Sign pdf with P12 certificate

[inane]

Hello,

Is it possible to sign PDF adding custom placeholder with this module?

I am not finding the way.

Thank you in advance!

[pandomic]

Hi @inane,

p12 is a PKCS12 encryption storage which includes both private and public keys. So in theory, even if it would be somehow possible, you should not use your p12 directly.

PDF spec defines just a few signing methods which could be used to sign documents: PKCS7 (CMS) and x509 certificates. I'm not quite sure how the second one works (see page 7 https://www.adobe.com/devnet-docs/etk_deprecated/tools/DigSig/Acrobat_DigitalSignatures_in_PDF.pdf).

So in your case, you might need to extract p7b from your pfx/p12. Here are some examples which could potentially work: https://knowledge.digicert.com/solution/SO26449.html

You can try converting your pfx to pem, and then pem to p7b. But usually certificate authority should give you a CMS signature which can be embedded into the document.

[inane]

Thank you @pandomic for your reply. Why is not a good idea use directly P12? from the certificate authority sent me this P12 file.

[pandomic]

@inane I think I may have misinformed you 🙂 P12 could be also a certificate chain. I'm not sure which provider are you using, but in our case the flow looks like the following:

• We issued a certificate and got p12 (pfx) with certificate chain
• We are requesting CA with this certificate every time to issue a new CMS signature for each document
• We are then embedding this signature into the document

So it could be that p12 you got from CA holds a certificate chain and you need to do something else in order to issue a signature with it

[pandomic]

I'm closing the issue due to inactivity. Feel free to reopen in case new issues arise.