Digital Signing
Digital signing adds cryptographic seals to PDF documents that prove:
- Who signed it — the signer's identity is embedded in the signature
- When it was signed — a trusted timestamp records the exact signing time
- Integrity — any change to the document after signing invalidates the signature
The app implements Advanced Electronic Signatures (AES) under the EU eIDAS regulation, using the PAdES format — the EU standard for signed PDFs.
Legal standing
AES signatures have strong evidential value in the EU. They are legally binding and the signer must prove invalidity if challenged. For regulated industries (veterinary prescriptions under EU 2019/6, financial agreements, signed contracts), AES meets the "signature or equivalent electronic identification" requirement.
How signing works
Your organisation runs its own Certificate Authority (CA). The CA issues an X.509 certificate to each signer. When a signer signs a document, their private key produces a cryptographic signature embedded into the PDF.
| Component | What it does |
|---|---|
| Your CA | Issues certificates to signers. The CA's public cert goes to parties that need to verify signatures (pharmacies, counterparties). |
| Signer's Certificate | Contains name, organisation, identifier (e.g. license number), and public key. Default validity: 2 years. |
| Signed PDF | PAdES-format PDF with embedded signature. Verifiable with the CA certificate. |
| Timestamp Authority | External free service (Sectigo) providing cryptographic proof of signing time. |
The signing flow
- Signer opens a submitted document and clicks Sign Document
- Signer enters a 2FA code from an authenticator app
- The system generates the PDF from the print format
- PDF is signed with the signer's private key and timestamped
- Signed PDF replaces the original on the document
- Audit log entry created (who, when, IP, certificate serial)
- Signer receives a confirmation email
PAdES signature levels
Four standardised levels supported — see Signature Levels for the full comparison. The recommended default is PAdES-B-T (signature + timestamp).
Where to start
- New here? Continue with Getting Started
- Daily signing: Sign a Document
- Onboarding new signers: Signers & Certificates
- Verifying signatures: Verifying a Signature