Is this PDF signer really free?

Yes. 100% free forever — no trial, no premium tier, no per-signature charge, no daily quota. Sign as many PDFs as you want. Ad-supported so it stays free for everyone. Unlike Adobe Acrobat (which gates cryptographic signatures behind a $15/mo subscription), Smallpdf (2 signatures / day free), and iLovePDF (free tier limited) — we give you everything on the free tier.

Do I need an account?

No. No signup, no login, no email, no captcha, no credit card. Open the page, drop your PDF, sign, download.

Is my PDF uploaded to a server?

No. The entire signing happens locally in your browser using the Web Crypto API for RSA keypair generation and PKCS#7 / CMS packaging. Your PDF never leaves your device — there is no server-side copy because we don't have a server for your files.

Is my signature or private key sent anywhere?

No. Your signature image, drawing, or typed name stays in browser memory. If you upload a .p12 / .pfx certificate, it's parsed locally — never transmitted. The generated private key for self-signed certs lives in Web Crypto's non-extractable storage and is discarded when you close the tab.

What's the difference between an electronic signature and a digital signature?

An electronic signature is any visible mark placed on a document — a drawn scribble, a typed name, a photo of a handwritten signature. It looks like a signature but has no cryptographic proof. A digital signature is a cryptographic operation: the document's content is hashed (SHA-256), the hash is encrypted with your private key (RSA-2048), and the result is embedded in a PKCS#7 / CMS structure inside the PDF. Anyone can verify two things from that: (a) the document hasn't been modified since signing, and (b) it was signed by the holder of the corresponding private key. Most legal jurisdictions (EU eIDAS, US ESIGN, most of Asia) recognise digital signatures as legally equivalent to wet-ink signatures; electronic-only signatures sit on weaker footing. Our tool does both — visible AND cryptographic — in a single signing pass, which is what Adobe Acrobat Pro also does, but for free.

Are PDF signatures legally binding?

In most jurisdictions, yes, with nuance. The EU's eIDAS regulation recognises three tiers: Simple Electronic Signature (SES — e.g. a typed name, accepted but weaker), Advanced Electronic Signature (AES — uniquely identifies the signer, our cryptographic output qualifies), and Qualified Electronic Signature (QES — requires a trust-service-provider-issued certificate, not produced by our tool). The US ESIGN Act (2000) and UETA treat most electronic signatures as legally equivalent to wet-ink. High-stakes contexts (notarised deeds, some courts) may require QES or physical signatures — consult a lawyer if the stakes warrant it. For everyday business use (contracts, NDAs, HR forms, vendor agreements), our cryptographic output is usually sufficient.

What is PKCS#7 / CMS?

PKCS#7 (Public Key Cryptography Standards #7), also known as CMS (Cryptographic Message Syntax), is the standard encoding for digitally signed data that every major PDF viewer understands. When you sign a PDF through our tool, we compute a SHA-256 hash of the document's byte range, encrypt the hash with your RSA-2048 private key, and package the result along with your certificate into a PKCS#7 structure. That blob is embedded inside the PDF's /Sig field. Adobe, Chrome, Edge, Foxit, and macOS Preview all read PKCS#7 signatures natively and show a verification badge — the exact same mechanism Adobe Acrobat Pro and DocuSign use.

Do the signed PDFs work in Adobe Acrobat?

Yes. Our PKCS#7 output is standards-compliant — we tested against Adobe Acrobat Reader DC, Adobe Acrobat Pro, Chrome's built-in PDF viewer, Edge, Firefox's PDF.js, macOS Preview, and Foxit Reader. All show a verification badge. For self-signed certificates (generated in-browser), Adobe shows yellow 'signer unknown' warning — this is the correct behaviour, because self-signed certs have no third-party trust anchor. To get a green badge, upload a .p12 from a trusted Certificate Authority (Digicert, Sectigo, GlobalSign, your organisation's internal PKI).

How do I sign a PDF with a .p12 / .pfx certificate?

