A Go-native PDF signing library, on top of pdfcpu.
Currently, the only implemented signature handler is Adobe PKCS#7 detached (CMS) which is by far the most widely used one.
package main
import (
"crypto"
"log"
"time"
pdfcpusign "github.com/agcom/pdfcpu-sign"
"github.com/agcom/pdfcpu-sign/testutils"
)
func main() {
pvKey, _, cert := testutils.GenKert()
sigHandler := pdfcpusign.NewAdobePkcs7DetachedSigHandler(pvKey, cert, nil, crypto.SHA256)
err := pdfcpusign.SignFile(
sigHandler,
"./_samples/minimal.pdf", "./_samples/minimal-signed.pdf",
(&pdfcpusign.SignInfo{
Type: pdfcpusign.SignTypeCert,
DocMdp: pdfcpusign.DocMdpPermNoChanges,
SignerInfo: &pdfcpusign.SignerInfo{
Name: "Alireza",
Location: "Earth",
Reason: "Test",
ContactInfo: "[email protected]",
Time: time.Now(),
},
}).ToSig(),
)
if err != nil {
log.Fatalf("Sign PDF failed: %s.\n", err)
}
}There is an API application at /cmds/api that utilizes keys over a PKCS#11 interface.