Hi Emerson, I'll take a look at it. It actually might help a lot since I'm also from Brazil.
Btw, I've added you at gitHub, hope it's not a problem. Thanks for your help. On 2020/06/22 21:48:27, Emerson Sachio Saito <emerson.sa...@serpro.gov.br> wrote: > Hi, > > See this project, maybe it will help you: https://github.com/demoiselle/signer > > > Emerson Sachio Saito > > ----- Mensagem original ----- > De: "Thomas Chojecki" <i...@rayman2200.de> > Para: users@pdfbox.apache.org > Enviadas: Segunda-feira, 22 de junho de 2020 18:10:15 > Assunto: AW: Sign a PDF using USB Token - PKCS#11 > > Hi Gustavo, > you need to provide a so called KeyProvider for the hardware token. The > KeyProvider delegate the access to the private key on the USB Token. > > It’s almost 5 years ago I worked with hardware token. That was on Java 6, so > maybe things changed. > > From the message I can see, the key is read from the pkcs11 keystore but BC > can not find the SunPKCS11 provider. This happen, if you don‘t tegister the > right provider or don‘t pass it to the CMSSIgnedData. > > Can you post the output of the follow code, right before you sign. > > Provider[] providers = Security.getProviders(); > System.out.println(providers.length); > Arrays.stream(providers).forEach(System.out::println); > > > In the example code, the CMSSignedData use the default provider BC and not > the SunPKCS11. > > Some years ago I worked on a crypto extension for the pdfbox but never > finished it. There are some samples and a running testsuite. I’ve tested the > code with a TeleSec smartCard and it worked. > > So give it maybe a try. Clone this repo > https://github.com/Rayman2200/pdfbox-crypto and search for SignTest.java and > add the follow code > > @Test > public void testPAdES_B_Signature_HW_Token() throws > UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, > IOException, > IllegalArgumentException, COSVisitorException, SignatureException > { > > String configName = "C:\\pkcs11\\pkcs11.cfg"; > Provider p = new sun.security.pkcs11.SunPKCS11(configName); > Security.addProvider(p); > > KeyProvider keyProvider = KeyProvider.getInstance(keystore, > keystore.aliases().nextElement(), new char[0], p.getName()); > > SignatureProvider signatureProvider = > PAdES_B_Provider.getInstance(keyProvider); > signatureProvider.setSignatureAlgorithm(SIGNATURE_ALGORITHM); > > InputStream stream = > SignTest.class.getResourceAsStream("/unsignedPDF/LibreOffice_4_3_Sample.pdf"); > > PDCrypto cryptoEngine = null; > try > { > cryptoEngine = PDCrypto.load(stream); > cryptoEngine.createSignatureBuilder() > .setKeyProvider(keyProvider) > .setSignatureProvider(signatureProvider) > .setSigernName("SignerName") > .sign(new File(OUTPUT_FOLDER, "Sample_PAdES_B_signed.pdf")); > > } > finally > { > closeStream(stream); > } > > } > > The project is configured for Java 1.5 so you will need to have Java 8 > installed. That the only version that is compatible. > > > Best regards > Thomas > > > > > > > Von: Gustavo Delgado > Gesendet: Samstag, 20. Juni 2020 05:49 > An: users@pdfbox.apache.org > Betreff: Sign a PDF using USB Token - PKCS#11 > > Hello everyone! I hope you're all doing well. > > I'm struggling to digitally sign a pdf document for more time then I would > like and any help here is appreciated. > > I'm using a USB Token (StarSign Crypto USB Token S) and the proprietary .dll > available to load the keystore. > I can get the available info from the token, but whenever I try to sign a pdf > using the <CreateSignature> class, I get the following exception: > > <<org.bouncycastle.operator.OperatorCreationException: cannot create signer: > No installed provider supports this key: > sun.security.pkcs11.P11Key$P11PrivateKey>> > > I've done some research but I couldn't find any resource to overcome this > problem using PDF Box, which is the library I'd like to use because of its > license. > > If can be of any help, I'm also posting the code I've used: > > https://gist.github.com/benywolf42/f5784671301478dd3e2cf803eb6ef8d5 > > Thanks in advance and be safe! > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@pdfbox.apache.org > For additional commands, e-mail: users-h...@pdfbox.apache.org > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@pdfbox.apache.org > For additional commands, e-mail: users-h...@pdfbox.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@pdfbox.apache.org For additional commands, e-mail: users-h...@pdfbox.apache.org
