bash mode crashes with No private key was found error

[fogine]

Hello there,

Signing via gui works however when using cli command, it fails with error.

> ./jsignpdf.sh -tsh SHA256 -kst "PKCS12" -ksf "/path/to/cert.p12" -d "/tmp" "/path/to/sample.pdf"

FINE Relaxing SSL security. INFO Checking input and output PDF paths. INFO Getting key alias INFO Used key alias: org selfsigned pdf cert INFO Loading private key INFO Getting certificate chain INFO No private key was found. Check the keystore settings (keystore type, filepath, password, key alias). INFO Finished: Creating of signature failed.

exit code: 4

I'm sure I'm providing correct (same as in the gui mode) paths to cert.p12 and sample.pdf files.

Any ideas?

[kwart]

I see no keystore password parameter. Have you used one?

[fogine]

No, the certificate does not have password. I use the same certificate as when signing with gui where I also did not provide the password. I also tried to provide empty password -ksp ''

[fogine]

compiled with

openjdk 11.0.17 2022-10-18 OpenJDK Runtime Environment (build 11.0.17+1) OpenJDK 64-Bit Server VM (build 11.0.17+1, mixed mode)

[MVNVM] Using maven: 3.6.3 Apache Maven 3.6.3 (cecedd343002696d0abb50b32b541b8a6ba2883f) Maven home: /home/user/.mvnvm/apache-maven-3.6.3 Java version: 11.0.17, vendor: Oracle Corporation, runtime: /usr/lib/jvm/java-11-openjdk Default locale: en_US, platform encoding: UTF-8 OS name: "linux", version: "6.0.12-arch1-1", arch: "amd64", family: "unix"

[kwart]

Is there more keys in the keystore? What does the -lk parameter prints?

[fogine]

> ./jsignpdf.sh -kst PKCS12 -ksf /path/to/cert.p12 -lk

FINE Relaxing SSL security.
INFO Getting keystore type instance: PKCS12
INFO Getting key alias
INFO Key aliases in the keystore:
org selfsigned pdf cert

there is single key, I also tried to provide -ki 0 / -ka 'org selfsigned pdf cert' argument

[fogine]

I can provide the p12 key file as its generated self signed certificate for testing purposes, if that helps

[kwart]

it would be great

[fogine]

Here it is cert.zip

[kwart]

The -ksp worked for me:

➜  ~ ~/tools/jsignpdf-2.2.0/jsignpdf.sh  -tsh SHA256 -kst "PKCS12" -ksf "/tmp/cert.p12" -d /tmp ~/test.pdf 
FINE Relaxing SSL security.
INFO Checking input and output PDF paths.
INFO Getting key alias
INFO Used key alias: bindworks selfsigned pdf cert
INFO Loading private key
INFO Getting certificate chain
INFO No private key was found. Check the keystore settings (keystore type, filepath, password, key alias).
INFO Finished: Creating of signature failed.
➜  ~ ~/tools/jsignpdf-2.2.0/jsignpdf.sh  -tsh SHA256 -kst "PKCS12" -ksf "/tmp/cert.p12" -ksp '' -d /tmp ~/test.pdf
FINE Relaxing SSL security.
INFO Checking input and output PDF paths.
INFO Getting key alias
INFO Used key alias: bindworks selfsigned pdf cert
INFO Loading private key
INFO Getting certificate chain
INFO Opening input PDF file: /home/kwart/test.pdf
INFO Creating output PDF file: /tmp/test_signed.pdf
INFO Creating signature
INFO Setting certification level
INFO Processing (it may take a while) ...
INFO Closing result PDF stream
INFO Finished: Signature succesfully created.

[fogine]

Hm, you are right, it works when I provide -ksp with empty password on fresh jsignpdf build. I'm sure I have tried to provide empty password before. Must have had something else misconfigured.

Anyway, thanks for the good piece of software and your quick support! Closing.

[kwart]

Thanks for confirming, that it works for you. :+1: