PAdES explained: PDF Advanced Electronic Signatures demystified

PAdES stands for PDF Advanced Electronic Signatures. It's the ISO 32000-2 and ETSI EN 319 142 standard for embedding cryptographic signatures inside PDF files.

Unlike signature images or click-to-agree logs, PAdES signatures live inside the PDF — they travel with the document, self-verify in any compliant PDF reader, and detect any tampering after signing.

The 4 PAdES baselines (B-B, B-T, B-LT, B-LTA)

PAdES defines four progressively-stronger signature profiles:

• PAdES-B-B (Basic) — signer's certificate + signing time + hash. Valid until the certificate expires, typically 1–3 years.
• PAdES-B-T (with Timestamp) — B-B plus an RFC 3161 timestamp from a Timestamp Authority (TSA). The timestamp proves the signature existed at a specific time even if the certificate is later revoked.
• PAdES-B-LT (Long-Term) — B-T plus embedded certificate revocation data (OCSP responses or CRLs). Verifiable for the full lifetime of the document without calling external servers.
• PAdES-B-LTA (Long-Term Archive) — B-LT plus periodic archive timestamps. Remains verifiable essentially forever — even after the signing certificate expires, the TSA certificate expires, and hash algorithms are deprecated.

For most business contracts, PAdES-B-LT is the sweet spot. For documents that must remain verifiable for 30+ years (deeds, notarized instruments), PAdES-B-LTA is the right choice.

What's inside a PAdES signature

When you open a PAdES-signed PDF in Acrobat or any compliant reader, you can inspect:

• Signer's certificate (issuer, subject, validity, public key)
• Signature algorithm (typically RSA-2048 + SHA-256 or ECDSA + SHA-256)
• Signing time (claimed by signer)
• Timestamp (from TSA, cryptographically proven)
• Certificate revocation status at signing time
• Document hash at signing time
• Byte range covered by the signature (in PAdES, usually the entire document except the signature itself)

How PAdES detects tampering

Every byte of the PDF contributes to the document hash. If anyone modifies the document after signing — adding a page, changing a number, removing an annotation — the hash changes and the signature becomes invalid. Any PDF reader will display a warning.

This is the core defensibility advantage over "signature image pasted into PDF" approaches. PAdES makes tampering mathematically detectable.

Who supports PAdES

All major PDF readers (Adobe Acrobat, Foxit, PDF.js, macOS Preview) validate PAdES signatures. All major signing platforms (DocuSign, HelloSign, SignBolt, Adobe Sign) produce them.

PAdES vs CAdES vs XAdES

• PAdES — for PDF documents (the format you care about 95% of the time)
• CAdES — CMS Advanced Electronic Signatures, for arbitrary binary files
• XAdES — XML Advanced Electronic Signatures, for XML documents and invoices

SignBolt's PAdES implementation

SignBolt produces PAdES-B-LT by default for every signature, with an option to upgrade to B-LTA for long-term archival. Signatures are visible in the PDF (signature block rendered) and invisible (cryptographic embed) — both at once.

Next

• How PAdES verifies in Adobe Acrobat (internal deep dive)
• X.509 certificates explained
• Prep the PDF first on SnapPDF, sign on SignBolt