miPDFsign Community is the free, open-source (AGPL-3.0) edition of miPDFsign — a .NET 8 WPF application for signature tablets. It captures handwritten signatures together with biometric pressure data and embeds them as a PAdES signature into PDF documents. It uses the iText PDF engine (AGPL).
Download: the signed installer from the latest release.
winget:
winget install Mibuw.miPDFsignCommunityChocolatey:
choco install mipdfsign-communitySilent / unattended (Inno Setup — for automation & deployment):
miPDFsignCommunity_Setup_1.0.0.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTARTInstalls side-by-side with the commercial miPDFsign edition (separate AppId & folder).
- Handwritten signature capture on all pen-based, Windows-Ink-capable devices (tablets, notebooks, Surface, etc.) including pressure and timing data – no Wintab driver required
- Biometric data is hybrid-encrypted (RSA-OAEP 3072 bit + AES-256-CBC) and embedded in the PDF in a proprietary format
- PAdES signatures at levels Baseline-B / T / LT / LTA
- Multi-signature per PDF (freehand mode) via incremental iText updates – existing signatures remain valid
- QES support via ID Austria / A-Trust
- PDF rendering of pages as bitmaps (PDFium) for display and field placement
- PDF form detection: signature, date, location, and checkbox fields are read out automatically
- Configurable UI texts via
miPDFsign.ui-labels.json– editable without recompilation
| Property | Value |
|---|---|
| Framework | .NET 8 (net8.0-windows, WinExe) |
| Platform | x86 (PlatformTarget = x86) |
| UI | WPF (UseWPF = true) |
| Namespace | miPDFsign |
| Package | Purpose |
|---|---|
itext (+ itext.bouncy-castle-adapter) |
PDF forms, stamping, PAdES signing (AGPL) |
BouncyCastle.Cryptography |
Custom CMS attributes, biometrics encryption |
PdfiumViewer (+ native x86/x64) |
Render PDF pages as bitmaps |
System.Drawing.Common |
Bitmap processing |
System.Configuration.ConfigurationManager |
App.config / appSettings |
miPDFsignCommunity/
├── App.xaml / App.xaml.cs # Entry point (iText – no license key needed)
├── MainWindow.xaml / .cs # Main window
├── IdAustriaWindow.xaml / .cs # QES signature via ID Austria
├── SignatureTypeDialog.xaml / .cs # Signature type selection
├── miPDFsign.ui-labels.{en,de}.json # UI texts, bilingual (editable without recompile)
├── Assets/ # Icon, logos
├── Helpers/
│ ├── PdfCertSigner.cs # PDF signing (PAdES B/T/LT/LTA, core component)
│ ├── PdfExporter.cs # Export / merge PDF
│ ├── PdfLoadHelper.cs # Load PDF, determine page size
│ ├── PdfRenderer.cs # PDF pages as bitmap via PDFium
│ ├── PdfSignatureScanner.cs # Read signature fields from PDF
│ ├── UiLabels.cs # UI label management
│ └── AppLogger.cs # Central logging
├── Models/ # Field descriptors (signature, date, location, checkbox)
└── Setup/ # Inno Setup script & build scripts
All signature fields are signed with iText in append mode (PdfSigner +
IExternalSignatureContainer), so each field is added as an incremental revision and
existing signatures stay valid. The CMS is built with BouncyCastle
(/SubFilter /ETSI.CAdES.detached, SHA-256, ESS SigningCertificateV2 + an encrypted
biometric attribute). The signature appearance is the pressure-sensitive ink rendered
as a transparent PNG.
