Embed a GPG Signature in a PDF File

Is it possible to embed GPG signatures in PDF files the way it can be done with X.509 signatures?

(I've been using JSignPDF to sign my invoices so far, but now the law has relaxed a bit, and it doesn't require X.509 anymore (just that I provide some guarantee of integrity and authenticity, for which, I figure, GPG should be enough). Now, I know I can use separate signatures, but I don't want to confuse my customers with why I'm sending them these *sig files.)


Partial answer:

The process of how X.509 signing works is described by Adobe in detail: A signature is just an additional object in the PDF file, which contains, among other element, the byte range for which the signature is made. Then

The signing process is as follows:

  1. A document to be signed is turned into a stream of bytes.
  2. The entire PDF file is written to disk with a suitably-sized space left for the signature value as well as with worst-case values in the ByteRange array. ByteRange is an array of four numbers. The first number in each pair is the offset in the file (from the beginning, starting from 0) of the beginning of a stream of bytes to be included in the hash. The second number is the length of that stream. The two pairs define two sequences of bytes that define what is to be hashed. The actual signature value is stored in the /Contents key between the end of the first sequence and the beginning of the second one. In Figure 4, the hash is calculated for bytes 0 through 839, and 960 through 1200.
  3. Once the location of the signature value is known in terms of offsets in the file, the ByteRange array is overwritten using the correct values. Because the byte offsets must not change, extra bytes following the new array statement are overwritten with zeros.
  4. The hash of the entire file is computed, using the bytes specified by the real ByteRange value using a hash algorithm such as SHA-256. Acrobat always computes the hash for a document signature over the entire PDF file, starting from byte 0 and ending with the last byte in the physical file, but excluding the signature value bytes.
  5. The hash value is encrypted with the signer’s private key and a hex-encoded PKCS#7 object signature object is generated.
  6. The signature object is placed in the file on disk, overwriting the placeholder /Contents value. Any space not used for the signature object is overwritten with zeros.
  7. The PDF file is re-loaded in Acrobat to ensure that the in-memory and on-disk versions are identical.

There is no reason why one shouldn't be able to do this with a gpg-calculated signature.

It should also be now obvious that embedding the signature doesn't "circumvent the general idea of document signing & verification", as mentioned in another answer.

However, I don't know any tools where such a process (and the corresponding signature checking) is already implemented and easily available. So for reasons of practicality (right now), it's probably to advisable to try this, if you are sending the signature to other people who need to deal with it.


don't think that it is possible ...because it circumvents the general idea of document signing & verification. see the GPG Manual - the signature is kept separately, simply because embedding it would modify the file and would therefore render the embedded signature invalid.

the closest command-line option might be gpg --clearsign.

also see the difference between --sign and --clearsign:

--clearsign creates data + signature where the data remains human readable. You need OpenPGP to verify the signature, but if you just need to read the text, you do not need any special software. The data is human-readable.

LibreOffice also seems to be able to sign PDF files.