{"id":15589792,"url":"https://github.com/spapas/pdf-sign-check","last_synced_at":"2025-06-20T01:05:04.841Z","repository":{"id":39956184,"uuid":"97094141","full_name":"spapas/pdf-sign-check","owner":"spapas","description":"A java / spring boot application to help you sign and check signed pdf documents","archived":false,"fork":false,"pushed_at":"2023-11-15T11:27:08.000Z","size":576,"stargazers_count":95,"open_issues_count":2,"forks_count":22,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-06-20T01:04:35.448Z","etag":null,"topics":["java","pdf","pdf-signature","pki","signature","spring","spring-boot","spring-mvc"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/spapas.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-07-13T07:37:43.000Z","updated_at":"2025-05-13T06:03:26.000Z","dependencies_parsed_at":"2024-10-11T19:11:47.158Z","dependency_job_id":"d86eb5c4-64a2-4ab0-8ad2-a76793514096","html_url":"https://github.com/spapas/pdf-sign-check","commit_stats":{"total_commits":85,"total_committers":3,"mean_commits":"28.333333333333332","dds":0.04705882352941182,"last_synced_commit":"aae3fe09351691eef395600cf7e81a8041d1251a"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/spapas/pdf-sign-check","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spapas%2Fpdf-sign-check","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spapas%2Fpdf-sign-check/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spapas%2Fpdf-sign-check/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spapas%2Fpdf-sign-check/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/spapas","download_url":"https://codeload.github.com/spapas/pdf-sign-check/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spapas%2Fpdf-sign-check/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":260857364,"owners_count":23073435,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["java","pdf","pdf-signature","pki","signature","spring","spring-boot","spring-mvc"],"created_at":"2024-10-02T23:09:49.347Z","updated_at":"2025-06-20T01:04:59.820Z","avatar_url":"https://github.com/spapas.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n# pdf-sign-check\nA java/spring boot application to help you *sign* and *check* your signed pdf documents. \nFor checking, you upload the PDF file and you'll get its signing information.\nFor signing, you upload the PDF file along with some parameters for the signature and\nyou'll get a digitally signed PDF (you need a proper certificate in a keystore to use this feature).\nFor more info on digital signing PDFs visit: https://developers.itextpdf.com/content/itext-7-digital-signatures-pdf. Please notice that this is a highly specialized app; if you need it, you'll know it!\n\n## Rationale for checks\n\nThe organization I work for is a heavy user of signed PDF documents mainly for verification, timestamping and non-repudiation. Actually, all the internal correspondence is done using signed PDF documents and also many internal applications use signed PDF documents confirm various actions. This application offers a REST API so that other apps can easily test if a document is properly signed or not (and get some of the details of the signature). A common workflow is the following:\n\n1. The user does some action in an Application X\n2. The Application X generates a PDF document/receipt of that action\n3. The user downloads the PDF document and signs it using his USB key\n4. The user uploads the signed PDF document\n5. Application X uses this project (pdf-sign-check) to make sure that the uploaded document is properly signed and has the correct details (for example signed by the correct user, some documents may need more than one signature etc)\n\nOne thing that may seem strange to people not familiar with digital signatures are steps 2-3-4: Why the user needs  to download the PDF document, sign it externally and re-upload it so it could be checked? Unfortunately signing PDF documents is possible only through client-side application (Adobe Acrobat, JSignPDF, custom client side apps etc) the whole download pdf — sign it — re-upload it is necessary.\n\n## Rationale for signing\n\nIt is actually possible to automatically digitally sign a document as a part of the workflow of a \nbusiness process\nso as to avoid the download-sign-upload-check steps I described earlier. The produced PDF document \nwill be signed by a global key that is owned by your Organization. To do that you need to \ncreate such a key and make sure that you have fixed the bureaucracy needed so as the documents\nthat are signed by this key will be valid. So now the flow will be:\n\n1. The user does some action in application A\n2. Application X generates a PDF document/receipt of that action\n3. Application X automatically uses this project (pdf-sign-check) to add a digital signature to the document\n4. The user downloads the signed document and can legally use it wherever he wishes\n\n## Installation\n\nThis is a spring boot application thus you should follow the instructions of the spring boot project: https://docs.spring.io/spring-boot/docs/current/reference/html/deployment.html. The app doesn't have any external dependencies like databases etc, you just upload the PDF and get the response, nothing is saved or triggered.\n\nYou can configure the listening port and the max file size using `src/main/resources/application.properties` (or by\noverriding these properties f.e like proposed here: https://spapas.github.io/2016/03/31/spring-boot-settings/).\n\nI recommend creating a config/application.properties that will be used to set\nsome properties that shouldn't be put under version control (for example your\nkeystore password or the api key)\n\nWe run this in production using the integration with init services in linux as proposed here: https://docs.spring.io/spring-boot/docs/current/reference/html/deployment.html#deployment-install.\nYou can create a standalone runnable `.jar` (just use `package.bat`) and copy it to the prod server. Then just create a soflink from\n/etc/init.d/signcheck -\u003e to your jar. You should then be able to run it as an .sh script for example:\n\n```\n[serafeim@prod ~]$ /etc/init.d/signcheck\nUsage: /etc/init.d/signcheck {start|stop|force-stop|restart|force-reload|status|run}\n```  \n\nActivate it to autorun on boot using the proper tool (f.e `chkconfig` on Centos).\n\n## Running it in development\n\nYou can run the project using maven:\n\n```\nmvn spring-boot:run -DaddResources=True\n```\n\nYou can then visit the application at http://127.0.0.1:8081 for check and\nhttp://127.0.0.1:8081/sign for signing\nto see the (really simple) \nweb interface or call it through the REST API. \nProperties can be configured through ``src/main/resources/application.properties``.\n\nCreate a test certificate for signing if needed:\n\n```\nopenssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes -subj /CN=MyHost.com\nopenssl pkcs12 -export -in cert.pem -inkey key.pem -out myfile.p12 -name \"Alias of cert\"\n```\n\n## Usage\n\nUsing the API:\n\n```\ncurl -X POST http://172.19.130.142:8081/ -F file=@test.pdf -F json=on\n```\nor with python requests:\n\n```\nr =  requests.post('http://localhost:8081', files = {'file': file.read(), }, data={'json': 'on'} )\n```\n\nOr just visit the site and use the web interface.\n\n## Signing Usage \n\nUsing the API:\n\n```\ncurl -X POST -F file=@..\\test.pdf -F apikey=123  -F \"visibleLine1=Digitally signed\" -F \"visibleLine2=\"MMAIP\" -F \"signName=MMAIP\" -F \"signReason=Identical Copy\" -F \"signLocation=Piraeus\"  http://127.0.0.1:8081/sign --output koko.pdf\n```\nor with python requests:\n\n```\npdf_content = requests.post('http://localhost:8081/sign', files = {'file': open(\"../test3.pdf\", \"rb\").read(), }, data={'visibleLine1': 'ΔΟκΙΜΗ ΤΕΣΤ', 'apikey': '123'} ).content\n```\n\n## Security\n\nPlease notice that checking pdf files is allowed by everybody. However, for signing you need to set a **very strong api key and be very careful about it.** If somebody gets your api key he'll be able to sign *any document* he wants with your organization's signature!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fspapas%2Fpdf-sign-check","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fspapas%2Fpdf-sign-check","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fspapas%2Fpdf-sign-check/lists"}