JSignPdf 1.6.5 and WINDOWS-MY Keystore -> KeyAlias
717 views
Skip to first unread message
Holger Maune
Jun 13, 2021, 1:03:29 PM6/13/21
to JSignPdf
Hi, I want to use the keys stored in the WINDOWS-MY Keystore. This works pretty fine when only one key is stored. When moren than one key is installed the selection of a specific key does not work for me.
``java -jar JSignPdf.jar -kst WINDOWS-MY -lk`` only lists the first key in the keystore (yes, there are two keys installed, tested on different PCs)
When now trying to access a specific key, only the first one is used.
Any idea?
Holger
Josef Cacek
Jun 14, 2021, 3:11:31 PM6/14/21
to JSignPdf forum
Hi Holger,
Are you sure your certificates are valid in both cases?
Could you try to uncomment the following 2 lines in the
conf/conf.properties file?
certificate.checkValidity=false
certificate.checkKeyUsage=false
If this doesn't help, then there is a chance the following old piece
of code breaks somehow the behavior in newer Java versions:
https://github.com/kwart/jsignpdf/blob/JSignPdf_1_6_1/src/net/sf/jsignpdf/utils/KeyStoreUtils.java#L490-L539
If this is the case, then it would deserve a new configuration option
in the property file. The workaround could be disabled when needed.
Regards,
-- Josef
ne 13. 6. 2021 v 19:03 odesílatel Holger Maune
<ma...@imp.tu-darmstadt.de> napsal:
> --
> You received this message because you are subscribed to the Google Groups "JSignPdf" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to jsignpdf+u...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/jsignpdf/c8da2257-eb71-4cde-b0ed-47529b96e54dn%40googlegroups.com.
Are you sure your certificates are valid in both cases?
Could you try to uncomment the following 2 lines in the
conf/conf.properties file?
certificate.checkValidity=false
certificate.checkKeyUsage=false
If this doesn't help, then there is a chance the following old piece
of code breaks somehow the behavior in newer Java versions:
https://github.com/kwart/jsignpdf/blob/JSignPdf_1_6_1/src/net/sf/jsignpdf/utils/KeyStoreUtils.java#L490-L539
If this is the case, then it would deserve a new configuration option
in the property file. The workaround could be disabled when needed.
Regards,
-- Josef
ne 13. 6. 2021 v 19:03 odesílatel Holger Maune
<ma...@imp.tu-darmstadt.de> napsal:
> You received this message because you are subscribed to the Google Groups "JSignPdf" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to jsignpdf+u...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/jsignpdf/c8da2257-eb71-4cde-b0ed-47529b96e54dn%40googlegroups.com.
Holger Maune
Jun 14, 2021, 5:35:13 PM6/14/21
to JSignPdf
Dear Josef,
I think I figured out part of the problem. There was an issue with the keys which were missing the proper extensions (windows just shows <all> and ignores what is in the cert). Having fixed this, I can see all aliases property, but now I run into another problem.
I use a property files with "--load-properties-file" where some of the entries are set, e.g. position of the visible signature etc. When I include this option it uses the wrong cert, when I do not include it in the command, it works fine.
The properties' file reads
crl.enabled=false
hash.algorithm=SHA512
ocsp.enabled=false
ocsp.serverUrl=
proxy.type=DIRECT
proxy.host=
proxy.port=80
signature.append=false
signature.location=XXX
tsa.enabled=false
tsa.url=
tsa.user=
tsa.serverAuthn=NONE
tsa.cert.file.type=
tsa.hash.algorithm=
tsa.policy=
visibleSignature.enabled=false
visibleSignature.render=GRAPHIC_AND_DESCRIPTION
visibleSignature.acro6layers=true
visibleSignature.img=Sign.png
visibleSignature.page=999
visibleSignature.llx=150
visibleSignature.lly=10
visibleSignature.urx=425
visibleSignature.ury=50
visibleSignature.l2textFontSize=6
hash.algorithm=SHA512
ocsp.enabled=false
ocsp.serverUrl=
proxy.type=DIRECT
proxy.host=
proxy.port=80
signature.append=false
signature.location=XXX
tsa.enabled=false
tsa.url=
tsa.user=
tsa.serverAuthn=NONE
tsa.cert.file.type=
tsa.hash.algorithm=
tsa.policy=
visibleSignature.enabled=false
visibleSignature.render=GRAPHIC_AND_DESCRIPTION
visibleSignature.acro6layers=true
visibleSignature.img=Sign.png
visibleSignature.page=999
visibleSignature.llx=150
visibleSignature.lly=10
visibleSignature.urx=425
visibleSignature.ury=50
visibleSignature.l2textFontSize=6
so there are no settings regarding the keyalias. these come with the paramters such as
jsignpdfc --load-properties-file "Sign.ini" --contact "Admin, Test" --hash-algorithm SHA512 --key-alias Test1 --keystore-type WINDOWS-MY --out-suffix "_signed" File1.pdf
Any idea? Thanks
Best, Holger
Josef Cacek
Jun 16, 2021, 10:02:40 AM6/16/21
to JSignPdf forum
Hi Holger,
put the following line into your INI file:
view.advanced=true
I'll probably change the behavior to the next version so it won't be necessary.
-- Josef
po 14. 6. 2021 v 23:35 odesílatel Holger Maune
> To view this discussion on the web visit https://groups.google.com/d/msgid/jsignpdf/811c4cbb-fd36-4b75-9aef-fc16ac31cf0bn%40googlegroups.com.
put the following line into your INI file:
view.advanced=true
I'll probably change the behavior to the next version so it won't be necessary.
-- Josef
po 14. 6. 2021 v 23:35 odesílatel Holger Maune
Holger Maune
Jun 16, 2021, 3:19:02 PM6/16/21
to JSignPdf
Thanks for the hint. Now it works as expected...
Reply all
Reply to author
Forward
0 new messages