Handwritten Digital Signatures

It's always been possible to digitally sign a PDF with our PDF Viewer, but the appearance of those signatures leaves a bit to be desired - the X.500 name is all very well, but it just doesn't look like a signature.

If this has kept you awake at night, we have good news. The new SignatureCapture feature will capture a handwritten signature from a touchscreen device and store it in the Java KeyStore; and the next time you sign a PDF with that identity, the signature will be displayed.

This is a little complex to explain, so here's a video to demonstrate this exciting new feature.

How does it work

When you click the "Capture Written Signature" button, the PDFViewer starts a very simple webserver and displays a QR-Code with its URL. Snap that URL with a QR-Code scanner on your iPad, iPhone or Android device and it will load a web page containing a signature box, into which you sign (using a stylus for best results) and submit. Our PDFViewer then shuts down the webserver, and saves the signature shape into the KeyStore.

Then the next time you apply a Digital Signature in the PDF Viewer, it will use that handwritten signature as the appearance.

That's the mechanism, and it depends on a few things.

  1. You need a touchscreen device with a camera and barcode reader, and it needs to be able to connect to the computer running the PDFViewer. Usually this means they're all on the same wireless LAN and that the viewer isn't behind a firewall, but it's possible to specify the host/port if necessary. The webserver is about 100 lines of code at the end of the SignatureCapture class, and we think it's secure - given it's opening a network socket we'd encourage you to look through it to satisfy yourself.
  2. Second, the KeyStore needs to be able to store the signature, which we're storing as a SecretKey. The default JKS keystore can't handle these, so if you're using a JKS KeyStore we'll prompt you to upgrade it to the newer JCEKS format. You can also store SecretKeys in a PKCS#11 KeyStore, but not PKCS#12.
  3. When you sign the PDF you need to sign into a blank signature field.
  4. Finally, to do any of this you need to explicitly enable the SignatureCapture feature - it's not enabled by default, as this feature won't be for useful for everyone. You can do this in an applet by adding
    <param name="feature.SignatureCapture" value="true" />
    or by adding a new SignatureCapture feature to the list of features passed in to the PDFViewer constructor.