In the Certify modal, click 'Use existing certificate'. Upload your .p12 or .pfx file, enter the password if it has one. The certificate is parsed locally — both the public and private key stay in browser memory and are used only for this signing pass. The signed PDF carries your real identity (issuer, subject, validity dates) which any verifier can check against the issuing CA's root store.

What if I just want a visible signature without the crypto?

Pick the 'Visible only' option in the Certify modal. You get a PDF with your drawn / typed / uploaded signature placed on the page — no cryptographic structure, no PKCS#7 embedding. This is equivalent to what iLovePDF and Smallpdf produce on their free tiers. It's legally weaker (just an electronic signature, not an advanced one) but fine for casual use where the other party doesn't need cryptographic proof.

What about timestamped signatures (RFC 3161 TSA)?

Timestamped signatures add a trusted-time-server stamp to prove WHEN a document was signed, independent of the signer's system clock. They require a network call to an external TSA (Time Stamping Authority) — which breaks our local-only promise. We don't ship timestamping today. If you need it for legal archival / long-term validation (LTV), our tool isn't the right fit; use Adobe Acrobat Pro or a commercial e-signing service. For 99% of personal and small-business signing, non-timestamped signatures plus the date field we embed are sufficient.

Sign PDF — Free, Private, Cryptographic

Visible signatures AND real cryptographic digital signatures (PKCS#7) — both free, both local, both legally recognized

Drop a PDF and we open it in the editor with the Certify modal pre-selected. Draw your signature with mouse / trackpad / finger, type your name, or upload a signature image. Add reason / location / date fields. Place the visible signature anywhere on the page. We cryptographically sign the output using an in-browser-generated RSA-2048 self-signed certificate (or your own .p12 if you have one). Your PDF, your signature, and your private key never leave your device. No signup, no watermark, no per-signature charge. The only free PDF signer that does real cryptography.

Drop your PDF here

PDF · No upload — signature & private key stay on your device.

How to Sign a PDF for Free

1. Drop your PDF

Drag the PDF onto the drop zone above, or click to browse. The editor opens automatically with the Certify modal pre-selected — no navigation through menus, no searching for the signing tool.

2. Draw, type, or upload your signature

The Certify modal offers three paths to a visible signature: draw with your mouse, trackpad, or finger on a touchscreen; type your name in a realistic signature font; or upload a PNG / JPG of your existing signature. All three produce the same visible result — pick whichever is most natural for you.

3. Add reason, location, and date

Per PDF 2.0 spec, cryptographic signatures carry optional reason (e.g. "I am the author"), location (e.g. "Berlin, Germany"), and date fields. Verifiers see these alongside the crypto status. We auto-fill the date; fill in the rest if the context calls for it.

4. Place the signature and sign

Click anywhere on the page to drop the visible signature rectangle. Drag to resize. Click Save. We generate a fresh RSA-2048 key + self-signed certificate in your browser, compute the SHA-256 hash of the document byte range, package the PKCS#7 signed-data blob, and embed it in the PDF. The signed file downloads immediately.

Why This is the Best Free PDF Signer

100% local — no server involvement

Your PDF, your drawn signature, your uploaded certificate, your private key — none of it touches a server. Compare: Adobe, Smallpdf, iLovePDF, DocuSign, and Sejda all upload everything. When the document is a signed contract, NDA, tax return, or medical release, that matters more than anywhere else on the web.

Real cryptography, free tier

Smallpdf and iLovePDF give you a visible signature on their free tiers — a scribble on the page with no cryptographic proof. That's an "electronic signature", legally weaker. We give you PKCS#7 / CMS digital signatures free, the same standard Adobe Acrobat Pro uses (gated behind a $15/mo subscription there).

Instant self-signed certificates

Most cryptographic signing flows demand a pre-issued certificate. We generate a fresh RSA-2048 keypair and self-signed X.509 certificate in your browser via the Web Crypto API — zero setup. Upload your existing .p12 / .pfx if you want third-party trust; otherwise the self-signed cert is enough for personal use and small-business workflows.

