Hi, PDF uses public/private cryptography in the form of RSA for signatures.
Generally a public key is signed by a certificate authority in the form of a X.509 certificate. In this form the public key is associated to a person or company. The private key should be kept secret and in control of the owner. Signing something equals to encrypting with the private key. So you need access to the private key. A Java keystore can store private and public keys and certificates. It is the easiest way to demo a signature. For the PDF signature itself, it doesn’t matter where the keys are stored. And a common secure way to store keys are smartcards. A SIM card is a kind of smartcard or to be more precise: A SIM card is a smartcard application. So, yes you can sign a PDF with a private key, which is stored on a smartcard. The you send the data, which needs to be encrypted, to the smartcard and it will encrypt it. The private key should not leave the smartcard. But this part is not covered by PDFBox. Do you have a specific case in mind or are you just asking in general? Regards, Waldemar > On 18. 12 2019, at 21:35, gunslingor gunslingorsadf <gunslin...@gmail.com> > wrote: > > What I do know is that at the visible signature constructor, I have access > to an X509 certificate via HTTP Request parameters... I think I could set > this to the typical cert variable.... but then I have no idea what to set > the private key too (it is probably on these SIM cards, but that's front > end not back end... so pretty confused). > > On Wed, Dec 18, 2019 at 3:32 PM gunslingor gunslingorsadf < > gunslin...@gmail.com> wrote: > >> PDFBox 1.8.10, in reference to visible signature examples >> >> >> >> Is it possible to sign a PDF without a keystore? >> >> >> i.e. folks use SIM card devices… they plug it into the computer, enter >> user/pass (or maybe alias/pin) and then the actual certificate is used and >> compared against the certificate stored in the user management system (i.e. >> cert == cert). This sounds a little odd to me, but I am no SSL expert, it >> was built before I arrived and these SIM devices (which I don't even have >> access to) make this situation a little different. >> >> >> Any help appreciated >> >> >> Waldemar Dick signing & security Mobile +49 (0)179 1106735 Support +41 (0)44 505 16 64 E-Mail walde...@skribble.com <mailto:walde...@skribble.com> Pforzheimer Straße 128a, 76275 Ettlingen, Deutschland Qualified electronic signing made easy. Skribble.com <https://www.skribble.com/>
