PAdES · PDF Advanced Electronic Signature
The standard for a tamper-evident signature inside a PDF.
What it is
ETSI's profile for embedding cryptographic signatures inside a PDF. Four conformance levels — B-B (baseline), B-T (with timestamp), B-LT (long-term), B-LTA (long-term archival). The envelope binds the signature to the exact bytes of the PDF: change one byte after signing and verification fails.
Scope
Used by every credible e-signature platform and every EU member state's qualified signature scheme. Required by the EU regulation 910/2014 implementing acts for QES embedded in PDFs.
What letssign.now does
Every signed PDF leaves our system as a PAdES-B-T envelope: the signature is embedded directly into the PDF (no separate sidecar file) and the signing time is countersigned by an independent RFC 3161 Time Stamping Authority. Verifiable on /verify and by Adobe Acrobat Reader.
Deeper detail
The four conformance levelsExpandClose
B-B: basic signature only. B-T: + a trusted timestamp (proves WHEN). B-LT: + the full certificate chain and revocation data embedded (verifiable years later, even after CA disappears). B-LTA: + an archival timestamp on top of all of the above (long-term archival). letssign.now produces B-T today; LT/LTA is on the post-launch roadmap.
How the seal worksExpandClose
When you sign, we hash the PDF bytes (excluding the signature placeholder region), encrypt that hash with our private key, and embed the result inside the PDF. Verification reverses the process. One bit changes anywhere in the document → hash mismatch → invalid signature.
Related standards
The frameworks above interlock. Each linked page covers one in full.
Drop a PDF. See it verified.
Free, no signup. We identify the standard, the issuing authority, and the legal tier in under a second.