Electronically sign and timestamp PDF files

sign_pdf.sh

#!/bin/bash
#
# Script to quickly electronically sign 
# and apply a qualified eIDAS timestamp
# on a PDF document of your choice.
#
# Java is required.
# open-pdf-sign software will be used.
#
# You MUST have a certificate before using this script.
# A suggestion may be to request a free s/mime certificate
# for your email address from https://www.actalis.com/s-mime-certificates.aspx
# (this link is NOT affiliated in any way, I simply used this service and I liked it).
#
# This script will use Sectigo eIDAS qualified timestamp authority.
# In case you don't like that, change TSA_URL, for example
# using FreeTSA or any other TSA you like.
#
# In case you are not Italian, please change the strings
# in the Localization section.
# Also, adapt the signature positioning variables to your document.
#
# Usage: ./sign_pdf.sh <input_unsigned_pdf>
#

set -e

# Constants
JAR_FILE="open-pdf-sign.jar"
JAR_DOWNLOAD_URL="https://github.com/open-pdf-sign/open-pdf-sign/releases/latest/download/open-pdf-sign.jar"
TSA_URL="http://timestamp.sectigo.com/qualified"
SMIME_CERT="smime_cert.pem"
SMIME_KEY="smime_key.pem"

# Localization
TIMEZONE="Europe/Rome"
LABEL_HINT="Informazioni"
LABEL_SIGNEE="Rilasciato da"
LABEL_TIMESTAMP="Data e ora"
HINT_TEXT="Digitalizzazione con firma elettronica e marca temporale. Verificabile su https://vol.ca.notariato.it/it"

# Signature positioning
SIGNATURE_WIDTH=19
SIGNATURE_MARGIN_TOP=1
SIGNATURE_BOX_PAGE=-1
SIGNATURE_PARAMS=--add-page
# Uncomment the following lines to make the signature box
# at the bottom of the last page (without adding one)
# SIGNATURE_MARGIN_TOP=26.5
# SIGNATURE_PARAMS=


# Function to check if Java is installed
check_java() {
    if ! command -v java &> /dev/null; then
        echo -e "\033[0;31mError: Java is not installed or not in the PATH.\033[0m"
        exit 1
    fi
}

check_java

# Function to check if a file exists
check_file_exists() {
    if [ -f "$1" ]; then
        echo -e "\033[0;36m$1 found\033[0m"
    else
        echo -e "\033[0;31mError: \033[1;31m$1\033[0;31m not found.\033[0m"
        return 1
    fi
}

# Function to download open-pdf-sign.jar
download_open_pdf_sign() {
    if ! check_file_exists "$JAR_FILE"; then
        read -p "Do you want to download Open PDF Sign? [y/N]: " choice
        case "$choice" in
            y|Y|yes|YES ) curl \
                --location \
                --output "$JAR_FILE" \
                "$JAR_DOWNLOAD_URL" ;;
            * ) return 1 ;;
        esac
    fi
}

# Function to print help
print_help() {
    echo "Usage: $0 <input_pdf>"
    echo "Example: $0 input.pdf"
}

# Check if the input file argument is provided
if [ -z "$1" ]; then
    print_help
    exit 1
fi

# Store input file in variable
INPUT_FILE="$1"

# Check if the input file exists
check_file_exists "$INPUT_FILE"

# Check if the input file is a PDF
if [[ ! "$INPUT_FILE" =~ \.pdf$ ]]; then
    echo -e "\033[0;31mError: \033[1;31m$INPUT_FILE\033[0;31m is not a PDF file.\033[0m"
    exit 1
fi

# Check if JAR file exists
download_open_pdf_sign

# Check if S/MIME certificate exists
check_file_exists "$SMIME_CERT"

# Check if S/MIME private key exists
check_file_exists "$SMIME_KEY"

# Define output file name with _signed suffix
OUTPUT_FILE="${INPUT_FILE%.pdf}_signed.pdf"

# Execute Open PDF Sign
set +e
java -jar "$JAR_FILE" \
  -i "$INPUT_FILE" \
  -o "$OUTPUT_FILE" \
  -c "$SMIME_CERT" \
  -k "$SMIME_KEY" \
  --timestamp \
  --tsa "$TSA_URL" \
  --timezone "$TIMEZONE" \
  --page "$SIGNATURE_BOX_PAGE" \
  --label-hint "$LABEL_HINT" \
  --label-signee "$LABEL_SIGNEE" \
  --label-timestamp "$LABEL_TIMESTAMP" \
  --hint "$HINT_TEXT" \
  --width "$SIGNATURE_WIDTH" \
  --top "$SIGNATURE_MARGIN_TOP" \
  $SIGNATURE_PARAMS

