Validate PDF Digital Signatures Online
Verify document authenticity, inspect certificates, and check digital signatures in seconds, for Aadhaar, GST, eSign, government and corporate signed PDFs.
100% private, your document is validated in your browser and never uploaded to any server.
Independent technical tool built on open standards (PDF, X.509, PKCS#7 / CMS, OCSP, CRL). Not affiliated with Adobe, UIDAI, or any government agency or certifying authority. Results are technical findings, not legal advice or an official verification.
Everything you need to verify a signed PDF
100% private
Files are validated in your browser with WebCrypto. Nothing is uploaded, stored, or logged.
Signature integrity
Detects whether each signature is cryptographically valid and whether the document was changed.
Certificate details
Common name, organization, issuer, serial, validity dates, and signature & hash algorithms.
Trust chain
Builds and evaluates the certificate chain and surfaces CRL / OCSP revocation endpoints.
Aadhaar / UIDAI aware
Recognises UIDAI-signed Aadhaar PDFs and labels the signing authority.
Multiple signatures
Handles PDFs with several signatures and reports each one separately.
How PDF signature validation works
Upload your PDF
Drag and drop a signed PDF. It is read locally, it never touches a server.
We verify the cryptography
We extract every signature, recompute the document hash, and verify each one against its certificate.
Read the report
See overall status, signer & certificate details, trust chain, timestamp and any warnings.
What is a PDF digital signature validator?
A PDF digital signature validator is a tool that checks whether the digital signatures embedded in a PDF document are genuine and whether the document has been altered since it was signed. When an organisation signs a PDF, a bank, a government department, the GST portal, or India's UIDAI for Aadhaar, it attaches a cryptographic signature built from a Digital Signature Certificate (DSC). That signature mathematically binds the contents of the file to the identity of the signer. If even a single byte of the signed content changes afterwards, the signature no longer matches and the document is flagged as modified.
PDFSignatureValidator lets you verify a signed PDF online without installing any desktop software, and without handing your document to a third-party server. Everything happens locally in your browser, which is why it is safe to check sensitive files such as Aadhaar cards, PAN documents, salary slips, GST certificates and legal contracts. The tool is an independent technical utility built on open standards and is not affiliated with Adobe, UIDAI, any government agency, or any certifying authority.
How does the validation actually work?
Every signed PDF stores a signature dictionary containing a ByteRange (the
exact bytes covered by the signature) and a Contents field holding a
PKCS#7 / CMS signature blob. Our engine reads those bytes directly, recomputes the hash of
the signed range, and compares it with the message digest recorded inside the
signature. It then verifies the signature itself against the signer's public key using the
browser's built-in WebCrypto engine. Finally it parses the signer's X.509 certificate to
extract the common name, organization, issuer, serial number, validity period and the
signature and hash algorithms used.
Because PDFs can contain more than one signature, for example a form signed first by an applicant and then by an approving officer, the validator reports each signature independently and tells you whether the most recent one still covers the entire document.
Valid, invalid, or "unknown": what the results mean
A valid result means the signature is cryptographically intact and the document has not changed since signing. An invalid result means either the signature failed verification or the document was altered after it was signed. A warning usually means the signature math checks out but the certificate's trust chain could not be fully verified, the certificate has expired, or content was added after signing. This is the same "validity unknown" state that some PDF readers show as a yellow question mark. It does not necessarily mean the document is fake; it often means the signer's root authority is simply not in the local trust store. These results are technical findings, not a legal opinion or an official verification of the document.
Why Aadhaar and Indian government PDFs need special handling
Aadhaar e-PDFs are signed through licensed Indian certifying authorities operating under the Controller of Certifying Authorities (CCA), India. Many people see a question mark on these files and assume the document is invalid, when in many cases the signature itself is cryptographically intact and the PDF reader simply does not recognise the Indian root certificate by default. PDFSignatureValidator detects these signatures, labels the signing authority shown in the certificate, and explains the trust status in plain language as a technical finding. The same approach applies to GST registration certificates and other government-issued signed PDFs. This tool is independent and is not affiliated with or endorsed by UIDAI, the GST Network, any government agency, or any certifying authority; names of such organisations are referenced only to help you understand your own documents.
Your privacy is protected by design
Most online PDF tools upload your file to a server to process it. We don't. There is no upload endpoint at all. The validation code runs inside your browser tab, the file is read into memory, processed temporarily, and discarded when you close the page. Files are never stored permanently and are deleted from memory as soon as validation finishes. We never store, transmit, or log document contents. This isn't a promise we ask you to trust; it's how the application is architected, and you can confirm it in your browser's network inspector.
Frequently asked questions
How do I validate a PDF signature online? +
Upload your signed PDF using the box above. PDFSignatureValidator reads the file directly in your browser, extracts every digital signature, recomputes the document hash, verifies each signature against its certificate, and shows a detailed report, without ever sending the file to a server.
Is it safe to upload sensitive documents like Aadhaar? +
Yes. Validation happens entirely inside your browser using WebCrypto. Your PDF is never uploaded, stored, or logged anywhere. Because the file never leaves your device, even confidential documents such as Aadhaar, PAN, GST certificates or contracts stay completely private.
Why does my Aadhaar PDF show a question mark or 'validity unknown'? +
A reader shows a question mark or 'validity unknown' when it cannot match the signer's certificate to its own trust list. This usually does not mean the signature is fake. Aadhaar e-PDFs are signed through licensed Indian certifying authorities whose root certificate may not be pre-installed in your reader. This tool detects such signatures and explains the trust status as a technical finding.
What is the password for an Aadhaar PDF? +
An e-Aadhaar downloaded from the official source is typically password-protected, with the password being the first four letters of the holder's name in capitals followed by the year of birth (for example, RAVI1990). If your file is still encrypted, open it in a PDF reader and save an unlocked copy before validating, because signature verification needs to read the underlying document bytes.
Who signs Aadhaar e-PDFs? +
Aadhaar e-PDFs are digitally signed using a Digital Signature Certificate issued by an Indian certifying authority operating under the Controller of Certifying Authorities (CCA), India. This tool is an independent technical utility and is not affiliated with, endorsed by, or connected to UIDAI, any government agency, or any certifying authority.
What does 'document modified after signing' mean? +
A digital signature covers a specific snapshot of the document. If bytes were added or changed after the signature was applied and they are not part of a later legitimate signature, the document no longer matches what was signed, so it is reported as modified.
Which types of signed PDFs are supported? +
Any PDF that uses standard PKCS#7 / CMS digital signatures: Aadhaar e-PDFs, GST registration certificates, government-issued documents, eSign / Aadhaar eSign documents, and corporate or contract PDFs signed with a Digital Signature Certificate (DSC).
Are these results a legal or official verification? +
No. This tool performs a technical, cryptographic check of the digital signatures inside a PDF based on open standards (PDF, X.509, PKCS#7 / CMS, OCSP, CRL). The results are technical findings, not legal advice or an official certification of a document's authenticity. For legally significant decisions, verify with the issuing authority and consult a qualified professional.
Is PDFSignatureValidator free? +
Yes, it is completely free to validate as many PDF signatures as you like. There is no sign-up and no file-size paywall (the only limit is 20 MB per file for in-browser performance).