Chilkat.Pdf Class Overview

Chilkat.Pdf provides PDF operations focused on digital signatures, embedded files, metadata, signature verification, and long-term validation support. It can load PDFs from files or memory, inspect page/signature/attachment counts, sign PDFs with visible or invisible signatures, add embedded files, extract embedded files, update XMP metadata, verify signatures, retrieve signer certificates, inspect DSS information, and add LTV verification information.

What the Class Is Used For

Use Chilkat.Pdf when an application needs to work with PDF signatures, certification signatures, embedded files, metadata, and verification information. The class is especially useful for signing workflows, countersigning existing PDFs, adding PDF/A-3-style attachments, extracting embedded files, and validating digital signatures.

Load and Inspect PDFs Open a PDF from a file or BinData, then inspect page count, embedded file count, and signature count.
Digitally Sign PDFs Sign with a certificate and private key, add visible signature appearance, request timestamp tokens, and create LTV-enabled signatures.
Verify Signatures Verify existing PDF signatures, retrieve signature details, and access the signer certificate.
Manage Attachments and Metadata Add or extract embedded files and read or update XMP metadata.

Typical Workflow: Load and Inspect a PDF

  1. Create a Pdf object.
  2. If the PDF is password protected, set UserPassword or OwnerPassword before loading.
  3. Load the PDF with LoadFile or LoadBd.
  4. Inspect NumPages, NumSignatures, NumEmbeddedFiles, and HasCertificationSig.
  5. Use specialized methods such as GetMetadata, GetUnsignedSigFields, GetEmbeddedFileInfo, or GetDss as needed.
  6. Check LastErrorText after failures or unexpected behavior.

Typical Workflow: Sign a PDF

  1. Load the PDF with LoadFile or LoadBd.
  2. Set the signing certificate with SetSigningCert or set both certificate and private key with SetSigningCert2.
  3. Optionally call AddSigningCert when a single signing operation should use multiple certificates.
  4. Optionally call SetHttpObj if TSA, OCSP, proxy, or LTV-related HTTP settings are needed.
  5. Optionally call SetSignatureJpeg if a custom JPG should appear in the visible signature.
  6. Build the signature options in a JsonObject, including placement, appearance, reason, location, timestamp, LTV, DocMDP, or field-selection options.
  7. Call SignPdf to write a signed PDF file, or SignPdfBd to write the signed PDF to BinData.
Signing requirement: PDF signing requires both a certificate and the corresponding private key. The private key may be implicit when the certificate came from a PFX containing the private key, or when the certificate and private key are installed on Windows.

Core Concepts

Concept Meaning Important Members
Loaded PDF Most operations act on the currently open PDF loaded into the Pdf object. LoadFile, LoadBd
Approval Signature A normal PDF signature. A PDF can contain any number of approval signatures. SignPdf, VerifySignature, NumSignatures
Certification Signature A certifying signature. A PDF can contain only one certification signature, and it must be the first signature in the document. HasCertificationSig, lockAfterSigning, docMDP.add
Visible Signature Appearance Optional signature rectangle containing text and/or graphics. appearance.*, SetSignatureJpeg
Invisible Signature A digital signature with no visual appearance on a page. invisibleSignature
DSS / LTV Long-term validation information stored in the PDF Document Security Store, including certificates, OCSP responses, and CRL information. AddVerificationInfo, GetDss, ltvOcsp
Embedded Files Files attached inside the PDF. AddEmbeddedFiles, GetEmbeddedFileInfo, GetEmbeddedFileBd

Loading and Password Properties

Member Purpose Guidance
LoadFile Loads a PDF file into the object in memory. Call before inspecting, signing, verifying, embedding, or updating metadata.
LoadBd Loads a PDF from a BinData object. Use when the PDF is already in memory.
UserPassword User password for opening a protected PDF, if required. Set before loading a password-protected PDF when the user password is needed.
OwnerPassword Owner password for the PDF, if required. Set before loading when owner-level access is needed.

Inspection Properties

Property Meaning Use Case
NumPages Number of pages in the currently open PDF. Use when selecting a page for visible signature placement.
NumSignatures Number of digital signatures in the currently open PDF. Use to iterate signatures with VerifySignature, GetSignatureContent, or GetSignerCert.
NumEmbeddedFiles Number of embedded files in the currently open PDF. Use to iterate attachments with GetEmbeddedFileInfo and GetEmbeddedFileBd.
HasCertificationSig True if the currently open PDF has a certification signature. Use before deciding whether to certify, countersign, or inspect document permissions.
LastErrorText Diagnostic information for the last method or property access. Check after failures or unexpected behavior. Diagnostic information may be available regardless of success or failure.

