11

Recently, i tried to generate pdf by nodejs.

And i finally found the PDFKit.

That library is doing well,but i need to implement the part of digital signature.

But most of implementation are for JAVA or C# like iText or VersyPDF.

Plz give me some suggestion...thx

user2820045
  • 137
  • 1
  • 1
  • 3
  • In general, this site isn't for asking someone else to do the work for you. You should at the very least state what you have tried and explain why what you thought would work, didn't. – thtsigma Sep 26 '13 at 16:12
  • @thtsigma Sorry, it's my first time to ask question at stackoverflow. I am doing a project , and i need to sign a invoice pdf to ensure that pdf is signed by legal. I just want to find someone who has the related experiences. Thank you for correcting me. – user2820045 Sep 29 '13 at 10:20
  • did you find solution? – Mirodil Apr 23 '16 at 01:39

1 Answers1

17

I am currently working on the node-signpdf npm package (at the moment of writing this answer the version is 0.0.3). A readable snippet of PDF generation and signing can be seen in the test code.

I know this answer comes years after the original question but I had pretty hard time figuring all this out so hope this answer helps someone.

Valery
  • 715
  • 6
  • 19
  • Do you have a good references on the certificate requirements in general? Maybe I have the use-case confused. If I was trying to implement a PDF "signature" step on something like a web checkout page, would this library help accomplish that? It seems like the certificate would need to be owned by the "signee" to be able to verify them, but that doesn't really make sense... – NSjonas Jun 22 '20 at 20:47
  • @NSjonas, what are you willing to sign? Who is signing? Store or customer? I can imagine both scenarios. – Valery Jun 23 '20 at 09:16
  • valery, sorry should have clarified. In my scenario, the "signee" (user on website) would be signing an pdf contract with the owner of the site. Essentially what a service like Docusign provides (if the certificate is suppose to identify the signee, how does Docusign even do this?). – NSjonas Jun 23 '20 at 15:29
  • 1
    Verifying the signature is a standalone process. The verification confirms that the document was not altered since it was created. Verifying that you trust the signer is another story. In Adobe Reader you would see "Signature valid but author unknown" and then you would need to add the author to the list of trusted identities. That is, I think, basically what you want to do as well. I imagine either the user has already given you their public key or you have some other means of verification. You may be trusting their certificate issuer for example... – Valery Jun 24 '20 at 07:29
  • got it, just to clarify further... Your repo shows how to "digitally sign" the document so that it cannot be tampered with. Will self signed-certificates work or does it need to be CA issued ? Also, I assume there is nothing in your code about actually putting a written hand signature on the document. Guessing that should just be done by just adding an image before digitally signing it? – NSjonas Jun 24 '20 at 08:08
  • 2
    All true. Self-signer or CA-issued doesn't matter. You will get a signed document. How much you trust the signer, as I already wrote is another issue. So, if you trust self-signed cers, it is OK for you. And yes - visual signature is just an visual in the PDF. It gives no cryptgraphic value but may be fancy in combination with a digital signature. Good luck! – Valery Jun 24 '20 at 21:27