PDF Signing Tool is a TypeScript-based Node.js application designed as a demonstration of digitally signing PDF documents using the node-forge library, utilizing various sources for the digital certificate such as the Azure Key Vault, PEM certificates, or P12 (PFX) certificates. While the actual signing is performed using node-forge, this project includes significant contributions from the @signpdf/signpdf and pdf-lib projects.
- Sign PDF documents using an Azure Key Vault certificate.
- Sign PDF documents using a PEM certificate.
- Sign PDF documents using a P12 certificate.
- Customizable signature options including signer info and page positioning.
This project demonstrates PDF signing using the node-forge library, with particular focus on asynchronous signing via external providers. In the same spirit as the @signpdf project, the goal is to synthesize a number of concepts into working code. The project is written in TypeScript to enhance clarity and readability.
The core ideas are contained within the sign directory. The remainder of the code serves as a wrapper, enabling use as a command-line tool.
This project incorporates functionality and examples from the node-forge, @signpdf/signpdf, and pdf-lib projects. It also benefits from key insights from discussions within their respective issue trackers. Additionally, various online resources about digital signing were instrumental in clarifying the PDF signing process. Below is a list of resources and discussions that were particularly useful:
- Digital Signatures in a PDF - A white paper by Adobe Systems.
- Digital Signatures for PDF documents - A white paper by Bruno Lowagie (iText Software).
- e-Signature standards - e-Signature standards from the European Commission.
- Support asynchronous key signing (and other methods) - A discussion on the
node-forgeissue tracker about asynchronous signing, including sample code. - Create a pkcs#7 signature with a pkcs#11 token - A discussion on the
node-forgeissue tracker regarding signing with a PKCS#11 token. - Sign PDF with external service returning signature + certificate from hash (no private key access) - A discussion on the
@signpdf/signpdfissue tracker about asynchronous signing. - How to create a byte-range for a digital signature - A discussion on the
pdf-libissue tracker that provides a template for creating a PDF 1.7 compliant signature placeholder. - How to digitally sign a PDF programmatically using Javascript/Node.js - An article by Richard Oliver Bray that provided the starting point for this project.
Before you begin, ensure you have met the following requirements:
- Node.js installed on your system.
- Access to Azure Key Vault if using Key Vault signing.
- PEM or P12 certificates if using PEM or P12 signing methods.
To install PDF Signing Tool, follow these steps:
- Clone the repository to your local machine.
- Navigate to the cloned directory.
- Install the dependencies using npm:
npm install- Build the TypeScript files to JavaScript using the build script:
npm run buildTo configure the application, you will need to set up the .env file and the app-settings.json file.
Create a .env file in the root directory of the project with the following content:
APP_SETTINGS_FILE=config/app-settings.jsonCreate a app-settings.json file in the specified directory (e.g., config/) with the following structure. Adjust the content as necessary:
{
"app": {
"name": "PDF Signing Tool",
"version": "1.0.0"
},
"logger": {
"directory": "logs",
"file": "pdf-sign.log"
},
"azureKeyVault": {
"vaultName": "xxxx",
"tenantId": "xxxx",
"clientId": "xxxx",
"clientCertificateFile": "path/to/azure-cert.pem",
"clientSecret": "xxxx",
"certificateName": "xxxx",
"certificateFullChainName": "xxxx"
},
"pemCertificate": {
"fullChainPath": "/path/to/fullchain.pem",
"keyPath": "/path/to/privkey.pem"
},
"p12Certificate": {
"path": "/path/to/cert.p12",
"password": ""
},
"signatureOptions": {
"name": "xxxx",
"location": "xxxx",
"contact": "xxxx@xxxx.com",
"reason": "xxxx",
"fontSize": 5,
"xPosition": 420,
"yPosition": 745,
"width": 180,
"height": 35
}
}The PDF Signing Tool provides a command-line interface to control the signing process. To use, start the application with the following command:
npm start -- [options] <pdfPath>Or alternatively, build then run using the following commands:
npm run build
node dist/main [options] <pdfPath>Options:
--keyvault: Use Azure Key Vault for signing the PDF.--pem: Use a PEM certificate for signing the PDF.--p12: Use a P12 certificate for signing the PDF.
Example:
node dist/main --keyvault --pem /path/to/document.pdfThis project is primarily a demonstration of extending the capabilities of the node-forge library to include asynchronous signing and integration with external signing providers such as Azure KeyVault. It is not intended for active development or contributions. You are welcome to fork the project, adapt the code, and use it in your own projects under the terms of the license. There is no expectation of future updates or contributions back to this repository.
PDF Signing Tool is open-sourced under the MIT License. See the LICENSE file for more details. This project includes code from libraries that are under their own licenses:
node-forge- BSD or GPL-2.0 License@signpdf/utils- MIT Licensepdf-lib- MIT Licensewinston- MIT Licensedotenv- BSD-2-Clause License- Microsoft Azure libraries - MIT License
When using this project, please ensure that you comply with the respective licenses of these libraries. The BSD License has been chosen for node-forge to avoid the copyleft restrictions of the GPL.
This project was made possible by incorporating functionality and examples from the node-forge, @signpdf/signpdf, and pdf-lib projects, alongside insights from their issue tracker discussions which were crucial for implementing asynchronous signing and integrating external signing providers.
The Medium article by Richard Oliver Bray also provided a foundational starting point that helped to frame the initial problem and suggested an approach.
Stephen Lee