API reference

All operations are static methods on Aniketc068.ATick.Atick. Every method takes raw byte[] for PDFs and certificates, and an options JSON string where applicable. On any failure a method throws AtickException — a sealed class extendingException. The error text is available from e.Message.

Using.cs

using Aniketc068.ATick;

Signing

SignPfx.cs

static byte[] SignPfx(byte[] pdf, byte[] pfx, string optionsJson)

Sign pdf with a .pfx/.p12/.pem credential (the format is auto-detected). For a PEM file pass the password as the empty string"" inside the options. Returns the signed PDF bytes.

pdf — the PDF to sign.
pfx — the credential bytes (.pfx, .p12, or .pem).
optionsJson — the options JSON (see the Options table below). Pass the credential password as the password key; use "" for PEM.
returns — the signed PDF as byte[].

SignExample.cs

using Aniketc068.ATick;

byte[] pdf = File.ReadAllBytes("in.pdf");
byte[] pfx = File.ReadAllBytes("signer.pfx");

string options = """
    {
      "password": "secret",
      "cn": "Axonate Tech",
      "reason": "Approval",
      "page": 1,
      "rect": [40, 40, 240, 140],
      "pades": true,
      "timestamp": true,
      "tsa_url": "http://timestamp.example/tsa"
    }
    """;

try
{
    byte[] signed = Atick.SignPfx(pdf, pfx, options);
    File.WriteAllBytes("signed.pdf", signed);
}
catch (AtickException e)
{
    Console.Error.WriteLine("signing failed: " + e.Message);
}

SignField.cs

static byte[] SignField(byte[] pdf, byte[] pfx, string optionsJson)

Sign an existing empty signature field. Use the field_name option to select the field. Returns the signed PDF bytes.

pdf — a PDF containing an empty signature field (see PrepareFields).
pfx — the credential bytes.
optionsJson — must include field_name; same credential and signing keys as SignPfx.
returns — the signed PDF as byte[].

Deferred / remote-key signing

These three methods cover the deferred (eSign / HSM / remote-key) flow: prepare the PDF, sign the returned bytes elsewhere, then embed the resulting CMS.

Prepare.cs

static (byte[] Prepared, byte[] BytesToSign) Prepare(byte[] pdf, string optionsJson)

Step 1 of deferred signing. Adds an empty signature field, the appearance, and the signature container, then returns the exact bytes that must be signed. Returns a value tuple of two elements:

Prepared — the prepared PDF (byte[]).
BytesToSign — the bytes to sign (byte[]); hash and sign these with the remote key.
pdf — the PDF to prepare.
optionsJson — appearance and signing options (see the Options table below).
returns — (byte[] Prepared, byte[] BytesToSign).

CmsPfx.cs

static byte[] CmsPfx(byte[] data, byte[] pfx, string optionsJson)

Produce a detached PKCS#7 / CMS signature over data using a PFX. Useful for producing the CMS that Embed expects when the signing credential is a local PFX.

data — the bytes to sign (typically BytesToSign from Prepare).
pfx — the credential bytes.
optionsJson — password, hash_algo, pades, timestamp, tsa_url, tsa_auth, ltv, revocation.
returns — the detached CMS as byte[].

Set "revocation":true to embed a RevocationInfoArchival attribute (the CRL/OCSP responses for the signer chain) inside the CMS, so the signature carries its own revocation evidence. Pair it with AddDocTimestamp — which adds the DSS for the timestamp chain — for a fully self-contained, long-term-verifiable result.

CmsRevocation.cs

// CMS that embeds its own revocation info
byte[] cms = Atick.CmsPfx(bytesToSign, pfx,
    "{\"password\":\"secret\",\"pades\":true,\"revocation\":true}");

byte[] signed = Atick.Embed(prepared, cms);

// add the DSS for the timestamp chain (PAdES-B-LTA)
byte[] lta = Atick.AddDocTimestamp(signed, "{\"tsa_url\":\"http://timestamp.example/tsa\"}");

Embed.cs

static byte[] Embed(byte[] prepared, byte[] cms)

Embed a detached CMS / PKCS#7 into a prepared PDF. Returns the signed PDF bytes.

prepared — the prepared PDF (Prepared from Prepare).
cms — the detached CMS (from CmsPfx, an eSign reply, or an HSM).
returns — the signed PDF as byte[].

DeferredExample.cs

using Aniketc068.ATick;

var (prepared, bytesToSign) = Atick.Prepare(pdf, options);

byte[] cms    = Atick.CmsPfx(bytesToSign, pfx, "{\"password\":\"secret\"}");
byte[] signed = Atick.Embed(prepared, cms);

Field templates

PrepareFields.cs

static byte[] PrepareFields(byte[] pdf, string optionsJson)

Create an empty signature field as a template: the appearance is drawn, but the signature is left empty so it can be signed later with SignField. Returns the PDF bytes.

pdf — the PDF to add the field to.
optionsJson — appearance options plus field_name, page, rect / placements.
returns — the PDF with an empty field as byte[].

Long-term validation & timestamps

AddDocTimestamp.cs

static byte[] AddDocTimestamp(byte[] pdf, string optionsJson)

Add an archive DocTimeStamp (and the DSS validation material) to an already-signed PDF, producing a PAdES-B-LTA document. Returns the timestamped PDF bytes.

pdf — an already-signed PDF.
optionsJson — tsa_url, tsa_auth, ltv, contents_size.
returns — the timestamped PDF as byte[].

Documents & utilities

SetMetadata.cs

static byte[] SetMetadata(byte[] pdf, string optionsJson)

Set the document information (/Info) metadata on a PDF. Returns the updated PDF bytes.

pdf — the PDF to update.
optionsJson — title, author, subject, keywords, application, created, modified (see the Metadata options table below).
returns — the updated PDF as byte[].

