Features
Authentic Easy To Use Secure
Pricing
Docs
API CLI
Downloads
Sign up

Trusted Signatures CLI

A command-line tool for digitally signing PDFs using a certificate trusted by Adobe Acrobat (AATL-compliant) and eIDAS, without uploading your documents or managing cryptography.

✨ What It Does

  • Prepares a placeholder for a digital signature in your PDF
  • Calculates a SHA-256 hash of the document (excluding signature space)
  • Authenticates via API key and securely requests a signature from the Trusted Signatures API
  • Embeds the returned PKCS#7 signature (CMS) into your PDF
  • Produces a legally valid, verifiable, tamper-evident signature

No document contents ever leave your machine — only the cryptographic hash is sent to the signing API.

🔧 Installation

Binary releases available for amd64 and arm64 architecures on macOS, Linux, and Windows.

1
2
3

curl -LO https://trusted-signatures.com/downloads/trusted-signatures-cli-v0.1.0-mac.tar.gz
tar -xzf trusted-signatures-cli-v0.1.0-mac.tar.gz
sudo mv trusted-signatures /usr/local/bin # or elsewhere on your PATH for Windows users

✅ Usage

1
2
3
4
5
6

trusted-signatures \
  --input input.pdf \
  --output signed.pdf \
  --apikey 0001020304... \
  --apikeyid 12345-6789-0123456
  --acknowledge "I acknowledge my intent to sign this PDF."

Required flags

  • --acknowledge: Legally confirms intent to sign and acceptance of disclaimer; must be set to “I acknowledge my intent to sign this PDF.”

Use --help for full CLI options.

Optional flags

  • --apikey, -k: Your API key from Trusted Signatures; may be set by environment variable
  • --apikeyid, -d: Your API key ID from Trusted Signatures; may be set by environment variable
  • --input, -i: File path to save the signed PDF; defaults to stdin
  • --output, -o: File path to save the signed PDF; defaults to stdout
  • --endpoint, -e: Your API endpoint; defaults to https://api.trusted-signatures.com
  • --licenses: Print the licenses of the dependencies used by this application

Environment variables

  • TS_API_KEY: Your API key from Trusted Signatures
  • TS_API_KEY_ID: Your API key ID from Trusted Signatures

API Key

The API Key is how we authenticate that a signing request came from you. It is imperative that you store the key securely; if you even suspect that someone unauthorized might have accessed your API key, disable it immediately and generate a new one. API keys are available at trusted-signing.com free of charge.

Networking

The CLI sends an SHA-256 digest of the PDF along with an authentication token to our servers, which generate the CMS. The CLI must have outbound internet access to our API (https://api.trusted-signatures.com) on port 443.

Clock

To keep your API Key secure, your computer’s clock must be set accurately. Most operating systems do this automatically, but if the clock is off by more than a minute, the CLI signing request will be rejected.

🔒 Security & Trust

  • You never upload your document — only a SHA-256 hash is sent
  • Signatures are backed by an AATL-compliant certificate (coming soon; currently self-signed for testing)
  • Signatures are cryptographically verifiable and tamper-evident

Identity fields

The signed PDF will show:

  • /Name: Trusted Signatures (or the name of your business, if you use a custom certificate)
  • /Reason: This document was digitally sealed by Trusted Signatures. We do not verify or endorse the document content; the seal was applied at the request of a Trusted Signatures customer.
  • /Location: trusted-signatures.com

Users may not override the signer identity — this protects the legal trust model of AATL certificates.

✍️ Intent to Sign

By using this CLI to apply a digital signature, you confirm:

  • You have reviewed the contents of the document
  • You are authorized to request a signature using your API key
  • You intend for the signature to have legal effect

Trusted Signatures produces legally valid digital signatures compliant with international standards (CMS/PKCS#7, eIDAS, HIPAA, ESIGN, UETA). These signatures may or may not be legally binding in your jurisdication.

🛡️ Disclaimer in Signature

The following disclaimer will be embedded in the signature metadata:

This document was digitally sealed by Trusted Signatures. We do not verify or endorse the document content; the seal was applied at the request of a Trusted Signatures customer.

This helps maintain legal clarity and complies with certificate authority policies.

📄 Learn More

🚀 Coming Soon

  • Full AATL production certificate integration
  • Optional timestamping via TSA
  • Custom OV certificates for your business
  • Audit trail dashboard
  • Self-serve API key generation

Build trust into your PDFs — without building crypto infrastructure.

Want a green-check?

Trusted Signatures provides the fastest, most affordable, secure PDF signatures on the internet.

Get Started Free