mutool sign#

The sign command reads an input PDF file and by default prints information about each signature field object. The command applies to the signature field objects given, or every signature field if none are specified. Given suitable option signature fields can be verified, cleared or signed using a given certificate and certificate password.

mutool sign [options] input.pdf [signature object numbers]


Command line parameters within square brackets [] are optional.


Options are as follows:

-p password

Use the specified password if the file is encrypted.


Verify each signature field and check whether the document has changed since signing.


Revert each signed signature field back to its unsigned state.

-s certificate file

Sign each signature field with the certificate in the given file.

-P certificate password

The password used together with the certificate to sign a signature field.

-o filename

Output PDF file name.


The input PDF document.

[signature object numbers]

Can be used to specify a particular set of signature field objects to apply the sign command to.

Signing certificates#

Signing digital signatures in MuPDF requires that you have a PFX certificate. You can create a self-signed certificate using OpenSSL by following these steps:

  1. Generate a self-signed certificate and private key:

$ openssl req -x509 -days 365 -newkey rsa:2048 -keyout cert.pem -out cert.pem

  1. Convert to PFX format:

$ openssl pkcs12 -export -in cert.pem -out cert.pfx

This software is provided AS-IS with no warranty, either express or implied. This software is distributed under license and may not be copied, modified or distributed except as expressly authorized under the terms of that license. Refer to licensing information at or contact Artifex Software, Inc., 39 Mesa Street, Suite 108A, San Francisco, CA 94129, USA, for further information.

Discord logo