I’m trying to be better about digitally signing .pdf documents that I author as a professional engineer. And without needing to pay Adobe to use Acrobat. Enter pyHanko, which does not have a user interface. With a little fussing it works well.
First, open Terminal.app and execute the following command to create a certificate and private key:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 3650
When prompted, I entered:
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Minnesota
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Barr Engineering Co.
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:Bradford Schwie
Email Address []:bschwie@barr.com
Next combine the above generated cert.pem and key.pem into certif.p12 with this command:
openssl pkcs12 -export -out certif.p12 -in cert.pem -inkey key.pem
Verify the certificate.p12 contains a certificate and key with this command:
openssl pkcs12 -info -in certif.p12
Finally, create a .pdf with command:
pyhanko sign addsig –field Sig1 pkcs12 input.pdf output_signed.pdf certif.p12
pyhanko sign addsig –field 1/70,400,390,350/Sig1 –style-name default pkcs12 input.pdf output_signed.pdf certif.p12