JSignPDF does not remember password when executing through command line
Aliyas Yoyakey
If I want to sign large number of PDF files (about 1000), how can I do this without inputting PIN for every file?
Aliyas Yoyakey
Josef Cacek
you have to configure PKCS#11 keystore type instead of WINDOWS-MY. Try
to look into the mailing-list archive to find a proper solution.
For instance this thread:
https://groups.google.com/forum/#!topic/jsignpdf/EqXaqqB7Lm4/discussion
-- jc
> You received this message because you are subscribed to the Google Groups
> "JSignPdf" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jsignpdf+u...@googlegroups.com.
> To post to this group, send email to jsig...@googlegroups.com.
> Visit this group at http://groups.google.com/group/jsignpdf.
> For more options, visit https://groups.google.com/d/optout.
Aliyas Yoyakey
Hi Josef,
Thank you for quick response.
I have installed Java 8.3 x64 in my 64 bit Windows 7 system.
I am executing the below command:
java -jar JSignPdf.jar D:\TestSign.pdf -kst PKCS#11 -ki 1 -pg 1 -V
Result:
DEBUG Relaxing SSL security.
DEBUG Registering SunPKCS11 provider from configuration in conf/pkcs11.cfg
Unable to register SunPKCS11 security provider.
I am not getting "SunPKCS11 provider" for Windows 64. Could you please provide any source to download the same?
Thank you,
Warm Regards,
Aliyas Yoyakey
Josef Cacek
should be also a dll, which you'll register in conf/pkcs11.cfg file.
There is no universal solution for every reader.
-- j.
Aliyas Yoyakey
Hi Josef,
My conf.properties file is in the path:
D:\Apps\JSignPdf\conf\conf.properties
-------------------File content---------------------
certificate.checkKeyUsage=false
pkcs11config.path=conf/pkcs11.cfg
----------------------------------------------------
My pkcs11.cfg file is in the path:
D:\Apps\JSignPdf\conf\pkcs11.cfg
-------------------File content---------------------
#ATTRS
name=JSignPdf
name=JSignPdf
library=C:\\WINDOWS\\system32\\eMudhraP11_ND_v34.dll
----------------------------------------------------
Note: I am using eMudhra USB eToken
My Java security file is in the path:
C:\Program Files\Java\jre1.8.0_31\lib\security\java.security
-------------------File content---------------------
# List of providers and their preference orders:
security.provider.1=sun.security.provider.Sun
security.provider.2=sun.security.rsa.SunRsaSign
security.provider.3=sun.security.ec.SunEC
security.provider.4=com.sun.net.ssl.internal.ssl.Provider
security.provider.5=com.sun.crypto.provider.SunJCE
security.provider.6=sun.security.jgss.SunProvider
security.provider.7=com.sun.security.sasl.Provider
security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.9=sun.security.smartcardio.SunPCSC
security.provider.10=sun.security.mscapi.SunMSCAPI
----------------------------------------------------
My command line is:
D:\Apps\JSignPdf>java -jar JSignPdf.jar D:\Test.pdf -kst PKCS#11 -ki 1 -pg 1 -V
While executing it from command line, I am getting following error
Exception in thread "main" java.lang.ExceptionInInitializerError
at net.sf.jsignpdf.ssl.DynamicX509TrustManager.<init>(DynamicX509TrustManager.java:71)
Kindly help me to resolve the issue. Am I not configuring Java libs proporly?, please guide me.
Warm Regards,
Aliyas Yoyakey
Josef Cacek
It seems the BouncyCastle security provider can't be initialized for
you - but I'm not able to say why.
For 32-bit windows I would try the JSignPdf windows installer - which
installs also a JRE.
-- jc
Aliyas Yoyakey
keytool error: java.security.NoSuchProviderException: no such provider: SunPKCS11-gd
java.security.NoSuchProviderException: no such provider: SunPKCS11-gd
at sun.security.jca.GetInstance.getService(GetInstance.java:83)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:206)
at java.security.Security.getImpl(Security.java:698)
at java.security.KeyStore.getInstance(KeyStore.java:884)
at sun.security.tools.keytool.Main.doCommands(Main.java:768)
at sun.security.tools.keytool.Main.run(Main.java:340)
at sun.security.tools.keytool.Main.main(Main.java:333)
Aliyas Yoyakey
Josef Cacek
"C:\Program Files\JSignPdf"
1) edit the 2 configuration files in "C:\Program Files\JSignPdf\conf"
folder to enable PKCS11
2) run Windows command line (cmd) and change directory to "C:\Program
Files\JSignPdf"
3) in command line window run:
JSignPdfC.exe -lkt
(The "C" letter in the executable name is important!)
Check the output - it should either list also the PKCS11 or an error
should be displayed.
-- jc
Aliyas Yoyakey
DEBUG Registering SunPKCS11 provider from configuration in conf/pkcs11.cfg
Unable to register SunPKCS11 security provider.
