search

intoolswetrust / jsignpdf

PDF signing software written in Java. It supports visible signatures, timestamping, certificate verification and many other cool features
https://intoolswetrust.github.io/jsignpdf/
Other
310 stars 120 forks source link

PKCS11 does not appear in keystore type #129

Closed drazioti closed 1 year ago

drazioti commented 1 year ago

I use safenet 5110 eToken, I installed the driver in Ubuntu 22.04. my pkcs11 conf is

name=JSignPdf
library=/lib/libeToken.so
slot=2

The problem is that PKCS11 does not appear in keystore type.

I can sign with other cients, so something is wrong in my setup for jsignpdf. Any pointers?

drazioti commented 1 year ago

finally solved

kwart commented 1 year ago

Can you share, what the issue was?

drazioti commented 1 year ago

The problem was that I didn't uncommnet the following line in conf.properties
pkcs11config.path=conf/pkcs11.cfg. Then, with a little trial and error I found the way to fix it. Now,pkcs11.cfg is

name=JSignPdf
library=/lib/libeToken.so
slot=1

But I noticed (after reboot) I have to change sometimes slot from 1 to 0 in order to have PKCS11 in keystore types. The same if I use slotListIndex=1

Also, in conf.properties I added the following lines 

keystore.type=PKCS11
keystore.file=/lib/libeToken.so
tsa.hashAlgorithm=SHA256
tsa-server-url=https://a_timestamp_server

But I'm not sure if it makes sense to use the parameters tsa-server-url=https://a_timestamp_server and keystore.type=PKCS11 since the GUI remembers my last changes.

Also, I tried the european app and get the following warning AdES Validation Details : The signed attribute: 'signing-certificate' is absent!

Finally, the program uses PKCS7 format only and there is not an option for the "european" format Pades.