Sign PDF documents electronically using JSignPDF
To be able to sign documents electronically, you need a personal user certificate.
You can apply for a personal user certificate via the RA portal. You must then import the issued certificate into the certificate store.
Please note that group certificates or the digital ID of group certificates, such as those issued for functional e-mail addresses, cannot be used for electronic signatures as they cannot be assigned to exactly one person.
Please follow this guide to configure an electronic signature using JSignPDF. As an alternative, you can also use Adobe Acrobat to sign documents electronically.
1. Exitract certificate and key from e-mail program if needed, no .p12 backup file exists (here $YOUR.P12, remember the given/needed password)
2. chmod 400 $YOUR.P12
3. Download JSignPDF sources via: SourceForge or git clone sources.
- /opt/jsignpdf
4. Copy and extract the archive in $HOME (to be safe feel free to check via VirusTotal)
5. Start the Java program:
- java -jar JSignPdf.jar
6. After Java GUI has been launched, the following settings have to be done:
- key chain type: PKCS12 (expanded view - yes)
- (public/private) keys file: $YOUR.P12
- password of the keys file (see section 01.)
- key alias: here "download the key"
- passowrd of keys file (see section 01.)
- choose PDF file: /path/to/file.pdf
- shall the PDF file be encrypted: Not encrypted
- where to store the signed PDF file: /path/to/file_signed.pdf
- attach signature: no
- reason of signing: e.g. signing is important
- location: Aachen (e.g)
- contact: surname
- TSA/OCSP/CRL:
- TSA URL: http://zeitstempel.dfn.de/
- TSA Authentication: "Without authentication"
- OCSP Aktivieren:
default OCSP Server URL ocsp.pca.dfn.de
- certification/security level: no change allowed (but more options available)
- Hash algorithm: SHA256
- make signature viewable: yes (other option is no, using the settings menu, the position - where the signature shall be placed - can be set)
7. If everything is ok, setup will forward you to "signing"
8. As soon as all files are signed, remove the $YOUR.P12 or move to a secure place.
9. The signature check can be done using
- Linux and libreoffice
- Windows or Linux and Acrobat Reader