English 
French 
Dutch 
In long‑term digital trust, a recurring trap is preserving the cryptographic artefact… but not preserving the record that artefact was meant to protect.
That is why PAdES (= Digitally Signed PDF) preservation deserves special attention.
The misconception
You will hear things like:
“We store the PDF, and we store the signature separately.”
That approach can make sense for detached signature formats.
But if you are talking about PAdES(PDF Advanced Electronic Signatures), it is a risky mental model.
PAdES is designed to live inside the PDF
A PAdES signature is not “a signature over a PDF that lives somewhere else”.
In PAdES, the signature is part of the PDF structure:
- the signature value sits in the PDF signature dictionary (in /Contents)
- the bytes that are actually signed are defined by /ByteRange
The digest is computed over a byte range that should cover the entire file excluding only the signature value itself.
In plain terms:
“This signature binds to this PDF file, byte‑for‑byte (with one deliberate exclusion: the signature value stored in the file).”
This is not a minor implementation detail — it is the mechanism that makes a signed PDF a self‑contained evidence object.
Corroboration (baseline):
“When implementing PAdES to sign a PDF… the signature will be directly applied to the PDF — i.e., encoded into it.” – Penneo
And for those who know a thing or two about eIDAS, this is a firm ETSI requirement: The signature can not be separated from the PDF.
“You cannot separate the signature from the PDF” (what we mean)
Let’s be precise.
Yes, you can technically extract the CMS blob from its contents.
But the moment you treat that extracted value as a standalone “signature object”, you lose what matters:
- the embedded binding to the exact bytes of the signed PDF revision
- the standard validation model used by PDF viewers and audit tooling
In other words: you may still have a piece of cryptographic data, but you no longer have a PAdES signature on that PDF in the way the format was designed to be validated and evidenced.
In layman’s terms: Preserving the signature and PDF separately (if that would work) proves nothing.
What Docbyte Vault does differently
Docbyte Vault preserves the entire signed PDF (including the embedded PAdES signature) as one preserved object — with integrity continuity and auditability.
A practical market reality
PAdES is so relevant because PDF remains the dominant “final form” document in many regulated and enterprise workflows.
So the real problem is not whether you can store a signature somewhere.
It is whether you can preserve the signed PDF as a single evidence object, and keep it verifiable over time.
Another uncomfortable truth: very few solutions do this end‑to‑end
Plenty of platforms can create a signed PDF.
Far fewer can preserve the signed PDF + the embedded PAdES signature as one immutable preserved record, with integrity continuity, auditability, and long‑term verifiability (including when crypto and validation context inevitably evolves).
That is exactly the gap Docbyte Vault was built to close.
