Blog Post

Electronic Signatures in a PDF

Sam Fleder Richard Malloy
Illustration: Electronic Signatures in a PDF
Security PDF Signing

PDF documents are the accepted standard for legally binding documents in a digital format. PDFs are used to record major real estate deals, hire new employees, submit tax filings, and confirm payment for orders. For an app user to make a purchase, verify their identification, or confirm a receipt, developers are faced with a decision: Which type of electronic signature is needed?

ℹ️ Note: This article is not legal advice. If you have legal questions about electronic signatures, you should contact an attorney in your jurisdiction.

Why and When Is a Signature Needed?

Many countries have laws about what types of contracts require a signature. These can include land sales, long-term agreements, or purchases of goods above a certain cost. More broadly, a person’s signature is often used in a transaction to provide a sense of formality and confidence that the person signing “meant to do what they did,” and to create a reliable record of the transaction.

For centuries, pen (or quill!) and ink signatures were the accepted standard for confirming written agreements. At the beginning of the 21st century, many countries passed laws expressly recognizing the use of electronic records and electronic signatures to form legally binding, reliable contracts (eIDAS in the EU; UETA and ESIGN in the US; PIPEDA in Canada; IT Act in India). Article 3 of eIDAS defines an electronic signature as “data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.”

Software developers have come up with many different ways to confirm and verify a user’s intended action: button clicks, check boxes, freehand signatures or initials, and unique embedded digital certificates, just to name a few. The PSPDFKit framework provides developers with their choice of the two most popular signature options: “ink” electronic signatures, and certificate-based digital signatures.

Option 1: “Ink” Electronic Signatures

Ink signatures involve the user creating a freehand ink annotation using their fingertip, stylus, or mouse. Our Electronic Signatures component supports this input method, along with ability to generate signatures from text and scanned images. Signatures can be stored for repeated use.

Ink signatures are widely used in modern software solutions. Users can sign forms and contracts, initial document margins to confirm the content, and establish a record that an action was taken as intended. At PSPDFKit, we provide a user-friendly electronic signature solution for PDFs across multiple platforms, as shown below.

iOS

Web

Many countries have adopted laws that make ink electronic signatures on digital documents legally equivalent to traditional pen-and-ink signatures on physical paper. For example, the ESIGN Act in the US provides that an eSignature is valid as long as:

  1. The party consents to using an electronic record;

  2. The party intends to sign the record;

  3. The party’s signature is attached to or associated with the record; and

  4. The record is retained and can be produced if requested.

Even if you don’t plan to distribute your app in the US, these elements can be a helpful guideline when including ink signature functionality in your product. Our PSPDFKit framework makes it easy to add and store electronic signatures in a PDF either via our built-in UI or programmatically through the API.

Option 2: Certificate-Based Digital Signatures

A digital signature is an algorithm and encryption scheme that establishes the authenticity of a digital document. Essentially, a digital signature acts as a fingerprint that is unique to each user. It verifies the signer’s identity, ensures the signer cannot deny having signed the record, and confirms that the record was not altered in transit. Digital signature usage is increasing in popularity across many different software categories, and although it was originally utilized only in formal, complex legal contracts and banking transactions, the ease of use and decreasing cost barriers to digital signatures are resulting in a much wider utilization of this more secure option.

The PDF specification provides for creation and verification of cryptographically-secure digital signatures through public key infrastructure (PKI), which provides a secure and reliable system of managing and exchanging digital certificates. This system uses a hashing algorithm to generate two long numerical keys: one public and one private. The signing party’s private key is used to create and encrypt a digital signature hash when the PDF is signed, and the hash matches the signed PDF. Often, the digital signature is marked with additional metadata, such as the date and time of signature, the IP address, the speed of signing, and biometric data like method of input, pressure sensitivity, and touch radius.

To ensure that both the document and the keys are valid and secure, third-party organizations called certificate authorities (CAs) issue digital certificates and ensure key security. CAs are vetted and approved by government regulators and/or are accepted within certain industries. The issued certificate includes the public key for a digital signature and confirms that the key belongs to the signing party. CAs issue time-limited certificates. Both the signing party and the receiving/verifying party must use the same CA for a given PDF.

Within your app, a digital signature can be applied to a PDF by means of a registered user inputting an ink signature and password and uploading a certificate. PSPDFKit’s digital signature functionality is easy and intuitive for users — below is an example in iOS.

iOS

PSPDFKit supports the PDF 1.7/2.0 digital signature specification; RSA and ECDSA signing algorithms; and MD4, MD5, and SHA-2 (SHA-224, SHA-256, SHA-384, SHA-512, SHA-512-256) hashing algorithms.

Our frameworks make it easy to add plug-and-play digital signature functionality into your app. Click here for a detailed walkthrough of how to integrate PSPDFKit’s Digital Signatures feature.

Option 3: Signatures in Blood on Musty Parchment

As an alternative to ink and digital signatures, this solution was predominantly used by highway thieves and pirates in the 18th century. It is highly disfavored in the modern era, and it is not supported by PSPDFKit frameworks. 😉

Conclusion

There are many reasons to require a user’s signature within your app. It is critical to understand the distinctions between ink electronic signatures and certificate-based digital signatures when designing your screen flow, function, and backend.

For hand-drawn signatures and initialing, ink signatures are the right choice, and they’re easily implemented with our Electronic Signatures component. When unique, encrypted signature verification is required, use our Digital Signatures component to ensure compliance and reliability.

Check out our detailed developer guides for iOS, Android, Web, and Windows for more information. You can try all of our frameworks free for 60 days to see what works best for your app. When you’re ready to move forward, contact our Sales team for licensing and pricing information. And if you run into any issues, our developers are always available to answer questions and provide technical support!

Related Products
Digital Signatures Electronic Signatures
Share Post
Free 60-Day Trial Try PSPDFKit in your app today.
Free Trial

Related Articles

Explore more
CUSTOMER STORIES  |  Security • Case Study

Case Study: How Govenda Uses PSPDFKit to Optimize Board Member Experience and Efficiency

CUSTOMER STORIES  |  Security • Signing • Case Study

Case Study: How Sysmosoft Uses PSPDFKit to Offer Qualified Electronic Signatures

TUTORIALS  |  Android • Kotlin • Security • Signing • PDF • How To

Digital Signing on Android