PDFBox+bouncy castle - signing PDF_问答_开发者

开发者 https://www.devze.com 2023-03-10 02:23 出处：网络

I\'m trying to digitally sign (encrypt?) PDF using PdfBox (and BouncyCastle) i\'ve created keystore and cert:

I'm trying to digitally sign (encrypt?) PDF using PdfBox (and BouncyCastle)

i've created keystore and cert:

%java_home%\bin\keytool -genkey -alias razor -keypass testkeypass -storepass teststorepass  -keystore test-keystore.jks -validity 360 -dname "CN=razor, OU=myorg, O=my.org, L=Mycity, C=PL"
%java_home%\bin\keytool -export -alias razor -keypass testkeypass -storepass teststorepass  -keystore test-keystore.jks -file test-cert.cer

Now i'm trying to use PdfBox

org.apache.pdfbox.PDFBox Encrypt -certFile test-cert.cer -canModify false -canPrint false test.pdf test-signed-out.pdf

and i've got:

Encrypt failed with the following exception:
org.apache.pdfbox.exceptions.COSVisitorException: Cannot find any provider supporting 1.2.840.10040.4.1
    at org.apache.pdfbox.pdfwriter.COSWriter.write(COSWriter.java:1025)
    at org.apache.pdfbox.pdmodel.PDDocument.save(PDDocument.java:914)
    at org.apache.pdfbox.pdmodel.PDDocument.save(PDDocument.java:895)
    at org.apache.pdfbox.Encrypt.encrypt(Encrypt.java:189)
    at org.apache.pdfbox.Encrypt.main(Encrypt.java:53)
    at org.apache.pdfbox.PDFBox.main(PDFBox.java:40)
org.apache.pdfbox.exceptions.CryptographyException: Cannot find any provider supporting 1.2.840.10040.4.1
    at org.apache.pdfbox.pdmodel.encryption.PublicKeySecurityHandler.prepareDocumentForEncryption(PublicKeySecurityHandler.java:344)
    at org.apache.pdfbox.pdfwriter.COSWriter.write(COSWriter.java:1016)

Whats the problem ? what i'm doing wrong ?

I can use PDFBox ShowCertificate on already signed (by iTex开发者_开发技巧t) PDF: Signature Algorithm: SHA1withDSA, OID = 1.2.840.10040.4.3

I am not familiar with PDFBox, but I think your problem is that the "Encrypt" command line tool doesn't do signing. You appear to have created a DSA certificate/key. DSA is for digital signatures. The exception reflects the fact that DSA is not a valid algorithm for encryption.

I saw some references to signing with PDFBox, but I don't think this is the way.

You will need to add provider.

You can do this with single line of code.

Security.addProvider(new BouncyCastleProvider());

Security - from java.security.Security

Obviously you will need to import BouncyCastleProviderStuff first.

Whoops - I just noticed you are doing it from command line with some PDFBox tools. Not sure how you can add provider there.