Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/MatthiasValvekens/pyHanko
pyHanko: sign and stamp PDF files
https://github.com/MatthiasValvekens/pyHanko
digital-signature pades pdf pkcs11 signature
Last synced: 17 days ago
JSON representation
pyHanko: sign and stamp PDF files
- Host: GitHub
- URL: https://github.com/MatthiasValvekens/pyHanko
- Owner: MatthiasValvekens
- License: mit
- Created: 2020-08-06T12:48:43.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2024-05-21T20:07:29.000Z (7 months ago)
- Last Synced: 2024-05-28T12:57:18.064Z (7 months ago)
- Topics: digital-signature, pades, pdf, pkcs11, signature
- Language: Python
- Homepage:
- Size: 10.4 MB
- Stars: 448
- Watchers: 11
- Forks: 68
- Open Issues: 10
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- Funding: .github/FUNDING.yml
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Security: SECURITY.md
Awesome Lists containing this project
- awesome-starred - MatthiasValvekens/pyHanko - pyHanko: sign and stamp PDF files (others)
README
![pyHanko](docs/images/pyhanko-logo.svg)
![status](https://github.com/MatthiasValvekens/pyHanko/workflows/pytest/badge.svg)
![Codecov](https://img.shields.io/codecov/c/github/MatthiasValvekens/pyHanko)
![pypi](https://img.shields.io/pypi/v/pyHanko.svg)The lack of open-source CLI tooling to handle digitally signing and stamping PDF files was bothering me, so I went ahead and rolled my own.
*Note:* The working title of this project (and former name of the repository on GitHub) was `pdf-stamp`, which might still linger in some references.
*Note:* This project is currently in beta, and not yet production-ready.
### Documentation
The [documentation for pyHanko is hosted on ReadTheDocs](https://pyhanko.readthedocs.io/en/latest/)
and includes information on CLI usage, library usage, and API reference documentation derived from
inline docstrings.### Installing
PyHanko is hosted on [PyPI](https://pypi.org/project/pyHanko/),
and can be installed using `pip`:```bash
pip install 'pyHanko[pkcs11,image-support,opentype,xmp]'
```Depending on your shell, you might have to leave off the quotes:
```bash
pip install pyHanko[pkcs11,image-support,opentype,xmp]
```This `pip` invocation includes the optional dependencies required for PKCS#11, image handling and
OpenType/TrueType support.PyHanko requires Python 3.8 or later.
### Contributing
Do you have a question about pyHanko?
[Post it on the discussion forum][discussion-forum]!This project welcomes community contributions. If there's a feature you'd like
to have implemented, a bug you want to report, or if you're keen on
contributing in some other way: that's great! However, please make sure to
review the [contribution guidelines](CONTRIBUTING.md) before making your
contribution. When in doubt, [ask for help on the discussion board][discussion-forum].**Please do not ask for support on the issue tracker.** The issue tracker is for bug
reports and actionable feature requests. Questions related to pyHanko usage
and development should be asked in the [discussion forum][discussion-forum] instead.[discussion-forum]: https://github.com/MatthiasValvekens/pyHanko/discussions
### Features
The code in this repository functions both as a library and as a command-line tool.
Here is a short overview of the features.
Note that not all of these are necessarily exposed through the CLI.- Stamping
- Simple text-based stamps
- QR stamps
- Font can be monospaced, or embedded from a TTF/OTF font (requires `[opentype]` optional deps)
- Document preparation
- Add empty signature fields to existing PDFs
- Add seed values to signature fields, with or without constraints
- Manage document metadata
- Signing
* Option to use async signing API
- Signatures can be invisible, or with an appearance based on the stamping tools
- LTV-enabled signatures are supported
- PAdES baseline profiles B-B, B-T, B-LT and B-LTA are all supported.
- Adobe-style revocation info embedding is also supported.
- RFC 3161 timestamp server support
- Support for multiple signatures (all modifications are executed using incremental updates to
preserve cryptographic integrity)
- Supports RSA, DSA, ECDSA and EdDSA
- RSA padding modes: PKCS#1 v1.5 and RSASSA-PSS
- DSA
- ECDSA curves: anything supported by the `cryptography` library,
see [here](https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ec/#elliptic-curves).
- EdDSA: both Ed25519 and Ed448 are supported (in "pure" mode only, as per RFC 8419)
- Built-in support for PDF extensions defined in ISO/TS 32001 and ISO/TS 32002.
- PKCS#11 support
- Available both from the library and through the CLI
- Extra convenience wrapper for Belgian eID cards
- "Interrupted signing" mode for ease of integration with remote and/or interactive signing
processes.
- Signature validation
- Cryptographic integrity check
- Authentication through X.509 chain of trust validation
- LTV validation/sanity check (ad hoc)
- Difference analysis on files with multiple signatures and/or incremental
updates made after signing (experimental)
- Signature seed value constraint validation
- AdES validation (incubating)
- Encryption
- All encryption methods in PDF 2.0 are supported.
- Authenticated encryption via ISO/TS 32003 and 32004.
- In addition, we support a number of extra file encryption
modes of operation for the public-key security handler that are not
explicitly called out in the standard.
- RSAES-OAEP (does not appear to be widely supported in PDF tooling)
- ephemeral-static ECDH with X9.63 key derivation (supported by Acrobat)
- CLI & configuration
- YAML-based configuration (optional for most features)
- CLI based on `click`
- Available as `pyhanko` (when installed) or `python -m pyhanko` when running from
the source directory
- Built-in help: run `pyhanko --help` to get started### Some TODOs and known limitations
See the [known issues](https://pyhanko.readthedocs.io/en/latest/known-issues.html)
page in the documentation.### Acknowledgement
This repository includes code from `PyPDF2` (with both minor and major modifications); the original license has been included [here](pyhanko/pdf_utils/LICENSE.PyPDF2).
## License
MIT License, see [LICENSE](LICENSE).