Advanced digital signature workflows

Use advanced signature features when you need timestamping, stronger hashing, or visual-only signing.

Common use cases include:

PAdES-T workflows with trusted timestamps
Long-term validation and archival requirements
Stronger hash policies such as SHA-512
Internal workflows that use visual-only signatures

Download sample

How Nutrient helps

Nutrient Python SDK handles advanced signing options, timestamp configuration, and hash selection.

The SDK handles:

RFC 3161 timestamp protocol handling
Hash algorithm encoding and configuration internals
PAdES-T data embedding details
Visual signature rendering without certificate structures

Complete implementation

This example covers timestamps, custom hash algorithms, and visual-only signatures:

from nutrient_sdk import Document, PdfEditor, Signature, Color
from nutrient_sdk import DigitalSignatureOptions, SignatureAppearance, TimestampConfiguration
from nutrient_sdk import SignatureHashAlgorithm

Adding a timestamp for PAdES-T compliance

Add a trusted timestamp to produce a PAdES-T style signature.

In this sample:

Document.open("input.pdf") opens the PDF before signing.
TimestampConfiguration sets the TSA endpoint.
options.timestamp enables timestamping for the signature.
sign(document, output_path, options) applies the timestamped digital signature.

This supports long-term validation after certificate expiration:

with Signature() as signer, Document.open("input.pdf") as document:
    options = DigitalSignatureOptions()
    options.certificate_path = "certificate.pfx"
    options.certificate_password = "Nutrient answers all your document needs"
    options.signer_name = "Legal Department"
    options.reason = "Contract Execution"

    timestamp = TimestampConfiguration()
    timestamp.server_url = "http://timestamp.digicert.com"
    options.timestamp = timestamp

    signer.sign(document, "output_signed_timestamped.pdf", options)

Using the SHA-512 hash algorithm

Set hash_algorithm to SignatureHashAlgorithm.SHA512 when policy requires SHA-512.

In this sample:

Document.open("input.pdf") opens the PDF before signing.
hash_algorithm = SignatureHashAlgorithm.SHA512 selects SHA-512.
Signing still uses sign(document, output_path, options).
Output is written to a new signed file.

with Signature() as signer, Document.open("input.pdf") as document:
    options = DigitalSignatureOptions()
    options.certificate_path = "certificate.pfx"
    options.certificate_password = "Nutrient answers all your document needs"
    options.signer_name = "Security Officer"
    options.hash_algorithm = SignatureHashAlgorithm.SHA512

    signer.sign(document, "output_signed_sha512.pdf", options)

Creating a signature field for electronic signatures

Before applying a visual-only signature, create a signature field.

In this sample:

The field name is ApprovalSignature.
The position is (100, 700).
The size is 200 × 50.

The field defines where the visual signature will render:

with Document.open("input.pdf") as document:
    editor = PdfEditor.edit(document)
    page = editor.page_collection.first

    signature_field = editor.form_field_collection.add_signature_field(
        name="ApprovalSignature",
        page=page,
        x=100.0,
        y=700.0,
        width=200.0,
        height=50.0
    )

    editor.save_as("output_document_with_field.pdf")
    editor.close()

Electronic signatures (visual only)

Use visual-only signatures when cryptographic validation isn’t required.

In this sample:

Document.open("output_document_with_field.pdf") opens the PDF before signing.
SignatureAppearance.image_path sets the signature image.
sign_field(document, output_path, field_name, None, appearance) uses None options for visual-only signing.
The result is a flattened visual signature.

Visual-only signatures don’t provide certificate-based verification:

with Signature() as signer, Document.open("output_document_with_field.pdf") as document:
    appearance = SignatureAppearance()
    appearance.image_path = "input_signature.jpg"

    signer.sign_field(
        document,
        "output_electronic_signature.pdf",
        "ApprovalSignature",
        None,  # No certificate = electronic signature
        appearance
    )

Conclusion

Use this workflow for advanced signing scenarios:

Open the document using a context manager(opens in a new tab) for automatic resource cleanup.
Configure digital signature options with certificate credentials and signing metadata.
Add trusted timestamps using TimestampConfiguration with the server_url property for PAdES-T compliance.
The SDK communicates with the TSA via the RFC 3161 protocol to obtain cryptographically signed timestamps.
Timestamps enable long-term validation, even after signing certificates expire.
Configure custom hash algorithms using the hash_algorithm property with the SignatureHashAlgorithm enumeration.
Use SHA-512 for enhanced security requirements, government compliance, or high-security environments.
Create signature fields using add_signature_field() with coordinates and dimensions for visual signature placement.
Apply electronic signatures (visual only) by passing None certificate options to sign_field().
Electronic signatures render images as flattened graphics without cryptographic validation.
Combine timestamp and hash algorithm configurations for regulatory-compliant signing workflows.
Use PAdES-T signatures for legal document archival and long-term validation requirements.

For related signing workflows, refer to the Python SDK guides.

Advanced digital signature workflows

How Nutrient helps

Complete implementation

Adding a timestamp for PAdES-T compliance

Using the SHA-512 hash algorithm

Creating a signature field for electronic signatures

Electronic signatures (visual only)

Conclusion

Was this helpful?

Help us improve

Thank you for your feedback!

Something went wrong. Please try again or let us know.