使用以下命令;
keytool -keystore org726.store -genkey -alias org726
我用于上述步骤的密码是“密码” . 它在ks.load()下面的代码中硬编码 .
我正在生成密钥库并使用java程序对pdf进行数字签名
public void signPdfFirstTime(String src, String dest)
{
try{
BouncyCastleProvider provider = new BouncyCastleProvider();
Security.addProvider(provider);
//KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
String path = properties.getProperty("PRIVATE");
String keystore_password = properties.getProperty("PASSWORD");
String PASSWORD = "password";
ks.load(new FileInputStream(KEYSTORE1), PASSWORD.toCharArray());
//ks.load(new FileInputStream(path), keystore_password.toCharArray());
String alias = (String)ks.aliases().nextElement();
PrivateKey pk = (PrivateKey) ks.getKey(alias, "password".toCharArray());
Certificate[] chain = ks.getCertificateChain(alias);
PdfReader reader = new PdfReader(src);
FileOutputStream os = new FileOutputStream(dest);
PdfStamper stamper = PdfStamper.createSignature(reader, os, '\0');
// appearance
PdfSignatureAppearance appearance = stamper .getSignatureAppearance();
appearance.setImage(Image.getInstance("D:\\logo.jpg"));
appearance.setReason("I've written this.");
appearance.setLocation("Chennai");
appearance.setVisibleSignature(new Rectangle(72, 732, 144, 780), 1, "first");
// digital signature
System.out.println(PageSize.A4.getHeight());
System.out.println(PageSize.A4.getWidth());
ExternalSignature es = new PrivateKeySignature(pk, DigestAlgorithms.SHA1, provider.getName());
ExternalDigest digest = new BouncyCastleDigest();
MakeSignature.signDetached(appearance, digest, es, chain, null, null, null, 0, CryptoStandard.CADES);
}catch(Exception e)
{
e.printStackTrace();
}
}
但是在得到的pdf中我得到了:Signer的身份是未知的,因为它没有被包含在您的可信证书列表中 . 它是一个.store文件 . 在Eclipse中调试其x509证书后进行检查 .
如何将其包含在可信证书列表中?
1 回答
Signer's identity is unknown because it has not been included in the list of your trusted certificates
消息来自adobe acrobat或读者 . 要解决此问题,您需要将证书的颁发者CA
包含在acrobat配置中 .您可以执行以下后续步骤:
验证来自acrobat的签名,然后当adobe说无效访问签名属性时 . 在新窗口中选择
signer
选项卡,然后单击显示证书按钮,然后您将看到证书验证路径 . 现在您必须选择颁发者CA
证书,然后在trust
选项卡中单击“添加到可信任身份...”按钮,然后您可以再次验证签名,此时间必须有效 .如果出于测试目的,您使用自签名证书进行签名,则将证书直接添加到可信任身份而不是
CA
.希望这可以帮助,