hi norman, had a look at the digital signature stuff in CVS. most of the basic features are covered. one thing i noticed is getting a keystore from external context.getResourceAsStream. This is good enough for certificates lying in the keystore and keystore itself present under externalcontext path. The improvements around this could be to accept the private key as input. The private key can be obtained from browser keystore using an applet and passed to UISignature. So that the document would be signed by a real certificate lying on the browser. i am not sure about the feasibility of this.. just a thought for improvement i can think of one possible use case. A user input page for the user to enter some text which will be converted to pdf and will be signed by his certificate lying in the browser keystore. thanks. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4007861#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...