Signing problem with crypto USB token in Linux
1,713 views
Skip to first unread message
Rajendra Prasad
Jan 5, 2014, 11:13:45 AM1/5/14
to jsig...@googlegroups.com
Dear Sir,
I am not able to digitally sign any pdf file with latest jsignpdf and any crypto USB token in Ubuntu Linux. It is working with jsignpdf ver 1.4.3 . I have configured the cofig file and set the .so library file correctly. Kindly help. The keystore combo get updated with pkcs11 entry when I put the token.
I am not able to digitally sign any pdf file with latest jsignpdf and any crypto USB token in Ubuntu Linux. It is working with jsignpdf ver 1.4.3 . I have configured the cofig file and set the .so library file correctly. Kindly help. The keystore combo get updated with pkcs11 entry when I put the token.
Josef Cacek
Jan 5, 2014, 3:30:58 PM1/5/14
to JSignPdf forum
Do you see any error messages? If the 1.4.3 works for you, I suggest
to use that version.
Best regards,
-- jc
> --
> You received this message because you are subscribed to the Google Groups
> "JSignPdf" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jsignpdf+u...@googlegroups.com.
> To post to this group, send email to jsig...@googlegroups.com.
> Visit this group at http://groups.google.com/group/jsignpdf.
> For more options, visit https://groups.google.com/groups/opt_out.
to use that version.
Best regards,
-- jc
> You received this message because you are subscribed to the Google Groups
> "JSignPdf" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jsignpdf+u...@googlegroups.com.
> To post to this group, send email to jsig...@googlegroups.com.
> Visit this group at http://groups.google.com/group/jsignpdf.
> For more options, visit https://groups.google.com/groups/opt_out.
Message has been deleted
Message has been deleted
Message has been deleted
Rajendra Prasad
Jan 8, 2014, 4:38:59 AM1/8/14
to jsig...@googlegroups.com
Dear Sir,
I have recompile the source code by reverting change from 1.4.4 to 1.4.3 in 1.5.1 project. Now it works for me. I have also added a Exit button on the signer form.
Regards
On Sunday, January 5, 2014 9:43:45 PM UTC+5:30, Rajendra Prasad wrote:
Josef Cacek
Jan 9, 2014, 3:22:28 AM1/9/14
to JSignPdf forum
It's interesting. The only thing which was changed there is removing
the newly added SunPKCS11 provider at the program end. So at least the
first run after the system reboot should behave as before.
But maybe I made some mistake in the code.
Does the 1.5.1 print some error(s) when used with the crypto-token?
Thanks,
-- jc
the newly added SunPKCS11 provider at the program end. So at least the
first run after the system reboot should behave as before.
But maybe I made some mistake in the code.
Does the 1.5.1 print some error(s) when used with the crypto-token?
Thanks,
-- jc
Rajendra Prasad
Jan 9, 2014, 11:10:37 AM1/9/14
to jsig...@googlegroups.com
Dear Sir,
Have a look on the attached files. Error log and jsignpdf application screen shot for 1.5.1 attached. I have also attached the modified (ecourt) jsignpdf application screen shot, log file as well as a digitally signed pdf file. Would you like to see the modified source file. I'll made it available.
Have a look on the attached files. Error log and jsignpdf application screen shot for 1.5.1 attached. I have also attached the modified (ecourt) jsignpdf application screen shot, log file as well as a digitally signed pdf file. Would you like to see the modified source file. I'll made it available.
Regards
On Sunday, January 5, 2014 9:43:45 PM UTC+5:30, Rajendra Prasad wrote:
Josef Cacek
Jun 11, 2014, 5:18:12 PM6/11/14
to JSignPdf forum
Hopefully fixed in 1.5.3.
Rajendra, could you confirm it fixes the problem?
Thanks in advance,
-- Josef
--
Rajendra Prasad
Jun 12, 2014, 8:31:19 AM6/12/14
to jsig...@googlegroups.com
Greate Sir,
It is working fine on Ubuntu 14.04 with Aladdin eToken and hope it will work in every linux.
regards
Rajendra
It is working fine on Ubuntu 14.04 with Aladdin eToken and hope it will work in every linux.
regards
Rajendra
Josef Cacek
Jun 12, 2014, 8:40:21 AM6/12/14
to JSignPdf forum
Thank you for checking it. Great.
