Re: [iText-questions] using pfx / pkcs12 as keystore

Wed, 04 Oct 2006 08:46:25 -0700

Hello Paulo,

My Problem has indirectly been solved by a member of the openssl list which I also had consulted, as followed:

My openssl command was:

    openssl pkcs12 -export -out my.pfx -in cert.pem -inkey key.pem -certfile cacert.pem

the link I got brought me to:

    openssl pkcs12 -export -out my.pfx -in cert.pem -inkey key.pem

Now it works fine!

Maybe you could add a brief note on your website?

Regarding the setCertified(); :
also solved: I downloaded the new 1.4.5. version.

So all happy!

Thanks,


Felix Joussein


Paulo Soares schrieb: 
Try with another crypto provider like BouncyCastle.

Paulo

----- Original Message ----- 
From: "Felix Joussein" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Tuesday, October 03, 2006 10:15 PM
Subject: [iText-questions] using pfx / pkcs12 as keystore


  
Hello List,

I'm struggling now for almost one day with using an openssl generated
.p12 file as my keystore.
I tried a lot of things with openssl and no doubt - I learned a lot, but
at the end I found out the following:

By the way - I'm using TinyCA as openssl frontend - maybe this is the
problem but I don't think so...
Anyway:
I create a certificate + private key, then export it to a .p12 file - I
do this on the openssl shell.
Then I run:

/usr/local/bin/pdfsigner.sh -c=/tmp/my.pfx -p=12345
-i=/var/spool/pdfprint/smbprn.00000199.eGZuqx.pdf
-o=/var/spool/pdfprint/Unbenannt1.pdf -v=0
Exception in thread "main"
java.security.cert.CertificateParsingException: java.io.IOException:
subject key, Unknown key spec: Invalid RSA modulus size.
       at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:155)
       at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1679)
       at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:173)
       at
sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:90)
       at
java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:389)
       at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.a(DashoA12275)
       at
com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(DashoA12275)
       at java.security.KeyStore.load(KeyStore.java:652)
       at pdfsigner.sign(pdfsigner.java:109)
       at pdfsigner.main(pdfsigner.java:72)
Caused by: java.io.IOException: subject key, Unknown key spec: Invalid
RSA modulus size.
       at sun.security.x509.X509Key.parse(X509Key.java:155)
       at
sun.security.x509.CertificateX509Key.<init>(CertificateX509Key.java:58)
       at sun.security.x509.X509CertInfo.parse(X509CertInfo.java:706)
       at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:153)
       ... 9 more



after importing my .p12 file into Windows XP's certificates, and
exporting it again to a pfx, my java program, which just has thrown a
few exceptions and of course did not work, now it does.

Her an excerpt of the relevant code:

KeyStore ks = KeyStore.getInstance("pkcs12");
          try{
            ks.load(new FileInputStream(pfxNameVal),
pfxPassVal.toCharArray());
           }
           catch (Exception ex) { System.out.println("Error while
reading the certificate - possible cause: Invalid password\nBelow is the
               detailed error message:");throw ex;}

           String alias = (String)ks.aliases().nextElement();
           PrivateKey key = (PrivateKey)ks.getKey(alias,
pfxPassVal.toCharArray());
           java.security.cert.Certificate[] chain =
ks.getCertificateChain(alias);
           PdfReader reader = new PdfReader(inPDFVal);
           FileOutputStream fout = new FileOutputStream(outPDFVal);


Is there a way to skip the windows part in the process of creating
Java-suitable pfx's ?
Thank you all for your help in advanced,


Felix Joussein





-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share 
your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
iText-questions mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/itext-questions 
    


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
iText-questions mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/itext-questions


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean. 
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
iText-questions mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/itext-questions

Reply via email to