Visible + cryptographic on one pass

Most free tools force you to pick one. We stack them: your visible drawn signature lives on the page AND the PDF carries a cryptographic signature that proves who signed and that the document hasn't been altered. Both in a single save pass.

Automatic verification on load

Drop a signed PDF and we show a verification banner — valid / invalid / untrusted-issuer — alongside the signer certificate details. Competitors usually show only a signature image; you have to take it on faith.

Multi-signature chains

Sign, send to the counterparty, they sign and send back. PDF's byte-range model supports any number of sequential signatures; each new signature covers prior ones, producing a verifiable chain. Our editor handles re-signing without invalidating the previous signature.

Truly Free, Forever

No trial, no premium tier, no per-signature charge. Adobe Acrobat Pro is $15/mo; DocuSign Personal is $15/mo; Smallpdf Pro is $12/mo. All of them either upload your file or require a subscription for cryptographic signing. We're ad-supported and free forever.

No account, no email

Start signing immediately. No signup, no email capture, no credit card.

Works offline

Once the editor has loaded you can disconnect from the internet and keep signing. Great for sensitive contracts, NDAs, and personal financial documents.

Electronic Signatures vs. Digital Signatures — What Actually Holds Up

Electronic signature (SES — Simple)

Any visible mark on a digital document: a typed name, a drawn scribble, a scanned wet-ink signature, a checkbox "I agree". Legally recognised in most jurisdictions for everyday business (EU eIDAS SES tier, US ESIGN / UETA, UK Electronic Communications Act) but easier to contest if the signer later denies signing — there's no cryptographic proof of who produced the mark. Our "visible only" mode produces this.

Advanced electronic signature (AES)

EU eIDAS regulation tier 2. Must (a) uniquely identify the signer, (b) be under the signer's sole control, (c) detect post-signing tampering, (d) be created using data the signer can maintain under their sole control. Our cryptographic output (PKCS#7 over SHA-256 with RSA-2048 and a private key generated locally in non-extractable Web Crypto storage) meets all four criteria — you can claim AES status for a PDF signed here.

Qualified electronic signature (QES)

EU eIDAS regulation tier 3. AES plus a qualified certificate from a Trust Service Provider (TSP) on an EU trusted list, plus a qualified signature creation device (HSM or smartcard). QES is legally equivalent to a wet-ink signature across the entire EU. We don't produce QES because browser-only flows can't meet the hardware-based signature creation device requirement — you need a dedicated signing device or cloud HSM. If your use case specifically demands QES (notarised contracts, some regulated industries), you need Adobe Sign, DocuSign EU Qualified, or a local TSP.

US law (ESIGN / UETA)

US federal ESIGN Act (2000) and state UETA adoption treat most electronic signatures as legally equivalent to wet-ink — without the EU's tiered scheme. For a signature to be enforceable: (a) both parties must consent to sign electronically, (b) the signature must be intentional, (c) records must be retainable. All of these are operational; our output meets them. Some specific document types are carved out (wills, family-law matters, some court filings) — check your state.

PDF Edit vs Adobe, Smallpdf, iLovePDF, DocuSign, Sejda

Feature	PDF Edit	Adobe	Smallpdf	iLovePDF	DocuSign	Sejda
PDF uploaded to a server?	No — 100% local	Yes	Yes	Yes	Yes	Yes
Cryptographic signatures on free tier?	Yes — PKCS#7 / CMS	Paid (Paid ($15/mo)5/mo)	Paid (Paid ($12/mo)2/mo)	Paid	Paid (Paid ($15/mo)5/mo)	Paid
Visible signatures free?	Yes	Yes	2/day free	Free tier limited	Paid	Free tier limited
Self-signed cert in-browser?	Yes — auto	Requires import	No	No	No	No
Upload your own .p12 / .pfx?	Yes	Yes (paid)	No	No	Yes (paid)	No
Account required?	Never	Free tier limited	Email required	Free tier limited	Email required	Free tier limited
Watermark on output?	No	No	No	No	No	No
Works offline after load?	Yes	No	No	No	No	No
Verify incoming signatures?	Yes — auto banner	Yes	Partial	Partial	Yes	Partial
Annual cost for cryptographic signing?	$0	~$180/yr	~$144/yr	~$80/yr	~$180/yr	~$80/yr