PAdES levels:
| Level | Description |
|---|---|
| Baseline-B | Always – base CMS signature |
| Baseline-T | RFC-3161 timestamp (TSA, best-effort) |
| LT (LTV) | CRL + OCSP embedded for all certificates (DSS) |
| LTA | Document timestamp over the entire PDF |
The captured ink (X/Y coordinates, pen pressure, timing) is hybrid-encrypted (RSA-OAEP 3072-bit + AES-256-CBC) and embedded in the signature CMS as a signed attribute. Both signature types (FES and QES) encrypt it with the same dedicated, persistent biometric certificate — never with the short-lived signing certificate — so the biometric data stays recoverable after the signing certificate has expired:
- If
BiometricCertPath(App.config) points to a PFX, that certificate is used. - Otherwise a fresh RSA-3072 certificate is generated once and stored next to the
document as
<DocumentName>_bioCert.pfx.
⚠️ Keep this PFX safe. Its private key is required to later decrypt/verify the biometric data (forensic use viaExtractBiometricData). Losing it makes the encrypted biometric data unrecoverable.
Behaviour is controlled via App.config in the install folder. Key settings:
| Key | Default | Purpose |
|---|---|---|
SaveAsDialog |
true |
true = show a "Save As" dialog after signing; false = save directly into TargetDirectory. |
TargetDirectory |
(empty) | Destination folder when SaveAsDialog=false (created if needed; empty = the source document's folder). Environment variables are expanded. |
UseTimestamp |
true |
Enable/disable RFC-3161 timestamping (see below). |
TimestampServers |
(built-in) | ;-separated list of TSA URLs, tried in order. Empty = built-in defaults (GlobalSign, Sectigo, Entrust). A-Trust example: http://tsa.a-trust.at/tsa. |
BiometricCertPath / BiometricCertPassword |
(empty) | PFX used to encrypt the biometric data. Empty = auto-generate <DocumentName>_bioCert.pfx next to the signed document. |
LogFile, LogLevel, LogRolling, … |
see file | Logging: path, level (DEBUG/INFO/WARN/ERROR), daily rolling. |
ForcePortraitOrientation |
true |
Rotate the tablet screen to portrait on start and restore it on exit. |
Set UseTimestamp=false for offline / air-gapped deployments or when no TSA is reachable. Then:
- signatures stay PAdES Baseline-B (no Baseline-T timestamp) and no LTA archive timestamp is added — LTV/DSS (CRL/OCSP) is unaffected;
⚠️ the FES signing certificate is only valid for 10 minutes, so without a timestamp its signatures are not provable long-term. Disable timestamping only deliberately (e.g. for QES, where the qualified certificate carries its own trust).
# Debug build
dotnet build -c Debug
# Release / Publish (self-contained, win-x86, multi-file)
dotnet publish -c ReleaseThe publish is self-contained (no .NET runtime required on the target machine)
and consists of miPDFsignCommunity.exe + miPDFsignCommunity.dll together with all dependencies in one
folder. The installer is generated via the Inno Setup script under Setup/
(see Setup/build.bat).
- Visual Studio (recommended for the XAML designer)
- VS Code with the VS Code Tools for WPF possible
Need a PDF to sign in the first place? miPDFconvert is a free, open-source (AGPL) virtual PDF printer for Windows: print from any application to a PDF, then sign it here — a natural upstream pre-stage:
print → PDF (miPDFconvert) → sign (miPDFsign Community) → archive
miPDFsign Community is a free, open-source edition, licensed under the
GNU Affero General Public License v3.0 (AGPL-3.0) — see LICENSE.
Because it links iText under the AGPL, the entire application is AGPL: if you
distribute it (or offer it over a network), you must make the complete corresponding
source available under the same license.
A commercial edition of miPDFsign is available on request — without AGPL obligations and with additional features (e.g. an inbound/outbound plugin architecture, archive/DMS connectors, system integrations, and priority support). It is a separate product built on a commercially licensed PDF engine. Please get in touch for licensing, pricing, and a feature overview.
Third-party components and their licenses are documented in
THIRD-PARTY-NOTICES.md.
Wolfgang Mitterbucher — Software Engineering & Digital Identity, Leonding (Austria)
🌐 www.mitterbucher.com · 💼 LinkedIn · ✉️ office@mitterbucher.com
More open-source projects: miPDFconvert · miPDFvalidator · miEUDIverifier
