What is a PDF digital signature?

A PDF digital signature is a cryptographic mechanism that authenticates the identity of the signer and ensures the document hasn't been altered since it was signed. Unlike a simple image of a handwritten signature, a digital signature uses public key infrastructure (PKI) with X.509 certificates to provide mathematically verifiable proof of authenticity and integrity.

When someone digitally signs a PDF, the signing software creates a hash (digital fingerprint) of the document content, encrypts it with the signer's private key, and embeds this encrypted hash along with the signer's certificate into the PDF. Anyone can later verify the signature by decrypting the hash with the signer's public key and comparing it to a fresh hash of the document.

How do PDF signatures work?

PDF signatures follow the PKCS#7 (Public Key Cryptography Standards) format, also known as CMS (Cryptographic Message Syntax). The signature is stored in a dedicated signature dictionary within the PDF structure, containing:

  • ByteRange: Specifies which bytes of the PDF are covered by the signature
  • Contents: The actual PKCS#7 signature data in hexadecimal format
  • Certificate chain: One or more X.509 certificates that validate the signer's identity
  • Metadata: Optional information like signing reason, location, and timestamp

The certificate includes validity dates, and the signature can be verified to check if the certificate was valid at signing time and whether the document has been modified after signing.

Tool description

This tool analyzes PDF files to extract and display digital signature information without requiring any server upload. It parses the PDF structure directly in your browser to find all embedded signatures, reads the PKCS#7 signature data, extracts certificate details, and verifies document integrity by checking if the file has been modified after signing.

The tool provides a clear overview showing total signatures found, how many are valid, and detailed information about each signature including signer identity, signing date, certificate validity, and issuer information.

Features

  • Client-side processing: All analysis happens in your browser—your PDFs never leave your device
  • Certificate extraction: Reads X.509 certificates embedded in signatures including Common Name, Organization, and Country
  • Integrity verification: Detects if the PDF has been modified after signing by validating ByteRange coverage
  • Expiration checking: Identifies certificates that have expired based on their validity period
  • Multiple signature support: Handles PDFs with multiple signatures and displays each one separately

Use cases

  • Contract verification: Quickly check if a signed contract has valid signatures before accepting it
  • Legal document review: Verify the authenticity of digitally signed legal documents, court filings, or notarized PDFs
  • Invoice validation: Confirm that invoices from vendors have legitimate digital signatures
  • Audit compliance: Review signed documents for compliance audits where signature validity must be documented
  • Certificate inspection: Examine certificate details like issuer and validity dates for documents you've received