[ PAdES B-LTA · ETSI EN 319 142 ]

The most rigorous signatures.
The simplest flow.

Inkbak signs PDFs with the same cryptographic standard banks and governments use — and gets out of your way the moment you've dropped the document.

$ openssl pkcs7 -in signed.pdf -verify   → valid
  • AATL-trusted timestamps
  • RFC 3161 anchored
  • No documents stored
  • eIDAS-compatible
How it works

Three steps. No accounts to create.

01
Drop a PDF

Open inkbak in your browser. Drag any PDF onto the workspace. The unsigned bytes never leave your machine.

02
Place your signature

Drop your signature image or type your name. Position it anywhere on any page. Inkbak builds the cryptographic signature against the entire document.

03
Download it signed

Walk away with a PAdES B-LTA PDF. Verifiable in Acrobat. Provable in court. Inkbak keeps nothing.

Why this matters

Most e-signature tools sign your name. Inkbak signs your document.

Most e-signature tools
  • Click-to-sign workflow: your name in a font, applied to a generated overlay.
  • Your document lives on their servers, indexed by their workflow engine.
  • "Audit trail" is a database row they choose to show you.
  • If they go out of business, your signed documents lose their provenance.
Inkbak
  • PKCS#7 detached signature over the PDF bytes themselves.
  • Your document never sits on our servers. Signed bytes go to your Drive.
  • Audit trail is the cryptographic structure inside the PDF. Anyone can verify it.
  • If inkbak disappears tomorrow, your signed documents still validate. Forever.
The four PAdES tiers

Every signature inkbak makes is B-LTA. The top tier.

PAdES is the European standard for embedding cryptographic signatures in PDFs. It defines four tiers, each adding a layer of long-term verifiability on top of the previous one. Most signing tools stop at B-T. Inkbak goes all the way to B-LTA on every signature.

Sign a PDF. Keep it forever.

No account. No setup. Drop a PDF, place your signature, walk away with a cryptographically anchored file.