数字签名验证,所选证书有错误,无法使用
Digital Signature verfication,The selected certificate has errors not valid for usage
尝试验证签名的 PDF 时出现无效签名错误?
证书需要由 CA 签名(非自签名),否则 Acrobat 将显示 "There are problems with this signature" 消息。您可以通过临时将证书添加到您的受信任存储区来为您的计算机在本地解决此问题(尽管其他计算机仍然会看到警告)(但是,请务必在测试后将其删除:https://security.stackexchange.com/questions/36913/adding-self-signed-certificate-to-trusted-store)。
简而言之
其关联私钥已用于签署您的 PDF 的证书有一个 密钥用法 条目表明它不是用于签署文档而是用于加密私钥或秘密密钥,即用于密钥传输。
请使用生成的私钥和证书进行文档签名
详细
您的证书有
1088 14: SEQUENCE {
1090 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
1095 1: BOOLEAN TRUE
1098 4: OCTET STRING, encapsulates {
1100 2: BIT STRING 5 unused bits
: '100'B (bit 2)
: }
: }
RFC 5280 定义:
KeyUsage ::= BIT STRING {
digitalSignature (0),
nonRepudiation (1), -- recent editions of X.509 have
-- renamed this bit to contentCommitment
keyEncipherment (2),
dataEncipherment (3),
keyAgreement (4),
keyCertSign (5),
cRLSign (6),
encipherOnly (7),
decipherOnly (8) }
...
The keyEncipherment bit is asserted when the subject public key is
used for enciphering private or secret keys, i.e., for key
transport. For example, this bit shall be set when an RSA public
key is to be used for encrypting a symmetric content-decryption
key or an asymmetric private key.
尝试验证签名的 PDF 时出现无效签名错误?
证书需要由 CA 签名(非自签名),否则 Acrobat 将显示 "There are problems with this signature" 消息。您可以通过临时将证书添加到您的受信任存储区来为您的计算机在本地解决此问题(尽管其他计算机仍然会看到警告)(但是,请务必在测试后将其删除:https://security.stackexchange.com/questions/36913/adding-self-signed-certificate-to-trusted-store)。
简而言之
其关联私钥已用于签署您的 PDF 的证书有一个 密钥用法 条目表明它不是用于签署文档而是用于加密私钥或秘密密钥,即用于密钥传输。
请使用生成的私钥和证书进行文档签名
详细
您的证书有
1088 14: SEQUENCE {
1090 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
1095 1: BOOLEAN TRUE
1098 4: OCTET STRING, encapsulates {
1100 2: BIT STRING 5 unused bits
: '100'B (bit 2)
: }
: }
RFC 5280 定义:
KeyUsage ::= BIT STRING {
digitalSignature (0),
nonRepudiation (1), -- recent editions of X.509 have
-- renamed this bit to contentCommitment
keyEncipherment (2),
dataEncipherment (3),
keyAgreement (4),
keyCertSign (5),
cRLSign (6),
encipherOnly (7),
decipherOnly (8) }
...
The keyEncipherment bit is asserted when the subject public key is
used for enciphering private or secret keys, i.e., for key
transport. For example, this bit shall be set when an RSA public
key is to be used for encrypting a symmetric content-decryption
key or an asymmetric private key.