-- j.
On Thu, Jun 12, 2014 at 2:31 PM, Rajendra Prasad
> For more options, visit https://groups.google.com/d/optout.
-- j.
On Thu, Jun 12, 2014 at 2:31 PM, Rajendra Prasad
H@rSh@d
Mar 16, 2017, 6:44:09 AM3/16/17
to JSignPdf
Hi!
Sir
I am facing same problem with trust key token while using jsignpdf 1.6.1. Pls. help me to resolve it....
Khalil AlMaawali
Jun 20, 2018, 2:52:53 AM6/20/18
to JSignPdf
I have same issue, JSignpdf can't read private key from safenet token directly.Note I'm using token under Ubuntu14.04 and JSignpdf version 1.6.3
conf/conf.properties ( uncomment line: #pkcs11config.path=conf/pkcs11.cfg)
pkcs11.cf checnges>>
# Sample file for registering PKCS#11 security provider in JSignPdf
# Feel free to edit it and then set path to the file in the conf.properties configuration file.
# Look for full list of possible attributes at
# http://download.oracle.com/javase/6/docs/technotes/guides/security/p11guide.html#ATTRS
name=JSignPdf
# if you are not sure about your PKCS driver library check following URL:
# http://www.freeotfe.org/docs/Explorer/pkcs11_drivers.htm
#library=C:\\WINDOWS\\system32\\siecap11.dll
library=/usr/lib/libeTPkcs11.so
# Feel free to edit it and then set path to the file in the conf.properties configuration file.
# Look for full list of possible attributes at
# http://download.oracle.com/javase/6/docs/technotes/guides/security/p11guide.html#ATTRS
name=JSignPdf
# if you are not sure about your PKCS driver library check following URL:
# http://www.freeotfe.org/docs/Explorer/pkcs11_drivers.htm
#library=C:\\WINDOWS\\system32\\siecap11.dll
library=/usr/lib/libeTPkcs11.so
Josef Cacek
Jun 20, 2018, 3:16:39 AM6/20/18
to JSignPdf forum
Any errors reported when you try to list keys?
java -jar JSignPdf.jar -lk -kst PKCS11 -ksp yourTokenPassword
It should print something like:
DEBUG Relaxing SSL security.
DEBUG Registering SunPKCS11 provider from configuration in conf/pkcs11.cfg
DEBUG SunPKCS11 provider registered with name SunPKCS11-testPkcs11
INFO Getting keystore type instance: PKCS11
INFO Getting key alias
INFO Key aliases in the keystore:
yourAlias
DEBUG Removing security provider with name SunPKCS11-testPkcs11
-- jc
> Visit this group at https://groups.google.com/group/jsignpdf.
> For more options, visit https://groups.google.com/d/optout.
java -jar JSignPdf.jar -lk -kst PKCS11 -ksp yourTokenPassword
It should print something like:
DEBUG Relaxing SSL security.
DEBUG Registering SunPKCS11 provider from configuration in conf/pkcs11.cfg
DEBUG SunPKCS11 provider registered with name SunPKCS11-testPkcs11
INFO Getting keystore type instance: PKCS11
INFO Getting key alias
INFO Key aliases in the keystore:
yourAlias
DEBUG Removing security provider with name SunPKCS11-testPkcs11
-- jc
> For more options, visit https://groups.google.com/d/optout.
Khalil AlMaawali
Jun 20, 2018, 3:54:39 AM6/20/18
to jsig...@googlegroups.com
Hi Josef,
Please find below output:
DEBUG Relaxing SSL security.
DEBUG Registering SunPKCS11 provider from configuration in conf/pkcs11.cfg
DEBUG Registering SunPKCS11 provider from configuration in conf/pkcs11.cfg
DEBUG SunPKCS11 provider registered with name SunPKCS11-JSignPdf
INFO Getting keystore type instance: PKCS11
INFO Getting key alias
INFO Key aliases in the keystore:
DEBUG Removing security provider with name SunPKCS11-JSignPdf
> email to jsignpdf+unsubscribe@googlegroups.com.
