将自签名密钥库包括在可信证书列表中

时间:2015-01-01 11:27:49

标签: java pdf itext bouncycastle

使用以下命令;

keytool -keystore org726.store -genkey -alias org726

我用于上述步骤的密码是"密码"。它在ks.load()下面的代码中硬编码。

我正在生成密钥库并使用java程序对pdf进行数字签名

public void signPdfFirstTime(String src, String dest)
{
    try{
    BouncyCastleProvider provider = new BouncyCastleProvider();
 Security.addProvider(provider);
 //KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
String path = properties.getProperty("PRIVATE");
String keystore_password = properties.getProperty("PASSWORD");
String PASSWORD = "password";
 ks.load(new FileInputStream(KEYSTORE1), PASSWORD.toCharArray());
 //ks.load(new FileInputStream(path), keystore_password.toCharArray());
 String alias = (String)ks.aliases().nextElement();
 PrivateKey pk = (PrivateKey) ks.getKey(alias, "password".toCharArray());
 Certificate[] chain = ks.getCertificateChain(alias);
 PdfReader reader = new PdfReader(src);
       FileOutputStream os = new FileOutputStream(dest);
       PdfStamper stamper = PdfStamper.createSignature(reader, os, '\0');
       // appearance
       PdfSignatureAppearance appearance = stamper .getSignatureAppearance();
      appearance.setImage(Image.getInstance("D:\\logo.jpg"));
       appearance.setReason("I've written this.");
       appearance.setLocation("Chennai");
       appearance.setVisibleSignature(new Rectangle(72, 732, 144, 780), 1,    "first");
       // digital signature
   System.out.println(PageSize.A4.getHeight());
   System.out.println(PageSize.A4.getWidth());
       ExternalSignature es = new PrivateKeySignature(pk, DigestAlgorithms.SHA1, provider.getName());
       ExternalDigest digest = new BouncyCastleDigest();
       MakeSignature.signDetached(appearance, digest, es, chain, null, null, null, 0, CryptoStandard.CADES);

    }catch(Exception e)
    {
        e.printStackTrace();
    }
}

但是在得到的pdf中我得到了: Signer的身份未知,因为它尚未包含在您的可信证书列表中。它是一个.store文件。在Eclipse中调试x5​​09证书后进行检查。

如何将其包含在可信证书列表中?

1 个答案:

答案 0 :(得分:0)

Signer's identity is unknown because it has not been included in the list of your trusted certificates消息来自adobe acrobat或来自读者。要解决此问题,您需要将证书的颁发者CA包含在acrobat配置中。

您可以执行以下后续步骤:

验证来自acrobat的签名,然后当adobe说无效访问签名属性时。在新窗口中选择signer选项卡,然后单击 show certificate 按钮,然后您将看到证书验证路径。现在您必须选择颁发者CA证书,然后在trust选项卡中单击添加到受信任的身份... 按钮,然后您可以再次验证签名,这次必须有效。

如果出于测试目的,您使用自签名证书进行签名,请将证书直接添加到可信身份而不是CA

希望这有帮助,

相关问题
最新问题