This is the first time I try to digitally signature a PDF file so apologize beforehand for the dummy question. Here is my setup:
OS:
$ lsb_release -a
LSB Version: core-2.0-amd64:core-2.0-noarch:core-3.0-amd64:core-3.0-noarch:core-3.1-amd64:core-3.1-noarch:core-3.2-amd64:core-3.2-noarch:core-4.0-amd64:core-4.0-noarch:core-4.1-amd64:core-4.1-noarch:security-4.0-amd64:security-4.0-noarch:security-4.1-amd64:security-4.1-noarch
Distributor ID: Ubuntu
Description: Ubuntu 14.04.4 LTS
Release: 14.04
Codename: trusty
Java:
$ java -version
java version "1.8.0_77"
Java(TM) SE Runtime Environment (build 1.8.0_77-b03)
Java HotSpot(TM) 64-Bit Server VM (build 25.77-b03, mixed mode)
JSignPdf:
$ java -jar JSignPdf.jar --version
DEBUG Relaxing SSL security.
DEBUG Registering SunPKCS11 provider from configuration in conf/pkcs11.cfg
DEBUG SunPKCS11 provider registered with name SunPKCS11-JSignPdf
JSignPdf version 1.6.1
DEBUG Removing security provider with name SunPKCS11-JSignPdf
SafeNet Authentication Client Tools:
Also, it seems that I can successfully connect to SafeNet 5100 and I can see my two certificates in it:
In other words, so far so good I guess. However, when I do:
$ java -jar JSignPdf.jar -V -kst PKCS11 -ka <alias> -ksp <password> test.pdf
I get:
DEBUG Relaxing SSL security.
DEBUG Registering SunPKCS11 provider from configuration in conf/pkcs11.cfg
DEBUG SunPKCS11 provider registered with name SunPKCS11-JSignPdf
INFO Checking input and output PDF paths.
java.security.KeyStoreException: PKCS11 not found
at java.security.KeyStore.getInstance(KeyStore.java:851)
at net.sf.jsignpdf.utils.KeyStoreUtils.loadKeyStore(KeyStoreUtils.java:348)
at net.sf.jsignpdf.utils.KeyStoreUtils.getPkInfo(KeyStoreUtils.java:413)
at net.sf.jsignpdf.SignerLogic.signFile(SignerLogic.java:135)
at net.sf.jsignpdf.Signer.signFiles(Signer.java:242)
at net.sf.jsignpdf.Signer.main(Signer.java:137)
Caused by: java.security.NoSuchAlgorithmException: PKCS11 KeyStore not available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
at java.security.Security.getImpl(Security.java:695)
at java.security.KeyStore.getInstance(KeyStore.java:848)
... 5 more
WARN Keystore was not loaded succesfully. Check if the keystore type, path and password are valid.
ERROR Problem occured
java.lang.NullPointerException: Keystore was not loaded succesfully. Check if the keystore type, path and password are valid.
at net.sf.jsignpdf.utils.KeyStoreUtils.getKeyAliasInternal(KeyStoreUtils.java:216)
at net.sf.jsignpdf.utils.KeyStoreUtils.getPkInfo(KeyStoreUtils.java:415)
at net.sf.jsignpdf.SignerLogic.signFile(SignerLogic.java:135)
at net.sf.jsignpdf.Signer.signFiles(Signer.java:242)
at net.sf.jsignpdf.Signer.main(Signer.java:137)
INFO Finished: Creating of signature failed.
DEBUG Removing security provider with name SunPKCS11-JSignPdf
and, when I do:
$ java -jar JSignPdf.jar -V -kst
PKCS12 -ka <alias> -ksp <password> test.pdf
DEBUG Relaxing SSL security.
DEBUG Registering SunPKCS11 provider from configuration in conf/pkcs11.cfg
DEBUG SunPKCS11 provider registered with name SunPKCS11-JSignPdf
INFO Checking input and output PDF paths.
INFO Getting key alias
INFO Used key alias: le-383af22f-e8dc-4b74-95c8-5ea777fd40b6
INFO Loading private key
INFO Getting certificate chain
INFO No private key was found. Check the keystore settings (keystore type, filepath, password, key alias).
INFO Finished: Creating of signature failed.
DEBUG Removing security provider with name SunPKCS11-JSignPdf
I suspect that, my problem has to do with any of the following things:
1) use PKCS12 instead of PKCS11 or vice versa
2) put the key in the keystore (but where should I find the key and how can I put it in the keystore)?
Any help is appreciated.