Daniel When not delving into obscure PDF or Java bugs, Daniel is exploring the new features in JavaFX.

Creating your own test certificates and keys for signing PDF files

1 min read

I’ve been writing a signing tool with Java and iText for our Pdf SimpleViewer.  Just in case you have to do a bit of experimenting with keys and certificates as well at some point I thought I’d share with you how to make some certificates and keys for experimenting with.

From a practical point of view you need one of two sort of files in order to sign something.  Either a keystore file or a pfx file. A keystore file is basically a file representing a associated array.  The keystore needs an equivalent of a username and password so you can open it.  Each element of the map points to a list of certificates (a certificate chain).  The keys for the elements are called aliases and are represented by a string and they also have a password as well.

A Keystore file can be created fairly easily with the keytool software that comes with a Java installation. Open up whatever Java folder you have (I’m using Windows, so its in Program Files/Java) and look in either a JRE or JDK folder and you should find a keytool.exe.  To generate a keystore open a console window and type in something like:

keytool -genkey -alias myAlias -keyalg RSA -keystore \path\keystoreName

This generates a keystore called keystoreName using myAlias to identify it and encrypt it with RSA.  You’ll then get a bunch of questions to fill in starting with the password for the keystore as a whole. The last thing it asks for is a password for the entry with the certificate chain, the mapping also has the same alias as the alias specified to identify the keystore as a whole, just to keep you on your toes!

You can also generate a certificate if you feel that way inclined:

keytool -export -alias myAlias -file \path\somecert.cer -keystore \path\keystoreName

It will then ask for the keystore password and create a certificate called somecert.cer.  If you like you can double click on the certificate in Windows and it will ask to install it to your trusted certificates.

If you have a finite life span you may want to generate a .pfx file instead. In Windows open a console window, cd to somewhere sensible and type:

cipher /r:whateveryoulike.

Enter a password and you have a certificate (whateveryoulike.cert) and a .pfx file (whateveryoulike.pfx).  Ta-da!

This post is part of our “Understanding the PDF File Format” series. In each article, we discuss a PDF feature, bug, gotcha or tip. If you wish to learn more about PDF, we have 13 years worth of PDF knowledge and tips, so click here to visit our series index!

Are you a Developer working with PDF files?

Our developers guide contains a large number of technical posts to help you understand the PDF file Format.

Find out more about our software for Developers

Daniel When not delving into obscure PDF or Java bugs, Daniel is exploring the new features in JavaFX.

2 Replies to “Creating your own test certificates and keys for signing…”

  1. Hi Daniel,

    Could you please share some knowledge about signature in pdf via some posts ? I am a developer current get struggling to sign a pdf by the way it supports. I suppose that I have a digital Id stored in a device like a smart card, what I got from the card is a signature and a certificate (the card has a program in it to sign a message using private-key stored inside it). how do I put in into the pdf ?


Leave a Reply

Your email address will not be published. Required fields are marked *

IDRsolutions Ltd 2022. All rights reserved.