How to Add a Digital Signature to a PDF

A supplier sends you a master services agreement on a Friday afternoon. The cover note says “please digitally sign and return.” You open the PDF, realise you don't have Acrobat Pro, and now you're Googling “how to digitally sign a PDF” with the clock ticking. This guide is the short answer: what a digital signature actually is (the term is slipperier than people realise), what your supplier almost certainly means by it, and how to get one onto the document in a couple of minutes with Flint's Sign PDF tool.

First — the “digital signature” vs “electronic signature” thing

These two phrases get used interchangeably and they shouldn't be. The distinction matters when you're reading a contract or choosing a tool, so it's worth getting straight.

A digital signature, in the strict technical sense, is a cryptographic operation. The signer holds a private key — usually backed by an x.509 certificate issued by a trusted certificate authority — and uses it to produce a hash of the document that anyone can verify with the corresponding public key. If a single byte of the PDF changes after signing, the hash no longer matches and the signature is reported as invalid. This is the PKI model: identity proven by a CA, integrity enforced by maths. It's the standard inside regulated industries (pharmaceuticals, certain government filings, EU qualified signatures under eIDAS).

An electronic signature is the broader, intent-based concept. You apply a mark to a document indicating you agree to its contents, the system records who you are and when you did it, and the resulting record is admissible as evidence under laws like the US ESIGN Act, UETA, and the UK Electronic Communications Act. No certificate authority required. No private key on a smart card. The legal weight comes from the audit trail — who signed, when, from which IP, against which version of the document.

Here's the honest bit: Flint produces electronic signatures, not PKI digital signatures. When someone in a business context asks you to “digitally sign” a contract, an NDA, an offer letter, a quote, a statement of work, an invoice, or virtually any commercial document, an electronic signature with a strong audit trail is what they actually need and what the law actually accepts. DocuSign, HelloSign, Adobe Sign — the entire mainstream e-signature industry is built on the same model. Flint is too. We just charge less for it.

What Flint actually does (and what it gives you in court)

When you sign a PDF in Flint, three things happen behind the scenes:

The signature itself is rendered into the page at the position and size you placed it. Drawn, typed, or uploaded — all three produce the same kind of mark on the document.
An audit trail page is appended to the PDF containing a timestamp (UTC and signer-local time), the email address each signer used to access the document, the IP address the signature was applied from, the signer's user-agent string, and a SHA-256 hash of the document at the moment of signing.
The signed PDF is locked. Subsequent edits in Flint reset the audit trail; tampering with the file outside Flint changes its hash and breaks the recorded fingerprint. The mismatch is easy to demonstrate in a dispute.

That bundle — intent, identity, time, version — is what contracts and courts actually look for. It's the same ingredient list DocuSign assembles. Our version just lives in the browser, drops the per-envelope billing, and lets you do everything else PDF-related (compress, merge, redact, edit) in the same tab.

How to digitally sign a PDF in Flint

Three steps. If you have the PDF on hand, you can be done before you finish reading this paragraph.

Open the PDF in Sign PDF

Head to Sign PDF and drop your file onto the upload card. The document loads into the Flint editor in seconds. There's no install, no Java applet, no ActiveX prompt from the year 2008. If the PDF is password protected, you'll be asked for the password to unlock it for signing.

Create your signature once

You get three modes. Draw with a trackpad, mouse, or — best results — a touchscreen with a stylus. Type your name and choose from a handful of handwriting fonts. Upload a transparent PNG of your existing signature if you already have one scanned. Pick whichever feels least awkward; the legal weight is identical. Flint stores the signature against your account so the next document is a one-click drop.

Place it, then either download or send

Drag your signature to the right spot on the page. Resize the box if you need to. Add a date or initials field while you're there. If you're the only signer, hit Download and the signed PDF (audit trail page included) lands in your downloads folder. If others need to sign too, switch to Request signatures, drop a signature box per recipient, type their emails, and each gets a unique tokenised link that walks them through the same flow.

After signing: what most people forget

Getting your signature on the page is half the job. The other half is keeping the signed copy in a state where it's actually useful later. A few things worth doing:

Lock it with a password if you're sending a signed agreement over email. Password Protect PDF adds AES-256 encryption — the same standard banks use — and stops anyone without the password from opening the file.
Compress it for email. A signed multi-page PDF with embedded scans can easily push past Gmail's 25 MB limit. Running it through Compress PDF typically shaves a meaningful chunk off without touching readable content.
Merge counterparts into a single record. When you send the same agreement to two parties and get two signed copies back, drop them into Merge PDF with the original to keep one authoritative file in your archive.
Redact sensitive bits before circulating. If the signed document needs to go to a wider audience (board pack, due diligence room), strip account numbers or personal data with Redact PDF first. Unlike a black box on top, redaction permanently removes the underlying text.

