Verifying a Digitally Signed PDF in Python

Question

I am currently working on some PDF processing code in Python. For this project, the software needs to be able to verify that a PDF has a valid digital signature. In my searching so far, I have found a few Java API's that do the trick (iText for example) but nothing in Python. If anyone has a link for either of the following, it would be most appreciated:

• An API I can use to verify a digital signature
• Instructions/general guidance for how I could write my own code to verify a digital signature

Miscellaneous Details:

• The Digital Certificate for the PDF is issued by GlobalSign CA for Adobe (if that matters)
• This code will eventually run on Google App Engine

Answer 1

I'm also annoyed by a lack of such library.

As far as I know there is no open library for Python to do that. There is a MyPDFSigner library, but it seems closed source and as I understand, is a binary library. Not sure how that fits with app engine.

A lot of people recommend using another language, such as iText, which is a Java library for doing the same thing.

Verifying a signature basically means nearly re-doing the signing process, since you need to re-calculate the hashes. Also, there are different "levels" of signature - such as certification, which includes not only a signature, but also specifies allowed changes to keep the document signature valid. Consequently, you need to be able to know which level of verification you need.

If one would go about implementing such feature, Adobe's PDF reference is a key resource, while Digital signatures in a PDF is an overview, to get you started.