将自签名密钥库包含到可信证书列表中
Including a self signed keystore to list of trusted certificates
使用以下命令;
keytool -keystore org726.store -genkey -alias org726
我在上述步骤中使用的密码是 "password"。它硬编码在 ks.load().
下面的代码中
我正在生成密钥库并使用 java 程序对 pdf 进行数字签名
public void signPdfFirstTime(String src, String dest)
{
try{
BouncyCastleProvider provider = new BouncyCastleProvider();
Security.addProvider(provider);
//KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
String path = properties.getProperty("PRIVATE");
String keystore_password = properties.getProperty("PASSWORD");
String PASSWORD = "password";
ks.load(new FileInputStream(KEYSTORE1), PASSWORD.toCharArray());
//ks.load(new FileInputStream(path), keystore_password.toCharArray());
String alias = (String)ks.aliases().nextElement();
PrivateKey pk = (PrivateKey) ks.getKey(alias, "password".toCharArray());
Certificate[] chain = ks.getCertificateChain(alias);
PdfReader reader = new PdfReader(src);
FileOutputStream os = new FileOutputStream(dest);
PdfStamper stamper = PdfStamper.createSignature(reader, os, '[=10=]');
// appearance
PdfSignatureAppearance appearance = stamper .getSignatureAppearance();
appearance.setImage(Image.getInstance("D:\logo.jpg"));
appearance.setReason("I've written this.");
appearance.setLocation("Chennai");
appearance.setVisibleSignature(new Rectangle(72, 732, 144, 780), 1, "first");
// digital signature
System.out.println(PageSize.A4.getHeight());
System.out.println(PageSize.A4.getWidth());
ExternalSignature es = new PrivateKeySignature(pk, DigestAlgorithms.SHA1, provider.getName());
ExternalDigest digest = new BouncyCastleDigest();
MakeSignature.signDetached(appearance, digest, es, chain, null, null, null, 0, CryptoStandard.CADES);
}catch(Exception e)
{
e.printStackTrace();
}
}
但在生成的 pdf 中我得到:
签名者的身份未知,因为它尚未包含在您信任的 certificates.Its .store 文件列表中。在 Eclipse 中调试后,其 x509 证书经过检查。
如何将其添加到可信证书列表中?
Signer's identity is unknown because it has not been included in the list of your trusted certificates 消息来自 adobe acrobat 或 reader。要解决此问题,您必须将证书的颁发者 CA 添加到 acrobat 配置中。
您可以执行以下后续步骤:
验证来自 acrobat 的签名,然后当 adobe 说对签名属性的访问无效时。在新的 window select signer 选项卡上单击 show certificate 按钮,然后您会看到证书验证路径。现在您必须 select 颁发者 CA 证书并在 trust 选项卡中单击 添加到受信任的身份... 按钮,然后您可以再次验证签名,这次必须是有效的。
如果您出于测试目的使用自签名证书进行签名,请直接将证书添加到受信任的身份,而不是 CA。
希望这对您有所帮助,
使用以下命令;
keytool -keystore org726.store -genkey -alias org726
我在上述步骤中使用的密码是 "password"。它硬编码在 ks.load().
下面的代码中我正在生成密钥库并使用 java 程序对 pdf 进行数字签名
public void signPdfFirstTime(String src, String dest)
{
try{
BouncyCastleProvider provider = new BouncyCastleProvider();
Security.addProvider(provider);
//KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
String path = properties.getProperty("PRIVATE");
String keystore_password = properties.getProperty("PASSWORD");
String PASSWORD = "password";
ks.load(new FileInputStream(KEYSTORE1), PASSWORD.toCharArray());
//ks.load(new FileInputStream(path), keystore_password.toCharArray());
String alias = (String)ks.aliases().nextElement();
PrivateKey pk = (PrivateKey) ks.getKey(alias, "password".toCharArray());
Certificate[] chain = ks.getCertificateChain(alias);
PdfReader reader = new PdfReader(src);
FileOutputStream os = new FileOutputStream(dest);
PdfStamper stamper = PdfStamper.createSignature(reader, os, '[=10=]');
// appearance
PdfSignatureAppearance appearance = stamper .getSignatureAppearance();
appearance.setImage(Image.getInstance("D:\logo.jpg"));
appearance.setReason("I've written this.");
appearance.setLocation("Chennai");
appearance.setVisibleSignature(new Rectangle(72, 732, 144, 780), 1, "first");
// digital signature
System.out.println(PageSize.A4.getHeight());
System.out.println(PageSize.A4.getWidth());
ExternalSignature es = new PrivateKeySignature(pk, DigestAlgorithms.SHA1, provider.getName());
ExternalDigest digest = new BouncyCastleDigest();
MakeSignature.signDetached(appearance, digest, es, chain, null, null, null, 0, CryptoStandard.CADES);
}catch(Exception e)
{
e.printStackTrace();
}
}
但在生成的 pdf 中我得到: 签名者的身份未知,因为它尚未包含在您信任的 certificates.Its .store 文件列表中。在 Eclipse 中调试后,其 x509 证书经过检查。
如何将其添加到可信证书列表中?
Signer's identity is unknown because it has not been included in the list of your trusted certificates 消息来自 adobe acrobat 或 reader。要解决此问题,您必须将证书的颁发者 CA 添加到 acrobat 配置中。
您可以执行以下后续步骤:
验证来自 acrobat 的签名,然后当 adobe 说对签名属性的访问无效时。在新的 window select signer 选项卡上单击 show certificate 按钮,然后您会看到证书验证路径。现在您必须 select 颁发者 CA 证书并在 trust 选项卡中单击 添加到受信任的身份... 按钮,然后您可以再次验证签名,这次必须是有效的。
如果您出于测试目的使用自签名证书进行签名,请直接将证书添加到受信任的身份,而不是 CA。
希望这对您有所帮助,