我正在签署带有自签名数字签名证书的PDF,我正在寻找一种方法来添加 keyUsage (link)我找到this article,并相应地更改了我的openssl.cnf .
req_extensions = v3_req [v3_req] basicConstraints = CA:TRUE keyUsage = nonRepudiation,digitalSignature,keyEncipherment,dataEncipherment
我正在使用下一个代码来自签一个数字签名:
openssl genrsa -des3 -passout pass:1234 -out aaa.private.pem -extensions v3_req openssl req -passout pass:1234 -subj“/ C = IL / ST = - / L = / O = / CN = AB” - utf8 -key aaa.private.pem -passin pass:1234 -new> aaa.cert.csr -extensions v3_req openssl rsa -in aaa.private.pem -passin pass:1234 -out aaa.key openssl x509 -req -days 3650 -in aaa.cert.csr -out aaa.cert -signkey aaa.key -CA myCA.ca.cert -CAkey myCA.ca.key -CAcreateserial -extensions v3_req openssl pkcs12 -passout pass:pkcs12511260945 -export -in aaa.cert -out aaa.cert.p12 -inkey aaa.key openssl pkcs12 -in aaa.cert.p12 -out aaa.cert.crt -password pass:1234 -nodes
而下一个命令的输出:
openssl req -text -noout -in aaa.cert.csr是:证书请求:数据:版本:0(0x0)主题:C = IL,ST = - ,O = 45,CN = AN主题公共密钥信息:公开密钥算法:rsaEncryption公钥:(2048位)模数:00:e8:0c:71:fb:b3:76:40:a4:1c:5b:45:5e:4d:b8:... 60:ff :c4:52:4e:88:fe:82:2d:76:60:d2:68:73:d9:指数:65537(0x10001)属性:请求的扩展名:X509v3基本约束:CA:TRUE X509v3密钥用法:数字签名,不可否认,密钥加密,数据加密签名算法:sha1WithRSAEncryption 79:a3:ae:48:9a:de:02:3b:31:06:c9:f8:57:b6:1c:10:e4:c2: ...... 15:4d:4f:31:72:b8:9f:7a:d1:94:9b:05:8b:b9:fa:f4:7f:33:
问题
当我使用 aaa.cert.p12 文件签署我的PDF时,签名很好但是acrobat读者说"keyUsage - not specified"
我不知道该怎么办......