Hi, See this project, maybe it will help you: https://github.com/demoiselle/signer
Emerson Sachio Saito ----- Mensagem original ----- De: "Thomas Chojecki" <i...@rayman2200.de> Para: users@pdfbox.apache.org Enviadas: Segunda-feira, 22 de junho de 2020 18:10:15 Assunto: AW: Sign a PDF using USB Token - PKCS#11 Hi Gustavo, you need to provide a so called KeyProvider for the hardware token. The KeyProvider delegate the access to the private key on the USB Token. It’s almost 5 years ago I worked with hardware token. That was on Java 6, so maybe things changed. >From the message I can see, the key is read from the pkcs11 keystore but BC >can not find the SunPKCS11 provider. This happen, if you don‘t tegister the >right provider or don‘t pass it to the CMSSIgnedData. Can you post the output of the follow code, right before you sign. Provider[] providers = Security.getProviders(); System.out.println(providers.length); Arrays.stream(providers).forEach(System.out::println); In the example code, the CMSSignedData use the default provider BC and not the SunPKCS11. Some years ago I worked on a crypto extension for the pdfbox but never finished it. There are some samples and a running testsuite. I’ve tested the code with a TeleSec smartCard and it worked. So give it maybe a try. Clone this repo https://github.com/Rayman2200/pdfbox-crypto and search for SignTest.java and add the follow code @Test public void testPAdES_B_Signature_HW_Token() throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, IOException, IllegalArgumentException, COSVisitorException, SignatureException { String configName = "C:\\pkcs11\\pkcs11.cfg"; Provider p = new sun.security.pkcs11.SunPKCS11(configName); Security.addProvider(p); KeyProvider keyProvider = KeyProvider.getInstance(keystore, keystore.aliases().nextElement(), new char[0], p.getName()); SignatureProvider signatureProvider = PAdES_B_Provider.getInstance(keyProvider); signatureProvider.setSignatureAlgorithm(SIGNATURE_ALGORITHM); InputStream stream = SignTest.class.getResourceAsStream("/unsignedPDF/LibreOffice_4_3_Sample.pdf"); PDCrypto cryptoEngine = null; try { cryptoEngine = PDCrypto.load(stream); cryptoEngine.createSignatureBuilder() .setKeyProvider(keyProvider) .setSignatureProvider(signatureProvider) .setSigernName("SignerName") .sign(new File(OUTPUT_FOLDER, "Sample_PAdES_B_signed.pdf")); } finally { closeStream(stream); } } The project is configured for Java 1.5 so you will need to have Java 8 installed. That the only version that is compatible. Best regards Thomas Von: Gustavo Delgado Gesendet: Samstag, 20. Juni 2020 05:49 An: users@pdfbox.apache.org Betreff: Sign a PDF using USB Token - PKCS#11 Hello everyone! I hope you're all doing well. I'm struggling to digitally sign a pdf document for more time then I would like and any help here is appreciated. I'm using a USB Token (StarSign Crypto USB Token S) and the proprietary .dll available to load the keystore. I can get the available info from the token, but whenever I try to sign a pdf using the <CreateSignature> class, I get the following exception: <<org.bouncycastle.operator.OperatorCreationException: cannot create signer: No installed provider supports this key: sun.security.pkcs11.P11Key$P11PrivateKey>> I've done some research but I couldn't find any resource to overcome this problem using PDF Box, which is the library I'd like to use because of its license. If can be of any help, I'm also posting the code I've used: https://gist.github.com/benywolf42/f5784671301478dd3e2cf803eb6ef8d5 Thanks in advance and be safe! --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@pdfbox.apache.org For additional commands, e-mail: users-h...@pdfbox.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@pdfbox.apache.org For additional commands, e-mail: users-h...@pdfbox.apache.org