Embedded Files

Method / Property Purpose Important Details
AddEmbeddedFiles Embeds one or more files and writes the updated PDF to a file. The input JSON contains an array of file objects. On success, the updated PDF is written to outFilePath.
AddEmbeddedFilesBd Same as AddEmbeddedFiles, but writes the updated PDF to BinData. Use for memory-based workflows.
NumEmbeddedFiles Number of embedded files in the open PDF. Indexing begins at 0.
GetEmbeddedFileInfo Gets information about the Nth embedded file. Returns information in a JsonObject.
GetEmbeddedFileBd Extracts the Nth embedded file into BinData. The first embedded file is at index 0.
AddEmbeddedFiles JSON Member Required? Purpose
localFilePath Required Local file to embed in the PDF.
description Required Short description of the embedded file.
subType Optional MIME type such as application/xml or text/plain. If omitted, Chilkat chooses based on file extension.
embeddedFilename Optional Name to use inside the PDF when different from the local filename.
AFRelationship Optional Relationship of the embedded file. Possible values include Source, Data, Alternative, Supplement, and Unspecified. Default is Alternative.

Metadata

Method Purpose Output / Behavior
GetMetadata Retrieves XMP metadata XML from the open PDF. Loads metadata XML into a StringBuilder and returns true if metadata exists. If no metadata exists, clears the StringBuilder and returns false.
UpdateMetadata Updates or adds XMP metadata. Writes the updated PDF to a file.
UpdateMetadataBd Updates or adds XMP metadata. Writes the updated PDF to BinData.
Document Info during signing: The signing JSON can also include info.* members to add or update values in the PDF document’s /Info dictionary, such as Creator, Producer, Title, and custom names. Chilkat ignores ModDate and CreationDate in this area because ModDate is automatically set and CreationDate should not change.

Signing Certificate Setup

Method Purpose Use When
SetSigningCert Specifies the certificate used for signing. Use when the certificate implicitly provides access to the private key, such as from a PFX containing the private key or a Windows-installed certificate with associated private key.
SetSigningCert2 Specifies both certificate and private key for signing. Use when the private key is supplied separately from the certificate.
AddSigningCert Adds a certificate for a single signing operation with multiple certificates. Call once per certificate. This is different from signing once, then signing again later with another certificate.

PDF Signing Methods

Method Output Purpose
SignPdf Signed PDF file. Signs the open PDF according to JSON options and writes the result to an output file path.
SignPdfBd Signed PDF in BinData. Same as SignPdf, but writes the signed PDF to memory.
SetSignatureJpeg Signature appearance image. Sets custom JPG data for use when appearance.image is custom-jpg. JPG must be Baseline, not Progressive.
SetHttpObj HTTP object for TSA/OCSP communication. Use when timestamp authority requests, OCSP requests, proxies, or custom HTTP timeouts/settings are needed.
Signature allocation: SigAllocateSize defaults to 15000 and is usually left unchanged. Increase it only if signing fails with a message indicating that not enough space was allocated for the PDF signature.

Important Signing JSON Option Groups

Option Group Examples Purpose
Signature placement page, appearance.x, appearance.y, appearance.width, appearance.height Controls where the visible signature appears. The page value is 1-based.
Unsigned signature fields appearance.fillUnsignedSignatureField, unsignedSignatureField Signs an existing unsigned signature field and optionally chooses the field by name.
Visible appearance appearance.text[i], appearance.fontScale, appearance.image, appearance.imagePlacement, appearance.imageOpacity Controls text, font size, image, placement, and opacity for visible signatures.
Invisible signature invisibleSignature Creates a signature without a visible annotation.
Signature metadata reason, location, contactInfo, legalAttestation, sigTextLabel Adds signer-related descriptive information.
Certification / DocMDP lockAfterSigning, docMDP.add, docMDP.accessPermissions Creates a certifying signature and controls permitted document changes.
Cryptographic options signingAlgorithm, hashAlgorithm, subFilter, embedCertChain, includeRootCert Controls RSA padding, PSS hash algorithm, PDF signature subfilter, and certificate-chain inclusion.
Authenticated attributes signingCertificateV2, signingTime Adds common CMS authenticated attributes. These are desired in most cases.
Timestamp token timestampToken.enabled, timestampToken.tsaUrl, timestampToken.tsaUsername, timestampToken.tsaPassword, timestampToken.bearerToken, timestampToken.requestTsaCert Requests a timestamp token from a TSA server and includes it in the signature’s authenticated attributes.
LTV / DSS ltvOcsp, noDss Controls LTV-enabled signing and whether the Document Security Store is added.
PDF document info info.* Adds or updates entries in the PDF document’s /Info dictionary.

