class HexaPDF::DigitalSignature::Signing::SignedDataCreator


This class is used for creating a CMS SignedData binary data object, as needed for PDF signing.

OpenSSL already provides the ability to access, sign and create such CMS objects but is limited in what it offers in terms of data added to it. Since HexaPDF needs to follow the PDF standard, it needs control over the created structure so as to make it compatible with the various requirements.

As the created CMS object is only meant to be used in the context of PDF signing, it also restricts certain things, like allowing only a single signer.

Additionally, only RSA signatures are currently supported!

See: PDF2.0 s12.8.3.3, PDF2.0 s12.8.3.4, RFC5652, ETSI TS 102 778 Parts 1-4



Mapping of ASN.1 object ID names to object ID strings.



The OpenSSL certificate object which is used to sign the data.


Array of additional OpenSSL certificate objects that should be included.

Should include all certificates of the hierarchy of the signing certificate.


The digest algorithm that should be used. Defaults to ‘sha256’.

Allowed values: sha256, sha384, sha512.


The OpenSSL key object which is used for signing. Needs to correspond to certificate.

If the key is not set, a block for signing will need to be provided to sign.


The timestamp handler instance that should be used for timestamping.

Public Class Methods

create(data, type: :cms, **attributes, &block)

Creates a SignedDataCreator, sets the given attributes if they are not nil and then calls create with the given data, type and block.


Creates a new SignedData object.

Public Instance Methods

create(data, type: :cms) { |digested_data| ... }

Creates a CMS SignedData binary data object for the given data using the set attributes and returns it in DER-serialized form.

If the key attribute is not set, the digest algorithm and the already digested data to be signed is yielded and the block needs to return the signature.


The type can either be :cms when creating standard PDF CMS signatures or :pades when creating PAdES compatible signatures. PAdES signatures are part of PDF 2.0.