> To post to this group, send email to jsig...@googlegroups.com.
> Visit this group at https://groups.google.com/group/jsignpdf.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "JSignPdf" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jsignpdf+unsubscribe@googlegroups.com.
To post to this group, send email to jsig...@googlegroups.com.
Visit this group at https://groups.google.com/group/jsignpdf.
For more options, visit https://groups.google.com/d/optout.
--
Regards
Khalil Al-Maawali
Be Free, Be GNU/Linux
Khalil Al-Maawali
Be Free, Be GNU/Linux
Josef Cacek
Jun 20, 2018, 4:03:17 AM6/20/18
to JSignPdf forum
Thanks for checking. Could you try one more thing? Uncomment following
lines in conf/conf.properties:
certificate.checkValidity=false
certificate.checkKeyUsage=false
Thanks,
-- Josef
lines in conf/conf.properties:
certificate.checkValidity=false
certificate.checkKeyUsage=false
Thanks,
-- Josef
>> > Visit this group at https://groups.google.com/group/jsignpdf.
>> > For more options, visit https://groups.google.com/d/optout.
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "JSignPdf" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> > For more options, visit https://groups.google.com/d/optout.
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "JSignPdf" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to jsignpdf+u...@googlegroups.com.
>> To post to this group, send email to jsig...@googlegroups.com.
>> To post to this group, send email to jsig...@googlegroups.com.
>> Visit this group at https://groups.google.com/group/jsignpdf.
>> For more options, visit https://groups.google.com/d/optout.
>
>
>
>
> --
> Regards
>
> Khalil Al-Maawali
> Be Free, Be GNU/Linux
>
>> For more options, visit https://groups.google.com/d/optout.
>
>
>
>
> --
> Regards
>
> Khalil Al-Maawali
> Be Free, Be GNU/Linux
>
> --
> You received this message because you are subscribed to the Google Groups
> "JSignPdf" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jsignpdf+u...@googlegroups.com.
> To post to this group, send email to jsig...@googlegroups.com.
> You received this message because you are subscribed to the Google Groups
> "JSignPdf" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jsignpdf+u...@googlegroups.com.
> To post to this group, send email to jsig...@googlegroups.com.
Khalil AlMaawali
Jun 20, 2018, 4:53:02 AM6/20/18
to jsig...@googlegroups.com
Hi Josef,
Find below output after changes in conf/conf.properties:
WARN net.sf.jsignpdf.utils.PropertyProvider$ProperyProviderException: Property file /home/xxxxxx/.JSignPdf doesn't exist.
DEBUG Relaxing SSL security.
DEBUG Registering SunPKCS11 provider from configuration in conf/pkcs11.cfg
DEBUG SunPKCS11 provider registered with name SunPKCS11-JSignPdf
INFO Getting keystore type instance: PKCS11
INFO Getting key alias
INFO Key aliases in the keystore:
DEBUG Removing security provider with name SunPKCS11-JSignPdf
>> > email to jsignpdf+unsubscribe@googlegroups.com.
>> > To post to this group, send email to jsig...@googlegroups.com.
>> > Visit this group at https://groups.google.com/group/jsignpdf.
>> > For more options, visit https://groups.google.com/d/optout.
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "JSignPdf" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to jsignpdf+unsubscribe@googlegroups.com.
>> To post to this group, send email to jsig...@googlegroups.com.
>> Visit this group at https://groups.google.com/group/jsignpdf.
>> For more options, visit https://groups.google.com/d/optout.
>
>
>
>
> --
> Regards
>
> Khalil Al-Maawali
> Be Free, Be GNU/Linux
>
> --
> You received this message because you are subscribed to the Google Groups
> "JSignPdf" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jsignpdf+unsubscribe@googlegroups.com.
> To post to this group, send email to jsig...@googlegroups.com.
