PushToPost LogoPushToPost·Changelog
Feature

Digital Signature Tool: Client-Side PAdES-Compliant PDF Signing

TL;DR Snapshot

HonestPDF added a new Digital Signature tool that performs PAdES-compliant PKCS#7 PDF signing entirely in the browser using .pfx/.p12 certificates. SHA-256/RSA-2048 signing, ByteRange placeholder handling, WYSIWYG appearance editor, and full certificate chain embedding are all included. No document or certificate data is ever uploaded to a server.

Share this update

HonestPDF introduces a fully browser-based digital signature tool in this update, enabling PAdES-compliant PDF signing with zero file uploads.

TL;DR

Users can now sign PDF documents using their own .pfx or .p12 certificates directly in the browser. The entire PKCS#7 signing operation runs client-side using SHA-256 and RSA-2048, meaning signed documents never leave the user's device.

What's New

  • Browser-based digital signature tool: Sign PDFs with .pfx/.p12 certificate files without uploading documents to any server
  • PAdES-compliant PKCS#7 signatures: Detached signature format with SHA-256 hashing and RSA-2048 keys, compatible with professional and legal verification tools
  • Full certificate chain support: Embeds the complete chain from your .pfx/.p12 file into the signature for proper validation
  • ByteRange placeholder handling: Correct byte-range computation and placeholder insertion for spec-compliant signature containers
  • WYSIWYG appearance editor: Three signature appearance modes to choose from before committing the signature to the PDF:
    • Name-only
    • Detailed (includes date and signing reason)
    • Full certificate information
  • Appearance stream generation: Visual signature block rendered directly into the PDF as a proper appearance stream, not just metadata
  • Zero-upload privacy model: All cryptographic operations happen in the browser. No document data is transmitted to HonestPDF servers
  • 20-language support: Full native translations for the new tool shipped at launch

How to Use

  1. Open the Digital Signature tool at https://www.gethonestpdf.com/
  2. Upload your PDF (processed locally, never sent to a server)
  3. Load your .pfx or .p12 certificate file and enter the certificate password
  4. Choose a signature appearance mode and position the signature block on the page
  5. Click Sign. The signed PDF is generated in the browser and downloaded directly.

FAQ

Is this signature legally valid?

PAdES-compliant PKCS#7 signatures with SHA-256/RSA-2048 are accepted by PDF viewers and verification tools that support the PDF digital signature standard (ISO 32000). Legal validity depends on your jurisdiction and the certificate authority that issued your certificate.

Does HonestPDF ever see my certificate or my document?

No. Both the PDF and your .pfx/.p12 certificate file are loaded and processed entirely in your browser. Nothing is uploaded to HonestPDF servers at any point during the signing process.

What certificate formats are supported?

The tool accepts .pfx and .p12 certificate files, which are the standard PKCS#12 container format used by most certificate authorities and enterprise PKI systems.

Can I verify the signature after signing?

Yes. The output PDF contains a standard PAdES PKCS#7 detached signature that can be verified in Adobe Acrobat, Foxit, and other PDF readers that support digital signature validation.

View all HonestPDF updates