I’m trying to be better about digitally signing .pdf documents that I author as a professional engineer. And without needing to pay Adobe to use Acrobat. Enter pyHanko, which does not have a user interface. With a little fussing it works well.

First, open Terminal.app and execute the following command to create a certificate and private key:

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 3650

When prompted, I entered:

Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Minnesota
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Barr Engineering Co.
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:Bradford Schwie
Email Address []:bschwie@barr.com

Next combine the above generated cert.pem and key.pem into certif.p12 with this command:

openssl pkcs12 -export -out certif.p12 -in cert.pem -inkey key.pem

Verify the certificate.p12 contains a certificate and key with this command:

openssl pkcs12 -info -in certif.p12

Finally, create a .pdf with command:

pyhanko sign addsig –field Sig1 pkcs12 input.pdf output_signed.pdf certif.p12

pyhanko sign addsig –field 1/70,400,390,350/Sig1 –style-name default pkcs12 input.pdf output_signed.pdf certif.p12