> Visit this group at https://groups.google.com/group/jsignpdf.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "JSignPdf" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jsignpdf+unsubscribe@googlegroups.com.
To post to this group, send email to jsig...@googlegroups.com.
Visit this group at https://groups.google.com/group/jsignpdf.
For more options, visit https://groups.google.com/d/optout.
Josef Cacek
Jun 20, 2018, 6:41:42 AM6/20/18
to JSignPdf forum
Do you use a "slot" or "slotListIndex" configuration in your pkcs11.cfg?
If not, try to play with the "slotListIndex" changes. Default value is
slotListIndex=0. Try for instance:
slotListIndex=1
You can also try to enable detailed debug messages by setting
java.security.debug system property:
java -Djava.security.debug=sunpkcs11 JSignPdf.jar ...
-- jc
If not, try to play with the "slotListIndex" changes. Default value is
slotListIndex=0. Try for instance:
slotListIndex=1
You can also try to enable detailed debug messages by setting
java.security.debug system property:
java -Djava.security.debug=sunpkcs11 JSignPdf.jar ...
-- jc
>> >> > Visit this group at https://groups.google.com/group/jsignpdf.
>> >> > For more options, visit https://groups.google.com/d/optout.
>> >>
>> >> --
>> >> You received this message because you are subscribed to the Google
>> >> Groups
>> >> "JSignPdf" group.
>> >> To unsubscribe from this group and stop receiving emails from it, send
>> >> an
>> >> > For more options, visit https://groups.google.com/d/optout.
>> >>
>> >> --
>> >> You received this message because you are subscribed to the Google
>> >> Groups
>> >> "JSignPdf" group.
>> >> To unsubscribe from this group and stop receiving emails from it, send
>> >> an
>> >> email to jsignpdf+u...@googlegroups.com.
>> >> To post to this group, send email to jsig...@googlegroups.com.
>> >> To post to this group, send email to jsig...@googlegroups.com.
>> >> Visit this group at https://groups.google.com/group/jsignpdf.
>> >> For more options, visit https://groups.google.com/d/optout.
>> >
>> >
>> >
>> >
>> > --
>> > Regards
>> >
>> > Khalil Al-Maawali
>> > Be Free, Be GNU/Linux
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "JSignPdf" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> > an
>> >> For more options, visit https://groups.google.com/d/optout.
>> >
>> >
>> >
>> >
>> > --
>> > Regards
>> >
>> > Khalil Al-Maawali
>> > Be Free, Be GNU/Linux
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "JSignPdf" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> > an
>> > email to jsignpdf+u...@googlegroups.com.
>> > To post to this group, send email to jsig...@googlegroups.com.
>> > To post to this group, send email to jsig...@googlegroups.com.
>> > Visit this group at https://groups.google.com/group/jsignpdf.
>> > For more options, visit https://groups.google.com/d/optout.
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "JSignPdf" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> > For more options, visit https://groups.google.com/d/optout.
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "JSignPdf" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to jsignpdf+u...@googlegroups.com.
>> To post to this group, send email to jsig...@googlegroups.com.
>> To post to this group, send email to jsig...@googlegroups.com.
>> Visit this group at https://groups.google.com/group/jsignpdf.
>> For more options, visit https://groups.google.com/d/optout.
>
>
>
>
> --
> Regards
>
> Khalil Al-Maawali
> Be Free, Be GNU/Linux
>
> --
> You received this message because you are subscribed to the Google Groups
> "JSignPdf" group.
> To unsubscribe from this group and stop receiving emails from it, send an
>> For more options, visit https://groups.google.com/d/optout.
>
>
>
>
> --
> Regards
>
> Khalil Al-Maawali
> Be Free, Be GNU/Linux
>
> --
> You received this message because you are subscribed to the Google Groups
> "JSignPdf" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jsignpdf+u...@googlegroups.com.
> To post to this group, send email to jsig...@googlegroups.com.
> To post to this group, send email to jsig...@googlegroups.com.
Khalil AlMaawali
Jun 21, 2018, 12:45:43 AM6/21/18
to jsig...@googlegroups.com
Hi Josef,
I was not using "slotListIndex" so I add slotListIndex=1 line in pkcs11.cfg.
