MIT-licensed · no per-document fees · self-hosted

Own your signatures.

A batteries-included PDF e-signature SDK you embed in your own product. Render, cryptographically sign, timestamp, verify, and audit — entirely inside your infrastructure. Your certs, your database, your storage. No SaaS in the loop.

The whole pipeline, in your process

One call takes an HTML document to a signed, tamper-evident PDF and an append-only attribution record — no external service ever touches the document.

renderHtmlToPdf signPdf (PKCS#7) RFC-3161 timestamp verifyPdfSignature store + audit

🔏Real cryptography

PKCS#7 detached signatures under the ETSI.CAdES.detached subfilter, with the ESS signing-certificate-v2 binding. Verification recomputes the document digest and checks the RSA signature — a single altered byte fails.

⏱️Trusted timestamps

Optional RFC-3161 timestamps upgrade a signature to CAdES-T. The package performs no egress — the TSA only ever receives a SHA-256 hash, never your document.

🧩Bring your own stack

Pluggable CertStore / AuditLogStore / storage interfaces. A Supabase reference adapter ships in the box; implement the three interfaces against any database or object store.

🖊️Drop-in signing UI

React components — a draw-to-sign canvas, a consent-gated sign flow, and a signed receipt — with no framework coupling.

🏥Zero PHI egress

Everything runs inside your boundary. Nothing but a hash leaves your servers, so no signing-vendor BAA is needed and the whole thing sits inside your own SOC 2 scope.

📜ESIGN / UETA-oriented

Intent (consent), attribution (append-only audit log — actor, IP, UA, cert fingerprint), and integrity (cryptographic signature + optional timestamp).

Sign a document in a few lines

Compose your HTML, hand it to the orchestrator over your three stores, get back a stored URL, an audit id, and a cert fingerprint.

// one call: render → issue/rotate cert → sign (+timestamp) → store → audit
import { signDocument } from "@e-sig/core";

const result = await signDocument({
  html, signatureImage,
  tenantId, subjectName: tenantName,
  passphrase: process.env.ESIG_CERT_PASSPHRASE,
  signer: { name, email },
  certStore, auditStore, storage,   // your adapters
  pathPrefix: `${tenantId}/${documentId}`,
});
// → { signedPdfUrl, auditLogId, certFingerprint, timestamped }

const ok = verifyPdfSignature(signedPdf).ok;  // true — cryptographically

The per-signature meter, deleted

Every incumbent re-introduces a fee at exactly the moment you embed signing into your product. e-sig doesn't — it runs in your process, on your infrastructure, forever, for free.

ModelPer-document costRuns in your appOwn your certs & data
e-sig$0 — no meterYes (in-process SDK)Yes
DocuSign API~$1.88–7.20 / envelopeNo (SaaS)No
Dropbox Sign / Anvil~$1.50 / docNoNo
DocuSeal (self-hosted)$0.20 / doc — even on-premBeside your appIts own
Documenso$250/mo embed license →Beside your app (AGPL)Its own

Pricing figures are indicative public rates as of 2026 and vary by plan and volume; check each vendor for current terms.

Open source, self-hosted, yours

The full engine, adapters, and UI are MIT-licensed. Clone it, read every line of the signing path, run it inside your own walls.