# Check if the Java command executed successfully
if [ $? -eq 0 ]; then
    echo -e "\033[0;32mPDF signed successfully: \033[1m$OUTPUT_FILE\033[0m"
else
    echo -e "\033[0;31mError: An error occurred during PDF signing. Exit code: \033[1m$?\033[0m"
fi

sign_pdf_invisible.sh

#!/bin/bash
#
# Script to quickly electronically sign 
# and apply a qualified eIDAS timestamp
# on a PDF document of your choice.
#
# [ THIS VERSION WILL BE INVISIBLE ]
#
# Java is required.
# open-pdf-sign software will be used.
#
# You MUST have a certificate before using this script.
# A suggestion may be to request a free s/mime certificate
# for your email address from https://www.actalis.com/s-mime-certificates.aspx
# (this link is NOT affiliated in any way, I simply used this service and I liked it).
#
# This script will use Sectigo eIDAS qualified timestamp authority.
# In case you don't like that, change TSA_URL, for example
# using FreeTSA or any other TSA you like.
#
# Usage: ./sign_pdf.sh <input_unsigned_pdf>
#

set -e

# Constants
JAR_FILE="open-pdf-sign.jar"
JAR_DOWNLOAD_URL="https://github.com/open-pdf-sign/open-pdf-sign/releases/latest/download/open-pdf-sign.jar"
TSA_URL="http://timestamp.sectigo.com/qualified"
SMIME_CERT="smime_cert.pem"
SMIME_KEY="smime_key.pem"
TIMEZONE="Europe/Rome" #! Change it if necessary


# Function to check if Java is installed
check_java() {
    if ! command -v java &> /dev/null; then
        echo -e "\033[0;31mError: Java is not installed or not in the PATH.\033[0m"
        exit 1
    fi
}

check_java

# Function to check if a file exists
check_file_exists() {
    if [ -f "$1" ]; then
        echo -e "\033[0;36m$1 found\033[0m"
    else
        echo -e "\033[0;31mError: \033[1;31m$1\033[0;31m not found.\033[0m"
        return 1
    fi
}

# Function to download open-pdf-sign.jar
download_open_pdf_sign() {
    if ! check_file_exists "$JAR_FILE"; then
        read -p "Do you want to download Open PDF Sign? [y/N]: " choice
        case "$choice" in
            y|Y|yes|YES ) curl \
                --location \
                --output "$JAR_FILE" \
                "$JAR_DOWNLOAD_URL" ;;
            * ) return 1 ;;
        esac
    fi
}

# Function to print help
print_help() {
    echo "Usage: $0 <input_pdf>"
    echo "Example: $0 input.pdf"
}

# Check if the input file argument is provided
if [ -z "$1" ]; then
    print_help
    exit 1
fi

# Store input file in variable
INPUT_FILE="$1"

# Check if the input file exists
check_file_exists "$INPUT_FILE"

# Check if the input file is a PDF
if [[ ! "$INPUT_FILE" =~ \.pdf$ ]]; then
    echo -e "\033[0;31mError: \033[1;31m$INPUT_FILE\033[0;31m is not a PDF file.\033[0m"
    exit 1
fi

# Check if JAR file exists
download_open_pdf_sign

# Check if S/MIME certificate exists
check_file_exists "$SMIME_CERT"

# Check if S/MIME private key exists
check_file_exists "$SMIME_KEY"

# Define output file name with _signed suffix
OUTPUT_FILE="${INPUT_FILE%.pdf}_signed.pdf"

# Execute Open PDF Sign
set +e
java -jar "$JAR_FILE" \
  -i "$INPUT_FILE" \
  -o "$OUTPUT_FILE" \
  -c "$SMIME_CERT" \
  -k "$SMIME_KEY" \
  --timestamp \
  --tsa "$TSA_URL" \
  --timezone "$TIMEZONE"

# Check if the Java command executed successfully
if [ $? -eq 0 ]; then
    echo -e "\033[0;32mPDF signed successfully: \033[1m$OUTPUT_FILE\033[0m"
else
    echo -e "\033[0;31mError: An error occurred during PDF signing. Exit code: \033[1m$?\033[0m"
fi