I enable detailed debug messages, find attached log.
>> >> > email to jsignpdf+unsubscribe@googlegroups.com.
>> >> > To post to this group, send email to jsig...@googlegroups.com.
>> >> > Visit this group at https://groups.google.com/group/jsignpdf.
>> >> > For more options, visit https://groups.google.com/d/optout.
>> >>
>> >> --
>> >> You received this message because you are subscribed to the Google
>> >> Groups
>> >> "JSignPdf" group.
>> >> To unsubscribe from this group and stop receiving emails from it, send
>> >> an
>> >> email to jsignpdf+unsubscribe@googlegroups.com.
>> >> To post to this group, send email to jsig...@googlegroups.com.
>> >> Visit this group at https://groups.google.com/group/jsignpdf.
>> >> For more options, visit https://groups.google.com/d/optout.
>> >
>> >
>> >
>> >
>> > --
>> > Regards
>> >
>> > Khalil Al-Maawali
>> > Be Free, Be GNU/Linux
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "JSignPdf" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> > an
>> > email to jsignpdf+unsubscribe@googlegroups.com.
>> > To post to this group, send email to jsig...@googlegroups.com.
>> > Visit this group at https://groups.google.com/group/jsignpdf.
>> > For more options, visit https://groups.google.com/d/optout.
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "JSignPdf" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to jsignpdf+unsubscribe@googlegroups.com.
>> To post to this group, send email to jsig...@googlegroups.com.
>> Visit this group at https://groups.google.com/group/jsignpdf.
>> For more options, visit https://groups.google.com/d/optout.
>
>
>
>
> --
> Regards
>
> Khalil Al-Maawali
> Be Free, Be GNU/Linux
>
> --
> You received this message because you are subscribed to the Google Groups
> "JSignPdf" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jsignpdf+unsubscribe@googlegroups.com.
> To post to this group, send email to jsig...@googlegroups.com.
> Visit this group at https://groups.google.com/group/jsignpdf.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "JSignPdf" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jsignpdf+unsubscribe@googlegroups.com.
To post to this group, send email to jsig...@googlegroups.com.
Visit this group at https://groups.google.com/group/jsignpdf.
For more options, visit https://groups.google.com/d/optout.
demu...@usb.ve
Aug 29, 2018, 8:18:48 AM8/29/18
to JSignPdf
Hola! Yo estoy usando Safenet y Ubuntu 16, JSignPDF 1.5.3.
Ya instal{e el driver del EToken Java 72K. Safenet lo reconoce.
No entiendo como agregar a la lista de keystore de JSignPdf el PKcs11, para poder seleccionarlo y luego realizar el proceso de firma. Ya edité los archivos config y pkcs11.cfg y aun no puedo registrar el proveedor. Me podrían orientar cómo se hace por favor? Paso a paso. No soy ducha en programación, pero me urge hacerlo, pues todas las comunicaciones que manejo, deben ir firmadas con esta herramienta. Muchas gracias!
Rajendra Rajsri
Sep 4, 2018, 6:57:57 AM9/4/18
to JSignPdf
Hola amigo, he probado el token safenet en ubuntu16.04 con java 8 y jsignpdf 1.6.3, está funcionando. Lo
más probable es que tenga que actualizar el archivo conf / pkcs11.cfg y
actualizar la biblioteca de la línea = / usr / lib / libeTPkcs11.so. cambie el archivo conf.properties y elimine el comentario de la ruta pkcs11config.
regds
Rajendra
regds
Rajendra
Yasunari Del Valle Ramirez Leon
Sep 4, 2018, 12:14:20 PM9/4/18
to jsig...@googlegroups.com
Estimados Todos:
Gracias por sus recomendaciones. Las ejecute y me funcionó! mil gracias!
Dra. Yasunari del Valle Ramírez
Departamento de Servicios Multimedia
Sede Litoral.
"Obró mucho el que nada dejó para mañana".
Baltasar Gracián (1601-1658) Escritor español.
--
Reply all
Reply to author
Forward
0 new messages