Cryptographic signatures inside ERPNext. eIDAS-aligned Advanced Electronic Signatures (AES), PAdES format, tamper-evident, signed straight from the document.
An ‘e-signature’ that’s just a typed name is not a signature.
Most ‘digital’ signatures in business software are a picture of someone’s name pasted onto a PDF. The moment a counterparty disputes it, you have nothing. AES signatures embed the signer’s identity and a tamper proof into the file itself — provable, legally binding under eIDAS, and survive years in an archive.
What you get
Sign any document, prove who signed it, years later.
eIDAS-aligned AES signatures
Advanced Electronic Signatures with strong evidential value across the EU. Each signer has their own X.509 certificate issued by your own private CA.
Trusted timestamp on every sign
PAdES-B-T embeds a trusted-TSA timestamp at signing time. If the certificate is revoked later, you can still prove the signature pre-dated the revocation.
Sign any DocType
Plug the signing flow into any ERPNext document — agreements, prescriptions, work orders, certificates. The PDF gets signed; the source document gets a link.
Tamper-evident, by design
The signature embeds a hash of the file. Any edit after signing — even a single comma — invalidates the signature when verified.
2FA-protected signing
Every signing event requires a second factor (TOTP) before the private key is unlocked. Compromised passwords don’t let an attacker sign on your behalf.
Full audit log
Every signature is logged: who, what, when, from where, which signature level. Exportable as evidence for compliance reviews or disputes.
How a signature happens
Open the document. Confirm with 2FA. Done.
01
Open the document
Click ‘Sign’ on any signable ERPNext document. The PDF is generated from your print format.
02
Confirm identity
Enter your 2FA code. Your private key unlocks for this signing event only.
03
Signature applied
The signature, certificate, and trusted timestamp embed into the PDF (PAdES-B-T or B-LT).
04
Logged & sealed
An audit entry records the signing. The PDF is stored, the source DocType links to it.
Built for
Where signatures need to actually mean something.
Regulated industries
Veterinary prescriptions under EU Regulation 2019/6, healthcare consent forms, certificates of conformity — anywhere a regulator may ask for proof of who signed.
Long-lived contracts
Service agreements, employment contracts, NDAs. PAdES-B-LT keeps the proof valid for years offline, no need to ask any server.
Internal approvals at scale
Purchase orders, expense approvals, change requests. Replace ‘please reply with your approval’ with a real signed audit trail.
Under the hood
Your own CA. Your own keys. No third-party lock-in.
We run a private Certificate Authority for you and issue each signer their own X.509 certificate. Signing uses pyHanko to embed the signature in the PDF as PAdES-B-T or B-LT, with a trusted Time Stamp Authority for the timestamp. Keys stay on the signer’s device, protected by 2FA. The code is open source — you can audit every step, and you own the CA forever.
Ready for the next step?
30 minutes. No sales pitch.
A free discovery call with a senior architect. We ask a few questions, you get an honest estimate on scope, timeline and cost. That is it.