Long-term, quantum-resistant signatures across the whole AdES family.
Signet PAdES Enterprise is a from-scratch, dependency-light post-quantum digital-signature engine that spans the entire ETSI AdES family: PAdES for PDFs, CAdES for binary/CMS, XAdES for XML and JAdES for JSON/JWS, at the B-B, B-T, B-LT and B-LTA profiles, signed with ML-DSA-65 (FIPS 204). It does not just produce signatures: it independently validates them too, including decade-old long-term archival signatures from other vendors, making it a verification engine as much as a signer.
PAdES (PDF), CAdES (CMS), XAdES (XML) and JAdES (JSON/JWS), one engine, four ETSI standards, no third-party signing library.
B-B, B-T, B-LT and B-LTA across each family, produced and verified, including long-term archival (LTA) timestamps.
ML-DSA-65 (FIPS 204) via RFC 9882 ML-DSA-in-CMS, alongside classical ECDSA / Ed25519 for mixed estates.
Validates third-party and decade-old archival signatures at audit time, byte-exactly reproducing the ETSI archive-time-stamp-v3 imprint and validating EU DSS CAdES-LTA timestamps. Re-validate counterparty signatures for eIDAS, cross-border contracts and multi-vendor archives.
Output is verified against independent oracles, qpdf, OpenSSL CMS, poppler pdfsig, EU DSS 6.4 and veraPDF, not just self-reported.
Every signature performs a round-trip verify and fails closed; long-term validation via DSS dictionary, OCSP/CRL embedding and RFC 3161 timestamps.
Choose a PDF or a sample. We sign it, verify the signature, then tamper a byte so you can watch verification fail. The signing runs entirely client-side in the demo; classical signatures here, the post-quantum path is the product.
Demo hosted at signetstack.github.io/signet-pades-demo. If the iframe is blocked, open it in a new tab.