If you need send-to-multiple-people workflow, where one PDF goes to five signers and you track who signed when, DocuSign or Adobe Sign is the right tool. For you signing your own documents — contracts you received, vendor agreements, NDAs, tax forms — we cover the exact same cryptographic capability for free, without uploading anything.

Who Signs PDFs Like This?

Freelancers signing contracts

Client sends an SOW or a retainer. You sign, crypto-stamp, send back. No upload to DocuSign, no "free trial" emails, no Adobe subscription — and the signature is legally stronger than a JPG scribble because it's backed by PKCS#7 crypto.

HR and employment forms

Offer letters, NDAs, onboarding packets, W-9s, tax withholding forms. Sensitive enough that uploading to a random free signing site isn't appropriate. Sign locally, send back by email.

Medical releases and HIPAA forms

Signed authorizations for medical records, insurance claims, or test release forms. HIPAA-covered content should not be uploaded to a stranger's server. Local-only signing matters.

Legal correspondence

Engagement letters, settlement agreements, declarations, sworn statements. Where privilege attaches, the document should not leave your device during signing. Our local flow preserves that.

Real estate and rental agreements

Rental contracts, lease amendments, property disclosures. Sign and return without registering for yet another signing platform. The counterparty gets a cryptographically-verified signed PDF they can open in any viewer.

Government and tax forms

IRS forms (W-9, 1099), government applications, immigration documents. Many agencies accept PKCS#7 signed PDFs. Local signing avoids uploading sensitive identity documents.

Authors and rights holders

Sign a digital work to prove authorship at a specific point in time. The PKCS#7 signature + timestamp in the signed PDF is a durable provenance record, anchored by your private key.

Corporate board resolutions

Board minutes, consent resolutions, stock-option grants. Multi-signer chain support lets directors sign sequentially without forwarding the PDF through a third-party cloud.

Long-term document archival

Sign an important PDF today with a date-stamped cryptographic signature. Store locally. Years later, anyone who has the file can still verify it was signed by the holder of your private key and hasn't been altered since. (For formal long-term-validation workflows with trusted timestamps, see the FAQ section on LTV.)

Sign PDF on iPhone, Android, Mac, Windows, and Chromebook

Our PDF signer works on every device with a modern browser — Windows, Mac, Linux, Chromebook, iPad, iPhone, and Android. On iPad Pro with Apple Pencil, drawing your signature feels exactly like DocuSign's mobile app, minus the subscription and minus the upload. No app install, no plugins, no admin rights. Once the page has loaded you can disconnect from the internet and continue signing — everything runs locally via the Web Crypto API.

How Does Browser-Based Cryptographic PDF Signing Work?

When you click Save, we generate a fresh RSA-2048 keypair in your browser using the Web Crypto API (crypto.subtle.generateKey) — the private key lives in non-extractable storage and cannot be exported. We build an X.509 self-signed certificate with your chosen signer name. The PDF is prepared with an empty /Sig placeholder inside an /AcroForm field. We compute a SHA-256 hash of the document's byte range excluding the placeholder. The hash is signed with your private key via crypto.subtle.sign (RSA-PKCS1-v1_5 with SHA-256). We build a PKCS#7 / CMS SignedData structure containing the signature, your certificate, the signing time, and any reason/location metadata. The PKCS#7 blob is DER-encoded and embedded into the PDF's /Sig field. The file downloads. Every modern PDF viewer (Adobe, Chrome, Edge, Foxit, Preview, Firefox) reads the PKCS#7 structure on open, recomputes the document hash, verifies the signature against the embedded certificate, and displays a verification badge. All crypto runs in your browser — no server, no upload, no telemetry.

