GitHub - open-pdf-sign/open-pdf-sign: Digitally sign PDF files from your command...
source link: https://github.com/open-pdf-sign/open-pdf-sign
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
open-pdf-sign
The open-pdf-sign
CLI application allows to
easily sign PDF files from the commandline. Signatures
can be invisible or visible, and visible signatures can be
customized.
Features
- Visible PDF signature in PDF (multi language support)
- Invoke via CLI or via starting a server
- Supported Signature type: PAdES
- Supported Signature profiles:
- BASELINE-B
- BASELINE-T
- To be evaluated: BASELINE-LT, BASELINE-LTA
Get Started
Download the latest jar archive from the GitHub releases page or in your terminal:
curl -L https://github.com/open-pdf-sign/open-pdf-sign/releases/latest/download/open-pdf-sign.jar -o open-pdf-sign.jar
Make sure that Java is installed in at least version 8.
java -jar open-pdf-sign.jar -i input.pdf -o output.pdf -c certificate.crt -k keyfile.pem -p key_passphrase --page -1 --locale de-AT
Usage:
Options:
-b, --binary
binary output of PDF
Default: false
-c, --certificate
certificate (chain) to be used
--config
use a configuration file
--hint
text to be displayed in signature field
--host
run as server with the given hostname
--image
Image to be placed in signature block
-i, --input
input pdf file
-k, --key
signature key file or keystore
--left
X coordinate of the signature block in cm
Default: 1.0
-l, --locale
Locale, e.g. de-AT
-o, --output
output pdf file
--page
Page where the signature block should be placed. [-1] for last page
-p, --passphrase
passphrase for the signature key or keystore
--port
run as server with the given port
Default: 8090
--timestamp
include signed timestamp
Default: false
--timezone
use specific timezone for time info, e.g. Europe/Vienna
--top
Y coordinate of the signature block in cm
Default: 1.0
--tsa
use specific time stamping authority as source (if multiple given, will
be used in given order as fallback)
Default: []
--width
width of the signature block in cm
Default: 10.0
Usage with Let's Encrypt certificates
PDFs can also be signed using your existing Let's Encrypt certificate.
java -jar open-pdf-sign.jar -i input.pdf -o output.pdf \
-c /etc/letsencrypt/live/openpdfsign.org/fullchain.pem \
-k /etc/letsencrypt/live/openpdfsign.org/privkey.pem
Visible signatures
If the page
parameter is specified, a visible signature
will be placed on the specified page. For example, running
java -jar open-pdf-sign.jar -i input.pdf -o output.pdf \
-c certificate.crt \
-k key.pem \
--page -1 --logo mylogo.png \
--hint "You can check the validity at signaturpruefung.gv.at"
will place a visible signature looking similar to the image below
on the last page (-1
) of the PDF document.
Usage in server mode
You can also run open-pdf-sign as a server application in order to
only load certificates once and easily integrate it in applications where
CLI invocations are not possible. Simply add the --port
or --hostname
parameters, e.g.
java -jar open-pdf-sign.jar -i input.pdf -o output.pdf \
-c /etc/letsencrypt/live/openpdfsign.org/fullchain.pem \
-k /etc/letsencrypt/live/openpdfsign.org/privkey.pem
--port 8090 --hostname 127.0.0.1
Then, PDFs can be signed via the specified /pdf
endpoint:
curl --location --request POST 'http://localhost:8090/' \
--header 'Content-Type: application/json' \
--data-raw '{
"input": "/path/to/pdf.pdf"
}'
Using a config file
Instead of CLI parameters, you can also submit a configuration file with the same parameters and the possibility to lead multiple keys, as shown in this example
java -jar open-pdf-sign.jar --config /path/to/config.yaml
Development
Requirements
- Maven (https://maven.apache.org/)
Build
mvn package
License
This project is licensed under the Apache 2.0-License.
The code contained in the org/openpdfsign/dss subfolder
extends and modifies code from the dss project which is licensed under the LGPL-2.1 license.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK