dump_signatures

List and validate digital signatures

Usage

pdftl <input> dump_signatures [output <output>]

Details

Lists all digital signatures embedded in the PDF and performs cryptographic validation on each.

If possible, this reads the PDF file directly from disk to ensure that the cryptographic byte ranges are not disturbed by PDF parsing engines.

Signature Stanza Format

• SignatureBegin

• SignatureFieldName: The name of the signature field.

• SignatureSigner: Common Name (CN) of the signer.

• SignatureHashAlgorithm: e.g., sha256.

• SignatureIntegrity: VALID or INVALID (mathematical hash check).

• SignerTrusted: True or False (whether the certificate is trusted).

• TrustProblem: Detailed reason if the signer is untrusted.

• SignatureCoverage: ENTIRE_FILE, REVISION_ONLY, or PARTIAL.

• SignatureModificationLevel: NONE, FORM_FILLING, or SUSPICIOUS.

• DocMDPOk: True or False (whether document permissions allow the modifications).

• SignatureTimestamp: The verified cryptographic timestamp, or signer-reported time.

• SignatureMechanism: The signature algorithm mechanism (e.g., rsassa_pkcs1v15).

• SignatureChainOfTrust: The certificate chain of trust from end-entity to Root CA.

If SignatureModificationLevel is SUSPICIOUS, it will be followed by one or more blocks:

• SuspiciousDetailsBegin

• SuspiciousDetailsType: The category of the suspicious modification.

• SuspiciousDetailsData: The related objects or details.

Tags: info, security, signatures

Source: pdftl.operations.dump_signatures

Read online: https://pdftl.readthedocs.io/en/stable/operations/dump_signatures.html

Type: Operation