInfo.setSignatureFormat(SigningInformation.FORMAT_PADES); // Create signature field on the first page Rectangle2D signBounds = new Rectangle2D.Double (36, 36, 144, 48); SignatureField signField = pdfDoc.addSignatureField(0, "signature", signBounds); // Apply digital signature pdfDoc.signDocument(signField, signInfo); // Save the document pdfDoc.saveDocument ("output.pdf");
Note 1: This sample is using a PCKS12 keystore but it could also be work with a PKCS11 keystore from a USB token.
Note 2: According to the CAdES specifications, you can either set the signing-certificate attribute OR the signing-certificate-v2 attribute. The former is used with SHA1 and the later can be used with SHA256 or other hashing algorithms. Our signing code creates the signing-certificate attribute and use SHA1.