Signing PDFs under Linux
Table of contents
Signing PDFs under Linux
The electronic signing of PDF files with the PKI key has been common at the TUD for a long time and facilitates numerous processes because they can be done purely electronically.
Configuration
Start Okular and go to Settings → Configure Backends.
Click on the PDF tab on the left side.
Set the path to your certificate database. By default the Mozilla Firefox settings directory is used and can be used if your certificate are located there.
Alternatively, you choose the ‘Custom’ checkbox and set the location of your Thunderbird directory, e.g. ~/.thunderbird/*.default (replace '*' with the actual letters/digits code found in that directory). To find the directory in your file browser, the option "show hidden files" must be enabled.
The name of the Firefox or Thunderbird directory may end in ‘.default-release’ instead of ‘.default’. If there are multiple directories, choose the one that was modified recently.
Click OK and Restart Okular. The configuration was successful, if the certificate is visible in configuration window.
Signing PDFs
Open a PDF file that needed to be signed with Okular. Now you can sign your document with the folowing two options:
Using the Signatures panel (Option 1):
In case your PDF file provides unsigned signature fields, please open the Signatures panel.
Afterwards the Panel Signatures should be visible on the left side. Select one of the signatures and Okular jumps to the provided signature location in the PDF file and highlights it. To set a signature, right-click on the desired signature and then left-click on Sign.
Drawing your own signature field (Option 2):
If thePDF file doesn’t provide unsigned signature fields, please go to Tools → Digitally Sign.
The mouse pointer changes to the shape of a cross and enables you to draw the visual hint (rectangle) for the digital signatureat at any place within your document by clicking and dragging the mouse. If the size of the signature field ist too small, Okular might react with a warning. You can repeat the procedure and enlarge the flied, or you can ignore this warning, because the signature filed is is just a visual hint.
Certificate selection
Whether you have chosen option 1 or 2, you need to select a certificate to sign the document with and left-click OK.
To finish the signature process, you need to set the location for the signed PDF and save it. Now you can see the signature in the signed document.
Verifying a signature
You can inspect a digital signature by using Okular, LibreOffice or Adobe Acrobat.
It is important to note that the signature field in the document is only a visual hint and by itself must never be used to verify the validity of a signature. Instead use an application’s signatures panel or similar. In the following we describe it for Okular.
Open the Signatures panel.
After expanding the signature it should show “The signature is cryptographically valid.” and name the person you expected to sign.
If you right-click on the signature more information (e.g. the full certificate) can be accessed.