marco74

Sign PDF with self signed certs

This tutorial shows how to sign PDFs with a certificate. The best thing would be to sign it with certificates we can get from ID Austria. This would ensure that everybody could trust.

Unfortunately getting official certificates to sign PDFs officially is not that easy, rather you have to use a webinterface to upload the file there. Because that uses a user interface, automization is difficult to implement. Until that point that this might be easier, we can use self-signed certificates. This shows what is possible.

If you already have trusted certificates, you might also skip the part describing how to generate certificates and proceed to the python code. Probably you still need the part where the PEM-formatted certificate is converted to pkcs12

Certificates

In this example we use a root certificate and one for a service called signer. The root certificate is like the authority granting the signer to sign in the name of the authority.

marco74

Key generation

Certification Authority

Key:

openssl genrsa -aes256 -out ca.key 4096

Certificate:

openssl req \

marco74

# Install prerequisites
sudo apt-get -y update
sudo apt-get -y install ca-certificates curl gnupg lsb-release

# Setup Docker's repository
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo   "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get -y update