Valid signature

MyPDFSigner provides extensions for PHP, Ruby and Python. The extensions are only available for Linux. Please contact KryptoKoder if you need extensions for a different OS.

Install the PHP|Ruby|Python extension (Fedora|Ubuntu):

$ sudo dnf install mypdfsigner-[php|ruby|python]-3.1.5-1.x86_64.rpm

$ sudo gdebi mypdfsigner-[php|ruby|python]_3.1.5-1_amd64.deb

Test a script from the command line:

$ [php|ruby|python] /usr/local/mypdfsigner/tests/test.[php|rb|py]

Check /tmp/example-signed-[php|ruby|python].pdf.

There are further examples in the /usr/local/mypdfsigner/tests/ directory. The test-json.[php|rb|py] example shows how to use json notation to build a configuration file on the fly, and the test-external.[php|rb|py] examples shows how to sign a PDF by having a signature created as an external step, possibly by a remote third party application.

You can also quickly play with the MyPDFSigner extensions in a Docker container by running the kryptokoder/mypdfsigner-[php|python-ruby]:latest image as shown below.

PS C:\> dir .\docker-demo\


    Directory: C:\docker-demo


Mode                 LastWriteTime         Length Name
----                 -------------         ------ ----
-a----         15-Feb-21   6:03 PM         196769 example-signed.pdf


PS C:\> docker run -v C:\docker-demo:/tmp -it kryptokoder/mypdfsigner-php:latest /bin/bash
root@d06baeb4a296:/# php /usr/local/mypdfsigner/tests/test.php
0#Document signed
0#Document signature verified [Signer: MyPDFSigner Test]
root@d06baeb4a296:/# exit
exit
PS C:\> docker run -v C:\docker-demo:/tmp -it kryptokoder/mypdfsigner-python:latest /bin/bash
root@de911130db8a:/# python3 /usr/local/mypdfsigner/tests/test.py
0#Document signed
0#Document signature verified [Signer: MyPDFSigner Test]
root@de911130db8a:/# exit
exit
PS C:\> docker run -v C:\docker-demo:/tmp -it kryptokoder/mypdfsigner-ruby:latest /bin/bash
root@a2cc80b8f060:/# ruby /usr/local/mypdfsigner/tests/test.rb
0#Document signed
0#Document signature verified [Signer: MyPDFSigner Test]
root@a2cc80b8f060:/# exit
exit
PS C:\> dir .\docker-demo\


    Directory: C:\docker-demo


Mode                 LastWriteTime         Length Name
----                 -------------         ------ ----
-a----         15-Feb-21   6:10 PM         196958 example-signed-php.pdf
-a----         15-Feb-21   6:11 PM         196976 example-signed-python.pdf
-a----         15-Feb-21   6:11 PM         196965 example-signed-ruby.pdf
-a----         15-Feb-21   6:03 PM         196769 example-signed.pdf


PS C:\>

The list of functions provided by MtPDFSigner is shown below. Depending on the scripting language used they should be prepended either with mypdfsigner. or mypdfsigner_. The arguments, which are self explanatory, are always strings, except for visible, certify and timestamp, which are boolean. The return values are strings, that can be tokenized to retrieve values that may be fed into other functions.

get_signer_info(conffile)

sign(input, output, password, location, reason, visible, certify, timestamp, conffile)

add_metadata_sign(input, output, password, location, reason, visible, certify, timestamp, title, author, subject, keywords, conffile)

prepare_signature(input, output, password, location, reason, visible, certify, signername, certsn, conffile)

add_metadata_prepare_signature(input, output, password, location, reason, visible, certify, signername, certsn, title, author, subject, keywords, conffile)

create_signature(hash, timestamp, conffile)

apply_signature(output, signature)

add_ltv(input, output, conffile)

verify(input, conffile)

The test directory of the installation includes a couple of examples that show how to use these functions and what return values to expect.

PHP Example

<?php
$inputPDF = "/usr/local/mypdfsigner/tests/example.pdf";
$outputPDF = "/tmp/example-signed-php.pdf";
$password = ""; # if non empty document will also be encrypted
$location = "PHP Location";
$reason = "PHP Reason";
$visible = TRUE;
$certify = TRUE;
$timestamp = TRUE;
$title = "PHP Title";
$author = "PHP Author";
$subject = "PHP Subject";
$keywords = "PHP Keywords";
$confFile = "/usr/local/mypdfsigner/tests/mypdfsigner.conf";

$signResult = mypdfsigner_add_metadata_sign($inputPDF, $outputPDF, $password, $location, $reason, $visible, $certify, $timestamp, $title, $author, $subject, $keywords, $confFile);
echo $signResult . "\n";
$verifyResult = mypdfsigner_verify($outputPDF, $confFile);
echo $verifyResult . "\n";
?> 

Ruby Example

require 'mypdfsigner'
include MyPDFSigner

inputPath = "/usr/local/mypdfsigner/tests/example.pdf"
outputPath = "/tmp/example-signed-ruby.pdf"
password = "" # if non empty document will also be encrypted
location = "Ruby Location"
reason = "Ruby Reason"
visible = true
certify = true
timestamp = true
title = "Ruby Title"
author = "Ruby Author"
subject = "Ruby Subject"
keywords = "Ruby Keywords"
confFile = "/usr/local/mypdfsigner/tests/mypdfsigner.conf"

signResult = mypdfsigner_add_metadata_sign(inputPath, outputPath, password, location, reason, visible, certify, timestamp, title, author, subject, keywords, confFile)
puts signResult
verifyResult = mypdfsigner_verify(outputPath, confFile)
puts verifyResult

Python Example

import mypdfsigner

inputPath = "/usr/local/mypdfsigner/tests/example.pdf"
outputPath = "/tmp/example-signed-python.pdf"
password = "" # if non empty document will also be encrypted
location = "Python Location"
reason = "Python Reason"
visible = True
certify = True
timestamp = True
title = "Python Title"
author = "Python Author"
subject = "Python subject"
keywords = "Python keywords"
confFile = "/usr/local/mypdfsigner/tests/mypdfsigner.conf"

signResult = mypdfsigner.add_metadata_sign(inputPath, outputPath, password, location, reason, visible, certify, timestamp, title, author, subject, keywords, confFile)
print signResult
verifyResult = mypdfsigner.verify(outputPath, confFile)
print verifyResult

Note that although the path to the configuration file can be passed as an argument of the sign function, that approach is not recommended if using PKCS#11 key stores. Instead it is recommended that the configuration file is saved to the default location (/usr/local/mypdfsigner/mypdfsigner.conf) and an empty argument is passed to the sign function. This has the benefit that the registration of the PKCS#11 engine happens at startup time (i.e., when the web server starts) and the cleanup happens at shutdown time (when the web server shuts down). This issue is not relevant if using the command line or if using a PKCS#12 key store.