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at net.sf.jsignpdf.utils.PKCS11Utils.registerProvider(PKCS11Utils.java:66)
at net.sf.jsignpdf.Signer.main(Signer.java:109)
Caused by: java.security.ProviderException: Error parsing configuration
at sun.security.pkcs11.Config.getConfig(Config.java:71)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:110)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:86)
... 6 more
Caused by: sun.security.pkcs11.ConfigurationException: name must only be specified once, line 16
at sun.security.pkcs11.Config.excLine(Config.java:343)
at sun.security.pkcs11.Config.checkDup(Config.java:606)
at sun.security.pkcs11.Config.parseStringEntry(Config.java:504)
at sun.security.pkcs11.Config.parse(Config.java:360)
at sun.security.pkcs11.Config.<init>(Config.java:194)
at sun.security.pkcs11.Config.getConfig(Config.java:67)
... 8 more
INFO Available key store types:
BCPKCS12
BKS
BOUNCYCASTLE
CASEEXACTJKS
JCEKS
JKS
PKCS12
PKCS12-3DES-3DES
PKCS12-3DES-40RC2
PKCS12-DEF
PKCS12-DEF-3DES-3DES
PKCS12-DEF-3DES-40RC2
WINDOWS-MY
WINDOWS-ROOT
C:\Program Files\JSignPdf\conf\conf.properties
Josef Cacek
ConfigurationException: name must only be specified once, line 16
On Tue, Feb 10, 2015 at 11:47 AM, Aliyas Yoyakey
Aliyas Yoyakey
DEBUG Registering SunPKCS11 provider from configuration in conf/pkcs11.cfg
INFO Checking input and output PDF paths.
java.security.KeyStoreException: PKCS#11 not found
at java.security.KeyStore.getInstance(Unknown Source)
at net.sf.jsignpdf.utils.KeyStoreUtils.loadKeyStore(KeyStoreUtils.java:348)
at net.sf.jsignpdf.utils.KeyStoreUtils.getPkInfo(KeyStoreUtils.java:413)
at net.sf.jsignpdf.SignerLogic.signFile(SignerLogic.java:135)
at net.sf.jsignpdf.Signer.signFiles(Signer.java:242)
at net.sf.jsignpdf.Signer.main(Signer.java:137)
Caused by: java.security.NoSuchAlgorithmException: PKCS#11 KeyStore not available
at sun.security.jca.GetInstance.getInstance(Unknown Source)
at java.security.Security.getImpl(Unknown Source)
... 6 more
WARN Keystore was not loaded succesfully. Check if the keystore type, path and password are valid.
ERROR Problem occured
java.lang.NullPointerException: Keystore was not loaded succesfully. Check if the keystore type, path and password are valid.
at net.sf.jsignpdf.utils.KeyStoreUtils.getKeyAliasInternal(KeyStoreUtils.java:216)
at net.sf.jsignpdf.utils.KeyStoreUtils.getPkInfo(KeyStoreUtils.java:415)
at net.sf.jsignpdf.SignerLogic.signFile(SignerLogic.java:135)
at net.sf.jsignpdf.Signer.signFiles(Signer.java:242)
at net.sf.jsignpdf.Signer.main(Signer.java:137)
INFO Finished: Creating of signature failed.
DEBUG Removing security provider with name SunPKCS11-JSignPDF
Please note that I have already installed following
jre1.8.0_31
Josef Cacek
You can list all possible values by using:
java -jar JSignPdf.jar -lkt
On Thu, Feb 12, 2015 at 6:46 AM, Aliyas Yoyakey
Aliyas Yoyakey
DEBUG Relaxing SSL security.
DEBUG Registering SunPKCS11 provider from configuration in conf/pkcs11.cfg
BCPKCS12
BKS
BOUNCYCASTLE
CASEEXACTJKS
DKS
JCEKS
JKS
PKCS12
PKCS12-3DES-3DES
PKCS12-3DES-40RC2
PKCS12-DEF
PKCS12-DEF-3DES-3DES
PKCS12-DEF-3DES-40RC2
WINDOWS-MY
WINDOWS-ROOT
Aliyas Yoyakey
Aliyas Yoyakey
Josef Cacek
It's strange - it says it registered the new provider, but then it
doesn't display it in the list.
I'm not able to say where could be the problem now.
I would suggest to start your testing with 32-bit windows, 32-bit
driver for your smartcard reader and Java 7 (32bit).
If it works, switch to Java 8 (32bit).
If it works, switch to 64bit Windows + 64bit driver + 64bit Java 8. If
it doesn't work, ask the SmartCard reader vendor for support.
-- josef
On Tue, Feb 17, 2015 at 5:29 AM, Aliyas Yoyakey
Aliyas Yoyakey
Hi Josef,
java -Djava.security.debug=sunpkcs11,pkcs11 -jar JsignPDF.jar
It prompted the GUI and shown the certificate alias name from the keystore. Surprisigly, it was listed PKCS11 in the keystore.
but it says
INFO Getting key alias
INFO Used key alias: <shown name>
INFO Loading private key
INFO Getting certificate chain
INFO No private key was found. Check the keystore settings (keystore type, filepath, password, key alias).
INFO Finished: Creating of signature failed.
Note: Certificate Chain is already present.
Using WINDOWS-MY, I am able to sign the document. So private key is also present.
Even though PKCS11 was listed in the keystore, how come it could not find private key?
Since I am able to sign PDF with WINDOWS-MY keystore, I would like to use same method. The only problem is that for bulk PDF signing, system should remember the eToken password.
This is already done in your GUI (check box for remember password). Could you please let me know how did you do that? So that I can incorporate the same method in my GUI (to retain the first time inputted password in the memory variable and use for next PDF signing)
Regards,
Aliyas Yoyakey