The 'mutool sign' command reads an input PDF file and by default prints information about each signature field object. The command applies to the signature field objects given, or every signature field if none are specified. Given suitable option signature fields can be verified, cleared or signed using a given certificate and certificate password.

mutool sign [options] input [signature object numbers]

The command line options are:

Verify each signature field and check whether the document has changed since signing.
Revert each signed signature field back to its unsigned state.
-s certificate file
Sign each signature field with the certificate in the given file.
-P certificate password
The password used together with the certificate to sign a signature field.
-p password
Use the specified password if the input PDF file is encrypted.
Input PDF file name.
-o filename
The output PDF file name.

Signing digital signatures in MuPDF requires that you have a PFX certificate. You can create a self-signed certificate using OpenSSL by following these steps:

1) Generate a self-signed certificate and private key:

$ openssl req -x509 -days 365 -newkey rsa:2048 -keyout cert.pem -out cert.pem

2) Convert to PFX format:

$ openssl pkcs12 -export -in cert.pem -out cert.pfx