A scribbled signature image and a cryptographic PAdES signature look the same in a PDF viewer — but legally and technically they're worlds apart. Knowing the difference matters whenever you sign contracts, approve documents, or accept signed PDFs from others.
Signature Types
| Type | Mechanism | Integrity proof | Typical use |
|---|---|---|---|
| Typed name | Plain text in a form field | None | Casual consent |
| Drawn / image signature | Pasted bitmap overlay | None | Informal documents |
| Click-to-sign (eSign platform) | Audit log + IP/email evidence | External log | Sales contracts, NDAs |
| Digital signature (PAdES-B) | Certificate + hash | Cryptographic | Internal approvals |
| PAdES-LT / LTA | Certificate + timestamp + revocation | Long-term cryptographic | Regulated industries, archives |
How Digital Signatures Are Embedded
A digital signature inserts a signature dictionary into the PDF. The dictionary declares a byte range covering everything in the file except the signature value placeholder. The signer's tool hashes that byte range, signs the hash with their private key, and writes the signed hash, signing certificate, and (optionally) a trusted timestamp into the placeholder. Verification reverses the process.
PAdES Profiles
- PAdES-B (Basic): certificate + signature hash. Minimum viable.
- PAdES-T: adds a trusted timestamp from a TSA. Proves when the signature existed.
- PAdES-LT (Long-Term): embeds revocation data (OCSP responses or CRLs) so the signature stays verifiable after the signing certificate expires.
- PAdES-LTA: adds archive timestamps that can be renewed before cryptographic algorithms become obsolete, extending validity decades.
Best Practices
- Use a certificate from a trusted CA — self-signed certificates trigger "unknown identity" warnings.
- Always include a trusted timestamp; without it, signatures become unverifiable after certificate expiry.
- Lock the document after the final signature so no further changes are possible.
- For multi-signer workflows, allow appended signatures and document each role explicitly.
- Validate signatures in a reference viewer (Adobe Acrobat or an eIDAS-conformant validator) before relying on them.
Combine Signed PDFs Together
Merge signed contracts and approvals into a single packet — fully client-side.
Merge PDF →