Tanda Tangan Digital PAdES
★ Pro — Commercial License Required
Level tanda tangan PAdES B-T, B-LT, dan B-LTA memerlukan paket Pro.
TCPDF-Next Pro mengimplementasikan pipeline PAdES lengkap (ETSI EN 319 142) menggunakan CertificateInfo, DigitalSigner, ByteRangeCalculator, dan SignatureAppearance.
Level Tanda Tangan
| Level | Nilai Enum | Apa yang Ditambahkan |
|---|---|---|
| B-B | SignatureLevel::PAdES_B_B | Tanda tangan CMS dengan sertifikat penandatangan |
| B-T | SignatureLevel::PAdES_B_T | Timestamp tanda tangan RFC 3161 |
| B-LT | SignatureLevel::PAdES_B_LT | Data revokasi (OCSP + CRL) via DSS |
| B-LTA | SignatureLevel::PAdES_B_LTA | Document timestamp untuk validitas tanpa batas waktu |
CertificateInfo
Memuat dan mem-parse sertifikat X.509 dan private key dari file PEM atau PKCS#12.
php
use Yeeefang\TcpdfNext\Pro\Security\Signature\CertificateInfo;
// Dari file PEM
$cert = CertificateInfo::fromPem('/certs/signing.pem', '/certs/signing.key', 'pw');
$cert->chain(['/certs/intermediate.pem', '/certs/root.pem']);
// Dari PKCS#12 (chain diekstrak otomatis)
$cert = CertificateInfo::fromPkcs12('/certs/signing.p12', 'p12-password');
// Periksa detail sertifikat
echo $cert->subjectCN(); // "John Doe"
echo $cert->issuerCN(); // "Acme Intermediate CA"
echo $cert->validFrom(); // DateTimeImmutable
echo $cert->ocspResponderUrl(); // "https://ocsp.acme.com"DigitalSigner
Menghasilkan container tanda tangan CMS/PKCS#7 dan mengorkestrasi embedding timestamp dan LTV.
php
use Yeeefang\TcpdfNext\Core\Document;
use Yeeefang\TcpdfNext\Pro\Security\Signature\DigitalSigner;
use Yeeefang\TcpdfNext\Pro\Security\Timestamp\TsaClient;
use Yeeefang\TcpdfNext\Contracts\Enums\SignatureLevel;
$pdf = Document::create()->addPage()->text('Contract document.');
$cert = CertificateInfo::fromPkcs12('/certs/signer.p12', 'pw');
$tsa = new TsaClient('https://tsa.example.com/timestamp');
$signer = new DigitalSigner($cert);
$signer->level(SignatureLevel::PAdES_B_LTA);
$signer->timestampAuthority($tsa);
$signer->reason('Document approval');
$signer->location('Taipei, Taiwan');
$signer->sign($pdf);
$pdf->save('/output/signed.pdf');Pada level B-LT dan B-LTA, LtvManager dipanggil secara internal untuk mengambil respons OCSP dan CRL serta membangun dictionary DSS.
ByteRangeCalculator
Mengelola placeholder tanda tangan dan menghitung byte range. Ditangani secara internal oleh DigitalSigner; penggunaan langsung untuk skenario lanjutan.
SignatureAppearance
Mengontrol representasi visual tanda tangan di halaman. Tanda tangan tidak terlihat secara default.
php
use Yeeefang\TcpdfNext\Pro\Security\Signature\SignatureAppearance;
$appearance = SignatureAppearance::create()
->page(1)
->position(x: 20.0, y: 250.0, width: 80.0, height: 30.0)
->text("Digitally signed by John Doe\nDate: 2026-02-16")
->image('/images/handwritten-signature.png')
->imagePosition('left') // 'left', 'right', 'top', 'bottom', 'background'
->fontSize(8);
$signer->appearance($appearance);
$signer->sign($pdf);Contoh B-LTA Lengkap
php
use Yeeefang\TcpdfNext\Core\Document;
use Yeeefang\TcpdfNext\Pro\Security\Signature\{DigitalSigner, CertificateInfo, SignatureAppearance};
use Yeeefang\TcpdfNext\Pro\Security\Timestamp\TsaClient;
use Yeeefang\TcpdfNext\Contracts\Enums\SignatureLevel;
$pdf = Document::create()
->addPage()
->font('Helvetica', size: 14, style: 'B')
->text('Purchase Agreement')
->font('Helvetica', size: 11)
->text('This agreement is entered into on February 16, 2026...');
$cert = CertificateInfo::fromPkcs12('/certs/legal.p12', 'passphrase');
$tsa = new TsaClient('https://tsa.example.com/timestamp');
$signer = new DigitalSigner($cert);
$signer->level(SignatureLevel::PAdES_B_LTA);
$signer->timestampAuthority($tsa);
$signer->appearance(
SignatureAppearance::create()
->page(1)
->position(x: 20.0, y: 250.0, width: 80.0, height: 25.0)
->text("Signed by Legal Dept.\n2026-02-16")
);
$signer->reason('Purchase agreement execution');
$signer->location('Taipei, Taiwan');
$signer->sign($pdf);
$pdf->save('/contracts/purchase-agreement-signed.pdf');Langkah Selanjutnya
- Long-Term Validation -- DSS, OCSP, CRL, dan archival timestamp.
- Integrasi HSM -- Tanda tangani dengan hardware security module via PKCS#11.
- Ringkasan Paket Pro -- Daftar modul lengkap dan informasi lisensi.