I’ve been writing a signing tool with Java and iText for our Pdf SimpleViewer. Just in case you have to do a bit of experimenting with keys and certificates as well at some point I thought I’d share with you how to make some certificates and keys for experimenting with.
From a practical point of view you need one of two sort of files in order to sign something. Either a keystore file or a pfx file. A keystore file is basically a file representing a associated array. The keystore needs an equivalent of a username and password so you can open it. Each element of the map points to a list of certificates (a certificate chain). The keys for the elements are called aliases and are represented by a string and they also have a password as well.
A Keystore file can be created fairly easily with the keytool software that comes with a Java installation. Open up whatever Java folder you have (I’m using Windows, so its in Program Files/Java) and look in either a JRE or JDK folder and you should find a keytool.exe. To generate a keystore open a console window and type in something like:
keytool -genkey -alias myAlias -keyalg RSA -keystore \path\keystoreName
This generates a keystore called keystoreName using myAlias to identify it and encrypt it with RSA. You’ll then get a bunch of questions to fill in starting with the password for the keystore as a whole. The last thing it asks for is a password for the entry with the certificate chain, the mapping also has the same alias as the alias specified to identify the keystore as a whole, just to keep you on your toes!
You can also generate a certificate if you feel that way inclined:
keytool -export -alias myAlias -file \path\somecert.cer -keystore \path\keystoreName
It will then ask for the keystore password and create a certificate called somecert.cer. If you like you can double click on the certificate in Windows and it will ask to install it to your trusted certificates.
If you have a finite life span you may want to generate a .pfx file instead. In Windows open a console window, cd to somewhere sensible and type:
Enter a password and you have a certificate (whateveryoulike.cert) and a .pfx file (whateveryoulike.pfx). Ta-da!
This post is part of our “Understanding the PDF File Format” series. In each article, we discuss a PDF feature, bug, gotcha or tip. If you wish to learn more about PDF, we have 13 years worth of PDF knowledge and tips, so click here to visit our series index!