How To…Digitally Sign a PDF

Digitally Sign a PDF from Within ReportBuilder

ReportBuilder 21+ includes support for automatically signing an exported PDF document with a valid digital certificate (signature).


The PDF file format supports the use of Digital Signatures to ensure a file has not been altered before it is received/viewed. The PDF document can be “signed” using a valid digital certificate, either created manually or obtained by a certificate authority provider.

To ensure the file has not been altered, an encrypted hash is created based on the binary data of the PDF document. This hash is then embedded inside the PDF file along with the digital certificate and later used by the PDF viewer to verify the contents of the file.


1. OpenSSL
ReportBuilder uses the OpenSSL library to process and embed the certificate file. It is highly recommended that the latest version of OpenSSL is used. The latest OpenSSL library files (as of the release date) are installed with ReportBuilder inside the RBuilder\Source\… directory. These .dll file(s) must be deployed with any application that uses the Digital Signature feature.

The latest compiled versions of the OpenSSL library can be downloaded from the following website:

2. Digital Certificate File
A valid digital certificate file is required to digitally sign a PDF file. This file must be in PKCS#12 format (.pfx | .p12). A password is also required to access the file contents.

Note: it is possible to use the OpenSSL library (and command-line executable) to convert certificates from other formats to PKCS#12. See the following website for more information.

PDF Creation:

Use the TppPDFSettings.DigitalSignatureSettings properties to set up and sign an exported PDF file. See below for more information:

SignatureFile: Required: PKCS#12 Digital Certificate (Signature) File.
Password: Required: Password to decrypt and process the file.*
SignPDF: Required: Enable digital signature feature.
FieldTitle: Optional: Signature field title inside the report.**
Reason: Optional: Reason for digitally signing the document.
Location: Optional: Signing location.
ContactInfo: Optional: Contact information.

* For security purposes, the file password should not be hard coded inside the application. The password property can be populated at run-time before the report prints or during export by using the OnGetPDFSignaturePassword event of the TppPDFDevice. (See below for sample code)

** Note that a Signature form field is not necessary to sign a PDF file with ReportBuilder. If no form field title is defined in the FieldTitle property, a non-visible signature field is automatically created and used. If a visible signature is needed, a Signature style form field should be added to the Report with a matching FieldTitle value. See the article on PDF form fields for more information.


Sample Delphi code: