< Signatures />

Signatures with teeth.

Cryptographic signatures inside ERPNext. eIDAS-aligned Advanced Electronic Signatures (AES), PAdES format, tamper-evident, signed straight from the document.

Book a free consultation

Signed PDF

AGREEMENT-2026-0042.pdf

Signed by

Authorised signatory

11 May 2026 · 14:23 CEST

PAdES-B-T · Trusted timestamp

An ‘e-signature’ that’s just a typed name is not a signature.

Most ‘digital’ signatures in business software are a picture of someone’s name pasted onto a PDF. The moment a counterparty disputes it, you have nothing. AES signatures embed the signer’s identity and a tamper proof into the file itself — provable, legally binding under eIDAS, and survive years in an archive.

What you get

Sign any document, prove who signed it, years later.

eIDAS-aligned AES signatures

Advanced Electronic Signatures with strong evidential value across the EU. Each signer has their own X.509 certificate issued by your own private CA.

Trusted timestamp on every sign

PAdES-B-T embeds a trusted-TSA timestamp at signing time. If the certificate is revoked later, you can still prove the signature pre-dated the revocation.

Sign any DocType

Plug the signing flow into any ERPNext document — agreements, prescriptions, work orders, certificates. The PDF gets signed; the source document gets a link.

Tamper-evident, by design

The signature embeds a hash of the file. Any edit after signing — even a single comma — invalidates the signature when verified.

2FA-protected signing

Every signing event requires a second factor (TOTP) before the private key is unlocked. Compromised passwords don’t let an attacker sign on your behalf.

Full audit log

Every signature is logged: who, what, when, from where, which signature level. Exportable as evidence for compliance reviews or disputes.

How a signature happens

Open the document. Confirm with 2FA. Done.

Open the document

Click ‘Sign’ on any signable ERPNext document. The PDF is generated from your print format.

Confirm identity

Enter your 2FA code. Your private key unlocks for this signing event only.

Signature applied

The signature, certificate, and trusted timestamp embed into the PDF (PAdES-B-T or B-LT).

Logged & sealed

An audit entry records the signing. The PDF is stored, the source DocType links to it.

Built for

Where signatures need to actually mean something.

Regulated industries

Veterinary prescriptions under EU Regulation 2019/6, healthcare consent forms, certificates of conformity — anywhere a regulator may ask for proof of who signed.

Long-lived contracts

Service agreements, employment contracts, NDAs. PAdES-B-LT keeps the proof valid for years offline, no need to ask any server.

Internal approvals at scale

Purchase orders, expense approvals, change requests. Replace ‘please reply with your approval’ with a real signed audit trail.

Under the hood

Your own CA. Your own keys. No third-party lock-in.

We run a private Certificate Authority for you and issue each signer their own X.509 certificate. Signing uses pyHanko to embed the signature in the PDF as PAdES-B-T or B-LT, with a trusted Time Stamp Authority for the timestamp. Keys stay on the signer’s device, protected by 2FA. The code is open source — you can audit every step, and you own the CA forever.