class HexaPDF::Document::Signatures::DefaultHandler


This is the default signing handler which provides the ability to sign a document with a provided certificate using the adb.pkcs7.detached algorithm.

Additional functionality:

  • Optionally setting the reason, location and contact information.

  • Making the signature a certification signature by applying the DocMDP transform method.

Implementing a Signing Handler

This class also serves as an example on how to create a custom handler: The public methods filter_name, sub_filter_name, signature_size, finalize_objects and sign are used by the digital signature algorithm.

Once a custom signing handler has been created, it can be registered under the 'signature.signing_handler' configuration option for easy use. It has to take keyword arguments in its initialize method to be compatible with the Signatures#handler method.



The certificate with which to sign the PDF.


The certificate chain that should be embedded in the PDF; normally contains all certificates up to the root certificate.


The contact information. If used, will be set on the signature object.


The DocMDP permissions that should be set on the document.

See doc_mdp_permissions=


The private key for the certificate.


The signing location. If used, will be set on the signature object.


The reason for signing. If used, will be set on the signature object.

Public Class Methods


Creates a new DefaultHandler with the given attributes.

Public Instance Methods


Sets the DocMDP permissions that should be applied to the document.

Valid values for permissions are:


Don't set any DocMDP permissions (default).

:no_changes or 1

No changes whatsoever are allowed.

:form_filling or 2

Only filling in forms and signing are allowed.

:form_filling_and_annotations or 3

Only filling in forms, signing and annotation creation/deletion/modification are allowed.


Returns the name to be set on the /Filter key when using this signing handler.

finalize_objects(_signature_field, signature)

Finalizes the signature field as well as the signature dictionary before writing.


Returns the DER serialized OpenSSL::PKCS7 structure containing the signature for the given data.


Returns the size of the signature that would be created.


Returns the name to be set on the /SubFilter key when using this signing handler.