DocMDP Access Permission Levels

Value Permission Level Effect
1 No changes permitted. Any changes invalidate the signature.
2 Forms, page templates, and signing. Allows filling forms, instantiating page templates, and signing.
3 Level 2 plus annotations. Same as level 2, and also allows annotation creation, deletion, and modification.
Certification signature: To create a certifying signature, specify both lockAfterSigning and docMDP.add. The default DocMDP permission level is 2.

Signature Appearance Text Keywords

Each visible signature text line can be supplied in appearance.text[i]. The text may contain keywords that Chilkat replaces with certificate details or current date/time values.

Keyword Group Examples Replacement Value
Certificate subject cert_cn, cert_dn, cert_email, cert_organization, cert_ou Fields from the signing certificate subject.
Certificate issuer and identity cert_issuer_cn, cert_serial_dec, cert_serial_hex, cert_thumbprint Issuer name, serial number, and certificate thumbprint values.
Certificate location details cert_country, cert_state, cert_locality Geographic fields from the certificate subject.
Current date/time current_datetime, current_dt, current_rfc822_dt_gmt, current_rfc822_dt_local, current_timestamp_gmt, current_timestamp_local Current local or GMT date/time in different formats.

Verification, Signer Certificates, and Signature Content

Method / Property Purpose Important Details
NumSignatures Number of signatures in the currently open PDF. Signature indexing begins at 0.
VerifySignature Verifies the Nth signature in the PDF. Populates a JsonObject with information about the validated or unvalidated signature.
GetSignerCert Retrieves the signer certificate after calling VerifySignature. Use the same signature index that was passed to VerifySignature.
GetSignatureContent Returns the CMS signature for the Nth PDF signature. Loads the CMS signature into BinData.
GetLastJsonData Provides detailed JSON about what happened in the last method call when available. Useful after signature verification to inspect algorithms used during verification.

Unsigned Signature Fields

Member Purpose Use Case
GetUnsignedSigFields Returns JSON containing the names of unsigned signature fields found in the PDF. Use before signing a specific pre-existing signature field.
appearance.fillUnsignedSignatureField Tells Chilkat to sign an existing unsigned signature field. Chilkat automatically scales the visual appearance to fit the existing field.
unsignedSignatureField Specifies the unsigned signature field name to use. If omitted, the first available unsigned field is used.

DSS and Long-Term Validation

Method / Option Purpose Important Details
AddVerificationInfo Adds LTV verification information and writes the updated PDF to a file. Creates or updates the PDF’s DSS with needed certificates, OCSP responses, and CRL information. Pass an empty JSON object for options.
GetDss Retrieves the contents of the PDF Document Security Store. Returns DSS information as JSON. If no DSS exists, returns an empty JSON object.
SetHttpObj Supplies HTTP settings for TSA and OCSP communication. Use when proxies, timeouts, or other HTTP settings are needed for timestamp or OCSP requests.
ltvOcsp Signature option for creating an LTV-enabled signature. Requests OCSP-related LTV behavior during signing.
noDss Signature option to prevent adding a DSS. Use only when a DSS should not be added during signing.

Uncommon Options and Signature Allocation

Member Purpose Guidance
SigAllocateSize Space allocated for the PDF signature. Default is 15000. Leave unchanged unless signing fails and LastErrorText says not enough signature space was allocated.
UncommonOptions Comma-separated keywords for uncommon PDF writing or countersigning needs. Normally empty. Set only when a documented option is required.
Uncommon Option Behavior
WriteStandardXref When writing the PDF, writes the cross-reference section in standard non-compressed format if possible.
NO_VERIFY_CERT_SIGNATURES When countersigning, skips certificate validation for existing signatures. This can be useful when existing signatures validate but needed chain certificates are not embedded or otherwise available.

Method Summary by Category

Category Methods / Properties Purpose
Load PDF LoadFile, LoadBd, UserPassword, OwnerPassword Open PDFs from files or memory, including password-protected PDFs.
Inspect PDF NumPages, NumSignatures, NumEmbeddedFiles, HasCertificationSig Inspect page, signature, attachment, and certification-signature status.
Embedded files AddEmbeddedFiles, AddEmbeddedFilesBd, GetEmbeddedFileInfo, GetEmbeddedFileBd Add, inspect, and extract files embedded in a PDF.
Metadata GetMetadata, UpdateMetadata, UpdateMetadataBd Read, update, or insert XMP metadata.
Signing setup SetSigningCert, SetSigningCert2, AddSigningCert, SetSignatureJpeg, SetHttpObj Configure certificate, private key, visual signature image, and HTTP support for TSA/OCSP/LTV operations.
Sign PDF SignPdf, SignPdfBd Apply a visible, invisible, approval, or certifying digital signature.
Verify signatures VerifySignature, GetSignerCert, GetSignatureContent, GetLastJsonData Verify signatures, retrieve signer certificates, extract CMS signature content, and inspect verification details.
LTV / DSS AddVerificationInfo, GetDss Add or inspect Document Security Store information for long-term validation.
Unsigned fields GetUnsignedSigFields Find unsigned signature field names before filling a specific field.

