Hi Sarath,
I think a X509 Certificate with "digital signature" key usage would suffice based on what I can tell: - https://helpx.adobe.com/acrobat/using/certificate-based-signatures.html - https://tools.ietf.org/html/rfc5280#section-4.2.1.3 - https://access.redhat.com/documentation/en-us/red_hat_certificate_system/9/html/administration_guide/standard_x.509_v3_certificate_extensions Per a digicert article on the subject, you might want timestamping as an extended key usage as well: - https://www.digicert.com/document-signing/how-to-sign-a-pdf.htm - https://access.redhat.com/documentation/en-us/red_hat_certificate_system/9/html/administration_guide/Standard_X.509_v3_Certificate_Extensions#Discussion-PKIX_Extended_Key_Usage_Extension_Uses Details are kinda sparse about what else you'd need, or if those are sufficient. You might try reading Section 12.7.4.5 "Signature Fields", Section 12.8 "Digital Signatures", and in particular, Section 12.8.3.3 "PKCS#7 Signatures as used in ISO 32000" of the PDF 1.7 specification for more information: - https://www.adobe.com/content/dam/acom/en/devnet/pdf/pdfs/PDF32000_2008.pdf You'd probably want to create a certificate profile with this information at any rate: - https://access.redhat.com/documentation/en-us/red_hat_certificate_system/9/html/administration_guide/certificate_profiles Hope that helps, - Alex ----- Original Message ----- > From: "Sharath" <[email protected]> > To: "Fraser Tweedale" <[email protected]> > Cc: [email protected], [email protected] > Sent: Monday, November 4, 2019 2:09:54 AM > Subject: Re: [Pki-users] [Pki-devel] How to generate the certificate in pkcs > #12 format using Dogtag PKI > > HI Fraser, > > I have use case like need to certify the PDF document with "handwritten > user signature with associated certificate and it should be validate > with the password" ?? > > How can we achieve this using Dogtag PKI?? > > Thanks, > > Sharath > > On 04/11/19 9:59 AM, Fraser Tweedale wrote: > > On Fri, Nov 01, 2019 at 05:29:40PM +0530, Sharath wrote: > >> HI Team, > >> > >> 1. Can you please help, how to generate the certificate using pkcs #12 > >> format?? > >> > > Hi Sharath, > > > > PKCS #12 is a key and certificate archival format. The main use of > > PKCS #12 in Dogtag is retrieving archived keys from the KRA (key > > recovery authority). > > > > If you have a certificate and the corresponding private key you can > > create a PKCS #12 file using 'openssl pkcs12', or for keys in NSS > > databases 'pk12util'. > > > > If provide more context about your use case, we may be able to > > provide more assistance :) > > > >> 2. Is there any to validate the certificate with password using Dogtag PKI > >> ?? > >> > > Again, it's not clear what you're trying to do. But with PKI you > > never need a passphrase or private key to validate certificate > > signatures. > > > > Cheers, > > Fraser > > > >> Thanks, > >> > >> Sharath > >> > >> > >> _______________________________________________ > >> Pki-devel mailing list > >> [email protected] > >> https://www.redhat.com/mailman/listinfo/pki-devel > > > > _______________________________________________ > Pki-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/pki-users > _______________________________________________ Pki-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/pki-devel