How Flint compares to the other options

The PDF-signing market is crowded and there's no one-size-fits-all answer. A quick honest tour.

Adobe Acrobat Pro

The original. Supports both certificate-based digital signatures and electronic signatures, integrates with enterprise identity providers, and produces output that every regulator and compliance team recognises on sight. The catch is the price tag (north of $20 a month) and the installer — it's a desktop product, and on a managed work laptop you may not have rights to install it. If you're inside an industry where qualified signatures are mandatory, Acrobat is still the safe pick.

DocuSign / HelloSign / Adobe Sign

Dedicated e-signature platforms. Excellent for high-volume signing programs, sales teams, and HR onboarding flows. They produce the same kind of electronic signature Flint does, but with deeper templating, CRM integrations, and per-envelope pricing that adds up fast if you're signing dozens of documents a month. If you've been frustrated by the per-envelope cost, our DocuSign alternative guide spells out the trade-offs in detail.

Preview on macOS

Open the PDF in Preview, click Markup, click the signature icon, draw with your trackpad. Free, fast, surprisingly competent. The gap: no audit trail, no recipient flow, and it's Mac-exclusive. Fine for casual personal use. Not what you want on a contract that may end up in front of a judge.

Flint

Browser-based, no install. Free to sign for yourself in the editor, Pro to download or send signature requests. Produces electronic signatures with the same audit-trail rigour as the big platforms, at a flat monthly price rather than per envelope. Sits next to every other PDF tool you'll need afterwards. If you sign documents weekly but not hundreds-per-month, this is the sweet spot.

Tips for getting it right

Use a real email address for each signer. The audit trail records whatever email a signer used to access their link. Personal Gmail addresses are fine; throwaway aliases weaken the record if a dispute later asks who actually signed.
Don't edit the PDF after signing. Even a tiny annotation invalidates the recorded hash on the audit page. If you need to add information, do it before dropping the signature box.
Keep the original unsigned PDF. If a dispute ever requires you to re-prove the document's state at signing, having the pre-signature version in your Flint library makes that trivial.
For high-stakes documents, request signatures rather than self-sign. A counter-signed document where each party went through their own tokenised link carries more evidential weight than a single party applying both names.

Digital signatures on PDF: frequently asked questions

Is a Flint signature legally binding?

Yes, under the ESIGN Act, UETA, eIDAS (as an electronic signature rather than a qualified electronic signature), and the UK Electronic Communications Act. For the vast majority of commercial agreements this is the correct legal instrument. If your specific situation requires a qualified electronic signature — rare outside regulated industries — you need a QES provider, not Flint.

Can I sign a PDF without creating an account?

You can open a document and place a signature on it for free. Downloading the signed result, or sending signature requests to other people, requires a Flint Pro plan. If you're a recipient receiving a signature request from someone else, you sign without needing an account at all — your signing experience is fully covered by the sender's plan.

What does the audit trail page actually contain?

Document title, document SHA-256 hash, and for each signer: full name, email address, IP address, user-agent string, signing timestamp in UTC and the signer's local timezone, and the order in which signatures were applied. It's appended as the final page of the PDF and travels with the file wherever it goes.

Can the audit trail be removed?

Removing it changes the document hash and produces a file that no longer matches what we have on record. In any dispute, the absence of the audit page (or a mismatch against our server-side log) is itself evidence of tampering.

What file size limits apply?

Flint Pro accepts PDFs up to 250 MB. If you have a larger document — usually a scanned contract with massive image bloat — run it through Compress PDF first; you'll almost always get under the limit without visible quality loss.

Can I sign the same document from my phone?

Yes. Flint works in any modern browser, including mobile Safari and Chrome on Android. Drawn signatures on a touchscreen actually come out cleaner than mouse-drawn ones — if you've got a moment to grab your phone, it's worth doing.

What if I need a true PKI digital signature with a certificate?

Flint doesn't issue certificate-based signatures. If your workflow specifically requires an x.509 certificate (FDA Part 11 filings, eIDAS qualified signatures, certain government submissions), use Adobe Acrobat Pro with a certificate from a trust-service provider, or a specialist QES platform. For everything else, the electronic signature Flint produces is the right tool.

How is signing related to electronically signing?

They're the same operation in Flint. If you want a deeper walkthrough that focuses on the electronic-signature angle specifically — including the legal framework — see our companion guide on electronic signatures.

Ready to sign?

Drop your PDF into Flint's Sign PDF tool and you'll have a signed, audit-trailed document in under a minute. The rest of the Flint toolkit — compression, merging, redaction, password protection — is one tab away when the signed copy needs polishing for its recipient.