Sample code for 30+ languages & platforms
Pascal (Lazarus/Delphi)

Sign PDF using PAdES-Baseline-B

See more PDF Signatures Examples

PAdES-Baseline-B is the most basic, entry-level profile of the PDF Advanced Electronic Signatures (PAdES) standard.

It means:

  • A PDF contains a CMS/PKCS#7 detached signature over the document’s byte range.
  • /SubFilter must be ETSI.CAdES.detached.
  • The signer’s X.509 certificate is included inside the signature.
  • The signature uses recognized secure algorithms (e.g., SHA-256 with RSA/ECDSA).
  • It proves document integrity (no changes since signing) and signer authenticity (certificate identifies who signed).
  • It does not include time-stamps, revocation data (CRL/OCSP), or long-term validation information — those appear only in higher levels (PAdES-Baseline-T, -LT, -LTA).

In short: Baseline-B = a standard PDF digital signature that ensures integrity and origin, but without time or revocation guarantees.

Chilkat Pascal (Lazarus/Delphi) Downloads

Pascal (Lazarus/Delphi)
program ChilkatDemo;

// Demonstrates using the Chilkat Pascal wrapper via the C bridge DLL.
// Builds as a console application under Lazarus (FPC) or Delphi.

{$IFDEF FPC}
  {$MODE DELPHI}
{$ENDIF}
{$APPTYPE CONSOLE}

uses
  {$IFDEF UNIX}
  cthreads,
  {$ENDIF}
  SysUtils,
  CkDllLoader,
  Chilkat.Pdf,
  Chilkat.Cert,
  Chilkat.JsonObject;

// ---------------------------------------------------------------------------

procedure RunDemo;
var
  success: Boolean;
  pdf: TPdf;
  json: TJsonObject;
  cert: TCert;
  outFilePath: string;

begin
  success := False;

  pdf := TPdf.Create;

  //  Load a PDF to be signed.
  success := pdf.LoadFile('c:/someDir/my.pdf');
  if (success = False) then
    begin
      WriteLn(pdf.LastErrorText);
      Exit;
    end;

  //  Options for signing are specified in JSON.
  json := TJsonObject.Create;

  json.UpdateString('subFilter','/ETSI.CAdES.detached');
  json.UpdateBool('signingCertificateV2',True);
  json.UpdateBool('signingTime',True);
  json.UpdateString('signingAlgorithm','pkcs');
  json.UpdateString('hashAlgorithm','sha256');

  //  -----------------------------------------------------------
  //  The following JSON settings define the signature appearance.
  json.UpdateInt('page',1);
  json.UpdateString('appearance.y','top');
  json.UpdateString('appearance.x','left');
  json.UpdateString('appearance.fontScale','10.0');
  json.UpdateString('appearance.text[0]','Digitally signed by: cert_cn');
  json.UpdateString('appearance.text[1]','current_dt');
  json.UpdateString('appearance.text[2]','Hello 123 ABC');

  //  --------------------------------------------------------------
  //  Load the signing certificate. (Use your own certificate.)
  //  Note: There are other methods for using a certificate on an HSM (smartcard or token)
  //  or from other sources, such as a cloud HSM, a Windows installed certificate,
  //  or other file formats.
  cert := TCert.Create;
  success := cert.LoadPfxFile('c:/myPfxFiles/myPdfSigningCert.pfx','pfxPassword');
  if (success = False) then
    begin
      WriteLn(cert.LastErrorText);
      Exit;
    end;

  //  Once we have the certificate object, tell the PDF object to use it for signing
  success := pdf.SetSigningCert(cert);
  if (success = False) then
    begin
      WriteLn(pdf.LastErrorText);
      Exit;
    end;

  //  Sign the PDF, creating the output file.
  outFilePath := 'c:/someDir/mySigned.pdf';
  success := pdf.SignPdf(json,outFilePath);
  if (success = False) then
    begin
      WriteLn(pdf.LastErrorText);
      Exit;
    end;

  WriteLn('Success.');


  pdf.Free;
  json.Free;
  cert.Free;

end;

// ---------------------------------------------------------------------------

begin

  try
    RunDemo;
  except
    on E: Exception do
      WriteLn('Unhandled exception: ', E.ClassName, ': ', E.Message);
  end;

  WriteLn;
  {$IFDEF MSWINDOWS}
  WriteLn('Press Enter to exit...');
  ReadLn;
  {$ENDIF}
end.