Decrypt.cs

static byte[] Decrypt(byte[] pdf, string password)

Decrypt a password-protected PDF. Returns the plaintext PDF bytes.

pdf — the encrypted PDF.
password — the open (user) password.
returns — the decrypted PDF as byte[].

SetFastSigning.cs

static void SetFastSigning(bool on)

Enable or disable the in-memory revocation cache (used to speed up repeated CRL/OCSP lookups). Passing false disables it.

on — true to enable the cache, false to disable it.

Version.cs

static string Version()

Return the version string.

returns — the version as a string.

VersionExample.cs

Console.WriteLine("ATick " + Atick.Version());

Options JSON

The optionsJson argument is a JSON object string. All keys are optional unless a method note says otherwise. Keys are grouped below by purpose.

Identity & appearance text

Key	Type	Meaning
`cn`	string	Common name shown in the appearance.
`org`	string	Organisation line.
`ou`	string	Organisational unit line.
`location`	string	Signing location, also written to the signature.
`reason`	string	Reason for signing, also written to the signature.
`text`	string	Free text shown in the appearance.
`date`	string	Date string shown in the appearance.
`dn`	string	Full distinguished name line.
`body`	string	Custom-text-only appearance body (`\n` = new line, `x` = bold).
`heading`	string	Heading line above the signature details.

Verified mark

Key	Type	Meaning
`show_mark`	bool	Draw the verified mark.
`green_tick`	bool	Use the verified mark.
`always_check`	bool	Always draw the verified/checked mark.
`mark_color`	string hex / name / `[r,g,b]`	Colour of the mark.
`mark_gradient`	array of colours	Gradient fill for the mark.
`mark_scale`	number	Scale factor for the mark size.
`mark_dx`	number	Nudge the mark horizontally (PDF points; positive = right).
`mark_dy`	number	Nudge the mark vertically (PDF points; positive = up).
`top_reserve`	number	Fraction of the box height (e.g. `0.32`) reserved at the top for the logo / mark.

Layout & styling

Key	Type	Meaning
`text_color`	string hex / name / `[r,g,b]`	Text colour.
`bg_color`	string hex / name / `[r,g,b]`	Background colour of the appearance.
`border`	bool	Draw a border around the appearance.
`border_color`	`[r, g, b]`	Border colour (requires `"border":true`).
`border_width`	number	Border line width in points, e.g. `1.0` (requires `"border":true`).
`text_dx`	number	Nudge the signer text horizontally (PDF points; positive = right).
`text_top`	number	Vertical start of the text block, as a fraction of box height from the top.
`font_size`	number	Font size of the appearance text.
`width`	number	Appearance width.
`height`	number	Appearance height.

Placement

Key	Type	Meaning
`page`	int	Page number for the signature (1-based).
`rect`	`[x1, y1, x2, y2]`	Rectangle of the appearance on `page`.
`placements`	`[[page, [x1, y1, x2, y2]], ...]`	Multiple appearance placements (one signature, several pages).
`mode`	`"single"` \| `"shared"`	Whether placements share one signature (`"single"`) or are separate.
`field_name`	string	Name of the signature field.

Cryptography & PAdES

Key	Type	Meaning
`pades`	bool	Produce a PAdES signature.
`hash_algo`	`"sha256"` \| `"sha384"` \| `"sha512"`	Digest algorithm.
`timestamp`	bool	Add an RFC-3161 signature timestamp.
`tsa_url`	string	Timestamp authority URL.
`tsa_auth`	`["user", "pass"]`	Basic-auth credentials for the TSA.
`ltv`	bool	Add long-term validation material (DSS).
`lta`	bool	Add an archive DocTimeStamp (PAdES-B-LTA).
`contents_size`	int	Size of the signature `/Contents` placeholder (default `16384`).

Certification & locking

Key	Type	Meaning
`certify`	int	Certification level: `1` = no changes, `2` = form filling, `3` = form filling + annotations.
`lock_fields`	`["*"]` or names	Fields to lock after signing (`["*"]` = all).

Verification

Key	Type	Meaning
`verify`	bool	Verify the certificate before signing.
`verify_expiry`	bool	Check certificate validity dates.
`verify_crl`	bool	Check the CRL.
`verify_ocsp`	bool	Check OCSP.
`trusted_roots`	array of strings	Extra pinned root SHA-1 hex strings; the chain (built from AIA) must reach one of them.

VerifyOptions.cs

Atick.SignPfx(pdf, pfx,
    "{\"password\":\"secret\"," +
    "\"verify_expiry\":true," +
    "\"verify_crl\":true," +
    "\"verify_ocsp\":true," +
    "\"trusted_roots\":[\"<root SHA-1>\"]}");

Document security

Key	Type	Meaning
`open_password`	string	User/open password for the output PDF.
`encrypt_password`	string	Password used to encrypt the output PDF.
`owner_password`	string	Owner/permissions password for the output PDF.

Metadata options

These keys apply to SetMetadata.

Key	Type	Meaning
`title`	string	Document title.
`author`	string	Document author.
`subject`	string	Document subject.
`keywords`	string	Document keywords.
`application`	string	Creating/producing application.
`created`	string	Creation date.
`modified`	string	Modification date.

Exceptions

AtickException.cs

public sealed class AtickException : Exception

Thrown by every Atick operation on failure — bad password, malformed PDF, network error, invalid options, and so on. The error text is available from Message.

Catch.cs

try
{
    byte[] signed = Atick.SignPfx(pdf, pfx, options);
}
catch (AtickException e)
{
    Console.Error.WriteLine("ATick error: " + e.Message);
}