Frequently Asked Questions

How do I sign a PDF for free?

Drop your PDF on the page above. The editor opens with the Certify modal pre-selected. Draw, type, or upload your signature. Click the page to place it. Click Save. Free, local, no watermark.

How do I add a signature to a PDF?

Same flow — drop, draw, place, save. "Sign" and "add signature" produce the same result in our tool.

Are these signatures legally binding?

In most jurisdictions, yes. Our cryptographic output meets EU eIDAS "Advanced Electronic Signature" criteria and satisfies US ESIGN / UETA requirements. For notarised documents or QES-specific workflows, you need a TSP-issued certificate that we can't generate in-browser — use Adobe Sign or a national TSP.

Is my PDF uploaded?

No. Signing happens entirely in your browser. Your PDF, signature, and private key never touch our servers.

What's the difference between electronic and digital signatures?

Electronic = any visible mark (scribble, typed name, image). Digital = cryptographic operation that proves identity + integrity. We do both, stacked on a single signature pass. Most free competitors only do electronic.

What is PKCS#7?

The standard encoding for signed data in PDFs. Every modern PDF viewer reads PKCS#7 / CMS natively. Our output is spec-compliant — same format Adobe Acrobat Pro uses.

Will the signed PDF work in Adobe?

Yes. Adobe Acrobat Reader / Pro, Chrome, Edge, Firefox, Foxit, macOS Preview — all verify our signatures. Self-signed certs show "signer unknown" warning (correct behaviour); upload a .p12 from a trusted CA for green-badge verification.

Can I upload my existing certificate?

Yes. In the Certify modal pick "Use existing certificate" and upload your .p12 or .pfx file (with password if any). The cert is parsed locally — never transmitted.

Can multiple people sign the same PDF?

Yes, sequentially. Sign and download. Recipient opens it here and signs again. Each signature covers the prior ones — a verifiable chain.

Can I sign a PDF on my phone?

Yes. Works on iPhone Safari, iPad (especially with Apple Pencil — feels like DocuSign Mobile), Android Chrome. Draw with your finger.

Can I sign a password-protected PDF?

If owner-locked, yes. If user-locked (password required to open), unlock via /unlock-pdf first. Both tools run locally.

Does it work offline?

Yes, once the editor has loaded. The signing engine runs in your browser.

What about timestamped signatures (RFC 3161)?

Not supported yet — timestamps require a network call to an external TSA which breaks our local-only promise. For long-term validation (LTV) workflows, use Adobe Acrobat Pro or a commercial signing service.

Will a verifier see my self-signed certificate as valid?

They'll see a "signer unknown" warning because self-signed certs aren't anchored in a trusted root CA's chain. The signature itself IS cryptographically valid — it's the identity claim that needs third-party trust. For personal use it's sufficient; for legal/commercial use, upload a .p12 from a trusted CA.

Can the recipient edit the signed PDF?

If they edit it, the cryptographic signature breaks — any verifier sees "signature invalid, document modified after signing". This is exactly the tamper-detection property that makes digital signatures legally meaningful.

Will my signature have a watermark?

No. Your signed PDF contains exactly your signature — no "Signed with FreeTool" stamps, no ads, no upsell. What you sign is what gets sent.

Is there a file-size limit?

No artificial limit. Device memory is the only ceiling.

Is this the best free PDF signer?

For privacy-first workflows and for getting cryptographic signatures on the free tier, we think so. For multi-party workflow orchestration (send to 5 signers, track status), DocuSign or Adobe Sign is the right tool — different category.

About this tool: PDF Edit is built by a small independent team who were tired of PDF tools that required accounts, uploaded files to servers we didn't control, and gated cryptographic signing behind subscriptions. Everything here runs in your browser — your PDF, your signature drawing, and your private key stay on your device. The signing engine uses the Web Crypto API for RSA key generation and hashing, and produces PKCS#7 / CMS signatures that validate in every modern PDF viewer. Free forever, ad-supported.