Digital Signature System
A system for embedding digital certificates directly into PDF file metadata, allowing documents to be cryptographically signed and verified without altering the visible content. Built to bring legal-grade document authenticity to digital workflows — invisible to readers, verifiable by any system that knows how to check.
Physical documents are easy to verify — a stamp, a signature, a seal. But digital documents? Anyone can copy, alter, or forge a PDF with basic tools. Organizations handling contracts, certificates, and official records needed a way to prove a document is authentic, unaltered, and signed by a specific party — without printing anything.
A digital signature system that embeds a cryptographic certificate into the metadata layer of a PDF file. The signature is invisible to the reader but verifiable by any system that knows how to check it. The document content remains untouched — the proof lives in the file's metadata.
How It Works
Certificate Generation
A unique cryptographic certificate is generated for the signer using asymmetric encryption (public/private key pair).
Document Hashing
The PDF content is hashed using SHA-256, creating a unique fingerprint of the document at that exact state.
Signing
The hash is encrypted with the signer's private key, creating the digital signature that proves authorship.
Embedding in PDF Metadata
The signature and certificate are embedded directly into the PDF's metadata fields — without modifying the visible document content.
Verification
Any recipient can verify by extracting the signature, decrypting with the public key, re-hashing the document, and comparing. If they match, the document is authentic and unaltered.
Tech Stack
Key Challenges
Ensuring metadata embedding didn't break PDF compatibility
PDF files follow strict specifications. Embedding custom data in metadata fields required careful adherence to the spec to ensure the file remained readable by all standard PDF viewers and tools.
Key management — storing and securing private keys
A signature is only trustworthy if the private key is secure. Designing a key storage approach that protected signing credentials while remaining operable was a core security concern throughout the project.
Verifying signatures across different systems
The verification process had to work reliably regardless of what software the recipient used. Building a portable, self-contained verification approach that didn't require special software on the recipient's end was an important usability goal.
This was my deep dive into applied cryptography and document security — where I learned that correctness isn't optional.
Security systems are only as strong as their key management. And embedding trust into infrastructure invisibly — so that the guarantee works without the end user having to think about it — is one of the most valuable things software can do. This project is where I first understood that engineering quality has consequences beyond the codebase.