Daniel When not delving into obscure PDF or Java bugs, Daniel is exploring the new features in JavaFX.

Creating your own test certificates and keys for signing PDF files

1 min read

I’ve been writing a signing tool with Java and iText for our Pdf SimpleViewer.  Just in case you have to do a bit of experimenting with keys and certificates as well at some point I thought I’d share with you how to make some certificates and keys for experimenting with.

From a practical point of view you need one of two sort of files in order to sign something.  Either a keystore file or a pfx file. A keystore file is basically a file representing a associated array.  The keystore needs an equivalent of a username and password so you can open it.  Each element of the map points to a list of certificates (a certificate chain).  The keys for the elements are called aliases and are represented by a string and they also have a password as well.

A Keystore file can be created fairly easily with the keytool software that comes with a Java installation. Open up whatever Java folder you have (I’m using Windows, so its in Program Files/Java) and look in either a JRE or JDK folder and you should find a keytool.exe.  To generate a keystore open a console window and type in something like:

keytool -genkey -alias myAlias -keyalg RSA -keystore \path\keystoreName

This generates a keystore called keystoreName using myAlias to identify it and encrypt it with RSA.  You’ll then get a bunch of questions to fill in starting with the password for the keystore as a whole. The last thing it asks for is a password for the entry with the certificate chain, the mapping also has the same alias as the alias specified to identify the keystore as a whole, just to keep you on your toes!

You can also generate a certificate if you feel that way inclined:

keytool -export -alias myAlias -file \path\somecert.cer -keystore \path\keystoreName

It will then ask for the keystore password and create a certificate called somecert.cer.  If you like you can double click on the certificate in Windows and it will ask to install it to your trusted certificates.

If you have a finite life span you may want to generate a .pfx file instead. In Windows open a console window, cd to somewhere sensible and type:

cipher /r:whateveryoulike.

Enter a password and you have a certificate (whateveryoulike.cert) and a .pfx file (whateveryoulike.pfx).  Ta-da!

This post is part of our “Understanding the PDF File Format” series. In each article, we discuss a PDF feature, bug, gotcha or tip. If you wish to learn more about PDF, we have 13 years worth of PDF knowledge and tips, so click here to visit our series index!

Did you know...

IDRsolutions offers a whole range of online file converters to convert PDF and Microsoft Excel, Word and Office Documents to HTML5, SVG or image formats?

It is free to use for single file conversions and also includes Developer links if you want to use our commercial software for bulk conversions. Find out more on this page

Daniel When not delving into obscure PDF or Java bugs, Daniel is exploring the new features in JavaFX.

Leave a Reply

Your email address will not be published. Required fields are marked *

IDRsolutions Ltd 2020. All rights reserved.