Can SSL cert be used to digitally sign files?

Question

I want to ask a thing about digital signing I am not very sure. Instead of creating a self signed certificate to use to sign some (PDF) files, I wanted to take my SSL cert which have my data already verified.

But the question is: Can a SSL cert be used to digital sign files or is it incompatible in some manner?

EDIT: To clarify, this question is not about how to sign PDFs, is only about if a SSL cert can be used (or converted in any way) to sign files.

Answer 1

To support digital signing certificate must have digitalSignature option in it's keyUsage field (and codeSigning option in it's extendedKeyUsage field if your want to sign programs with it).

Signing may be done with existing tools or manually (java example, you are not asking for it, but this code snippet might be useful anyway):

byte[] bytesToSign = loadMyData();
KeyStore ks = KeyStore.getInstance("pkcs12", "SunJSSE");
ks.load(new FileInputStream("cert.p12"), "passwd1".toCharArray());
PrivateKey privateKey = (PrivateKey) ks.getKey("myalias", "passwd2".toCharArray());
Signature sig = Signature.getInstance("SHA1withRSA", ks.getProvider());
sig.initSign(privateKey);
sig.update(bytesToSign);
byte[] signature = sig.sign();

To make your own not self-signed certificate with openssl see this SO answer.

Also curious about signing PDF's - aren't separate hash sums of these files enough in your case?

edit: if you want any sign, not exactly X.509 sign by existing tools, you can extract RSA key from your cert and do signing without bothering about keyUsage field.

Answer 2

At the core, the certificate is just a normal RSA public key that's been signed by several authorities.

So yes, definitely possible.

Though I don't know of any easy-to-use widespread tools for the end-user for this.