Sign PDFs using Swisscom's All-In Signing Service.

Module Contents

class file.sign.swisscom_ais.SwisscomAIS(customer: str, key_static: str, cert_file: str, cert_key: str)[source]

Bases: onegov.file.sign.generic.SigningService

Sign PDFs using Swisscom’s All-In Signing Service.

sign(infile: SupportsRead[bytes], outfile: SupportsWrite[bytes]) str[source]

Signs the input file and writes it to the given output file.


If the input-file exists on disk, its attribute points to an existing path.

Sublcasses may add extra parameters to this signing function, though it is expected that they all have a default value set.

So it is okay to do this:

def sign(self, infile, outfile, foo)

But it would be better to do thiss:

def sign(self, infile, outfile, foo='bar')

Return Value

The sign function must return a unique request id for each signed file. This function should be composed of the service name and a unique identifier. For example: ‘my_service/0b86854’. Using this identifier it should be possible to query the signing service backend for more information (in case we ever need to investigate).

It is up to the signing service to know what should be part of this unique identifer. The only thing that can’t be part of the identifer are secrets.