Diagnostics and Troubleshooting

Problem Area Member What to Check
PDF fails to load LoadFile, LoadBd, UserPassword, OwnerPassword Confirm the file or memory data is a valid PDF and set any required PDF password before loading.
Signing fails because of missing private key SetSigningCert, SetSigningCert2 Ensure the signing certificate has access to the corresponding private key, or explicitly provide the private key with SetSigningCert2.
Signing fails because signature allocation is too small SigAllocateSize Increase the allocation size if LastErrorText reports that not enough space was allocated for the PDF signature.
Custom JPG does not appear in signature SetSignatureJpeg, appearance.image Use a Baseline JPG and set appearance.image to custom-jpg.
Timestamp or OCSP request fails SetHttpObj, timestampToken.*, ltvOcsp Configure the HTTP object for proxies, timeouts, or authentication needed by the TSA or OCSP endpoints.
Need to sign a specific empty signature field GetUnsignedSigFields, unsignedSignatureField, appearance.fillUnsignedSignatureField List unsigned fields first, then choose the desired field by name in the signing JSON.
Signature verification fails or gives unexpected results VerifySignature, GetLastJsonData, GetSignerCert Inspect the signature info JSON, last JSON data, and signer certificate where available.
Countersigning fails because existing cert-chain validation is incomplete NO_VERIFY_CERT_SIGNATURES Use this uncommon option only when existing signatures are otherwise valid but required chain certificates are missing or unavailable.
Need operation details after failure LastErrorText Check diagnostic text after failed or unexpected load, sign, verify, embedded-file, metadata, LTV, DSS, TSA, or OCSP operations.

Common Pitfalls

Pitfall Better Approach
Trying to sign without access to the private key. Use SetSigningCert2 when the private key is not implicitly available from the certificate.
Confusing approval signatures and certification signatures. Use a normal approval signature unless the PDF should be certified and locked. A PDF can have many approval signatures but only one certification signature, and it must be first.
Using zero-based page numbering in signing options. The page option for signature placement uses page 1 as the first page.
Using one-based indexing for signatures or embedded files. Signature and embedded-file indexes begin at 0.
Expecting GetSignerCert to work before verification. Call VerifySignature first, then call GetSignerCert with the same index.
Using a Progressive JPG for the custom signature image. Use a Baseline JPG for SetSignatureJpeg.
Assuming all PDFs already contain a DSS. Use GetDss to check. If no DSS exists, an empty JSON object is returned.
Skipping LastErrorText after a failed PDF operation. PDF signing and verification failures often require diagnostic details from LastErrorText.

Best Practices

Recommendation Reason
Inspect the PDF before modifying it. NumPages, NumSignatures, NumEmbeddedFiles, and HasCertificationSig help determine the correct workflow.
Use SetSigningCert2 when certificate and private key are separate. It makes the signing credentials explicit and avoids private-key lookup ambiguity.
Use GetUnsignedSigFields before signing an existing field. It helps avoid accidentally signing the wrong unsigned signature field.
Use SetHttpObj for timestamping and LTV workflows. TSA and OCSP requests may require proxies, authentication, or custom timeout settings.
Use AddVerificationInfo when LTV material needs to be added after signing. It creates or updates the DSS with certificates, OCSP responses, and CRL information.
Use BinData methods for memory-only workflows. LoadBd, SignPdfBd, AddEmbeddedFilesBd, and UpdateMetadataBd avoid intermediate files.
Keep UncommonOptions empty unless a documented edge case applies. These options alter lower-level behavior and should be used deliberately.
Check LastErrorText and GetLastJsonData when troubleshooting. LastErrorText gives diagnostic text, while GetLastJsonData can provide structured details for some operations, such as signature verification.

Summary

Chilkat.Pdf is the Chilkat class for PDF signing, signature verification, embedded files, metadata, and LTV/DSS-related operations. It can load PDFs from files or memory, inspect pages, signatures, and attachments, add embedded files, update metadata, configure signing certificates and private keys, create visible or invisible signatures, certify and lock PDFs, request timestamp tokens, verify existing signatures, retrieve signer certificates, inspect or add DSS information, and write updated PDFs to files or BinData.

The most important practical guidance is to load the PDF first, set passwords when required, ensure the signing certificate has access to the private key, use the signing JSON to control appearance and signature behavior, remember that page numbers are 1-based while signature and embedded-file indexes are 0-based, and inspect LastErrorText whenever a PDF operation fails or behaves unexpectedly.