Sample code for 30+ languages & platforms
AutoIt

Sign PDF using PAdES-Baseline-B

See more PDF Signatures Examples

PAdES-Baseline-B is the most basic, entry-level profile of the PDF Advanced Electronic Signatures (PAdES) standard.

It means:

  • A PDF contains a CMS/PKCS#7 detached signature over the document’s byte range.
  • /SubFilter must be ETSI.CAdES.detached.
  • The signer’s X.509 certificate is included inside the signature.
  • The signature uses recognized secure algorithms (e.g., SHA-256 with RSA/ECDSA).
  • It proves document integrity (no changes since signing) and signer authenticity (certificate identifies who signed).
  • It does not include time-stamps, revocation data (CRL/OCSP), or long-term validation information — those appear only in higher levels (PAdES-Baseline-T, -LT, -LTA).

In short: Baseline-B = a standard PDF digital signature that ensures integrity and origin, but without time or revocation guarantees.

Chilkat AutoIt Downloads

AutoIt
Local $bSuccess = False

$oPdf = ObjCreate("Chilkat.Pdf")

; Load a PDF to be signed.
$bSuccess = $oPdf.LoadFile("c:/someDir/my.pdf")
If ($bSuccess = False) Then
    ConsoleWrite($oPdf.LastErrorText & @CRLF)
    Exit
EndIf

; Options for signing are specified in JSON.
$oJson = ObjCreate("Chilkat.JsonObject")

$oJson.UpdateString("subFilter","/ETSI.CAdES.detached")
$oJson.UpdateBool("signingCertificateV2",True)
$oJson.UpdateBool("signingTime",True)
$oJson.UpdateString("signingAlgorithm","pkcs")
$oJson.UpdateString("hashAlgorithm","sha256")

; -----------------------------------------------------------
; The following JSON settings define the signature appearance.
$oJson.UpdateInt("page",1)
$oJson.UpdateString("appearance.y","top")
$oJson.UpdateString("appearance.x","left")
$oJson.UpdateString("appearance.fontScale","10.0")
$oJson.UpdateString("appearance.text[0]","Digitally signed by: cert_cn")
$oJson.UpdateString("appearance.text[1]","current_dt")
$oJson.UpdateString("appearance.text[2]","Hello 123 ABC")

; --------------------------------------------------------------
; Load the signing certificate. (Use your own certificate.)
; Note: There are other methods for using a certificate on an HSM (smartcard or token)
; or from other sources, such as a cloud HSM, a Windows installed certificate,
; or other file formats.
$oCert = ObjCreate("Chilkat.Cert")
$bSuccess = $oCert.LoadPfxFile("c:/myPfxFiles/myPdfSigningCert.pfx","pfxPassword")
If ($bSuccess = False) Then
    ConsoleWrite($oCert.LastErrorText & @CRLF)
    Exit
EndIf

; Once we have the certificate object, tell the PDF object to use it for signing
$bSuccess = $oPdf.SetSigningCert($oCert)
If ($bSuccess = False) Then
    ConsoleWrite($oPdf.LastErrorText & @CRLF)
    Exit
EndIf

; Sign the PDF, creating the output file.
Local $sOutFilePath = "c:/someDir/mySigned.pdf"
$bSuccess = $oPdf.SignPdf($oJson,$sOutFilePath)
If ($bSuccess = False) Then
    ConsoleWrite($oPdf.LastErrorText & @CRLF)
    Exit
EndIf

ConsoleWrite("Success." & @CRLF)