* Package name    : python-pyhanko
* URL             : https://github.com/MatthiasValvekens/pyHanko
* License         : Expat
   Programming Lang: Python
   Description     : Validates X.509 certificates and paths

The pyHanko library roughly consists of the following components.

* The pyhanko.pdf_utils package, which is essentially a (gutted and heavily modified) fork of
PyPDF2, with various additions to support the kind of low-level operations that pyHanko needs to
support its various signing and validation workflows.

* The pyhanko.sign package, which implements the general signature API supplied by pyHanko.

* The pyhanko.stamp module, which implements the signature appearance rendering & stamping
functionality.

* The pyhanko.keys module with utilities to handle key and certificate loading.

* Support subpackages to handle CLI and configuration: pyhanko.config and pyhanko.cli. These mostly
consist of very thin wrappers around library functionality, and shouldn’t really be considered
public API, except for the parts used in the plugin system.

The library is needed for xhtml2pdf to update to a newer version.

You can find a complete package at https://salsa.debian.org/python-team/packages/python-pyhanko
if you want to go ahead. xhtml2pdf was patched to get rid of the pyhanko dependency.

Hi Bastain,

I've exhausted probably every option in the Debian archive to sign PDF documents and found that PyHanko offers everything I've ever dreamed of. I've installed your draft package on Salsa as is and it really helped me. I'm sharing this to let you and others know how much this will be appreciated, and that it deserves to be uploaded in its own right.

PyHanko is not just a library but comes with an easy-to-use command-line tool so I could get up and running in an instant. (Note that sometimes the python- prefix is dropped from the source and binary package names in cases like this, as with WeasyPrint, if the command-line tool is a prominent interface.)

PyHanko supports adding unsigned signature fields to a document whereas MuPDF's mutool and Poppler's pdfsig only allow making the field and signing the document in a single atomic operation. If you're preparing a document for other people to sign easily, prepping a not-yet-signed signature field is important for ease of use and out of courtesy. PyHanko also supports timestamping, to which LibreOffice is the only competitor I know.

WeasyPrint, a tool and Python library for turning HTML documents into high-quality PDF documents, supports creation of PDF forms from HTML forms and other sophisticated features. However, they've decided that an interface for PDF signing is best left out of WeasyPrint. PyHanko fills this niche perfectly, and since it likewise has both a Python library and a command-line tool, they can work together in a straightforward pipeline.

I understand you're pretty busy working on all sorts of things, but I want to make clear that PyHanko holds a lot of promise for use outside of xhtml2pdf, and it even has a lot of polish and outstanding documentation. Thanks for your work on this. Putting your draft package in Salsa to make it easy for anyone to jump in is especially admirable.