--- title: "Sign PDF with Own Encryption on iOS | Nutrient SDK" canonical_url: "https://www.nutrient.io/guides/ios/signatures/digital-signatures/custom-signers/" md_url: "https://www.nutrient.io/guides/ios/signatures/digital-signatures/custom-signers.md" last_updated: "2026-06-09T10:21:54.407Z" description: "Discover how to create and manage custom signers for your digital signatures, streamlining your document signing process effectively." --- # Sign PDFs and Add Custom Encryption on iOS There are various use cases in which Nutrient’s default signing implementation can’t be used. Some example use cases are when: - You’re required to use a specific crypto library. - You aren’t in direct possession of a signing key (for example, when using a hardware security module (HSM) or a signing service). - You have a specific multi-step signing flow that isn’t supported by Nutrient’s default implementation (for example, with multiple passwords). To customize the signing process, you have to add a custom implementation of the [`DataSigning`](https://www.nutrient.io/api/ios/documentation/pspdfkit/datasigning) protocol. An instance of this protocol’s implementation should be passed on while signing the document using the [`Document.sign(formElement:configuration:outputDataProvider:)`] API. ## Signing a document using your own encryption Sometimes it’s not feasible to have access to a private key and load it on an iOS device to sign a document. Or, you may want more control over the signing process than what’s provided by default — for example, to sign information using a web service. In such situations, the [`sign(unsignedData:hashAlgorithm:)`](https://www.nutrient.io/api/ios/documentation/pspdfkit/datasigning/sign(unsigneddata:hashalgorithm:)) method of [`DataSigning`](https://www.nutrient.io/api/ios/documentation/pspdfkit/datasigning) is useful. Another alternative is to use the contained digital signatures workflow explained later in this guide. First, create a class that implements the [`DataSigning`](https://www.nutrient.io/api/ios/documentation/pspdfkit/datasigning) protocol and its method, [`sign(unsignedData:hashAlgorithm:)`](https://www.nutrient.io/api/ios/documentation/pspdfkit/datasigning/sign(unsigneddata:hashalgorithm:)). This method will be called during the signing process with the unsigned data and the hashing algorithm to be used. You must return the signed data and its format ([`SignedDataFormat`](https://www.nutrient.io/api/ios/documentation/pspdfkit/signeddataformat)) after carrying out your signing using your own process, where [`SignedDataFormat`](https://www.nutrient.io/api/ios/documentation/pspdfkit/signeddataformat) defines the format of the signed data returned. Nutrient supports using the signed data that’s encapsulated in a PKCS#7 signature container when [`.pkcs7`](https://www.nutrient.io/api/ios/documentation/pspdfkit/signeddataformat/pkcs7) is used for the [`SignedDataFormat`](https://www.nutrient.io/api/ios/documentation/pspdfkit/signeddataformat). Signed data returned unwrapped in its original form should use the [`SignedDataFormat.genericSignedData`](https://www.nutrient.io/api/ios/documentation/pspdfkit/signeddataformat/genericsigneddata) option. Nutrient follows the security recommendations of the PDF standard and always hashes an entire PDF document, except for the space reserved for the signature itself. You can customize the hash algorithm used for signing the document by setting it on the [`SigningConfiguration`](https://www.nutrient.io/api/ios/documentation/pspdfkit/signingconfiguration) instance: ```swift // Custom implementation of `DataSigning` to carry out the signing. private class CustomDataSigner: DataSigning { func sign(unsignedData: Data, hashAlgorithm: PDFSignatureHashAlgorithm) async throws -> (signedData: Data, dataFormat: PSPDFKit.SignedDataFormat) { // Carry out your custom data signing. let signedData =... // Return the signed data specifying the data format. // Use `.pkcs7` if the data has been wrapped in a PKCS#7 signature container. // Otherwise, use `genericSignedData`. return (signedData,.genericSignedData) } } // Carrying out the signing using the above custom implementation. // Initialize the custom data signing implementation. let customSigner = CustomDataSigner() // Use the `SigningConfiguration` API to provide the custom signer and the certificates let configuration = SigningConfiguration(dataSigner: customSigner, certificates: publicCertificates, hashAlgorithm:.SHA512) // Sign the document with the signing configuration that states the use of the custom signing implementation. try await unsignedDocument.sign(formElement: signatureFormElement, configuration: configuration, outputDataProvider: FileDataProvider(fileURL: signedDocumentURL)) ``` --- ## Related pages - [Adding a Digital Signature to a PDF on iOS](/guides/ios/features/digital-signatures.md) - [Biometric Signatures on iOS](/guides/ios/signatures/digital-signatures/biometric.md) - [Signatures in iOS Viewer](/guides/ios/signatures/digital-signatures/built-in-ui.md) - [Contained Digital Signatures on iOS](/guides/ios/signatures/digital-signatures/contained-signatures.md) - [Customizing Digital Signatures on iOS](/guides/ios/signatures/digital-signatures/customization.md) - [Generate a Self-Signed Certificate for Signing on iOS](/guides/ios/signatures/digital-signatures/generate-certificate.md) - [Secure digital signatures for iOS PDF libraries](/guides/ios/signatures/digital-signatures/supported-methods.md) - [Digital Signature Standards: CAdES and PAdES](/guides/ios/signatures/digital-signatures/standards.md) - [Troubleshooting](/guides/ios/signatures/digital-signatures/troubleshooting.md) - [Validating a Digital Signature on iOS](/guides/ios/signatures/digital-signatures/validation.md)