PDFBOX3 Sign - Bouncycastle - kann nicht unterzeichnet werden: Kein installierter Anbieter unterstützt diesen Schlüssel: ⇐ Java

[Guest]

Motivation < /strong>

Ich versuche, die neueste PDFbox 3 zu verwenden, um PDF -Dokumente zu signieren. >

Windows -Computer mit Java23 < /p>
Zertifikate < /strong>

Ich habe Domänenzertifikate mit Certbot 2.9.0 erstellt. und OpenSSL-3.0.7 in JKS-, P12- und PEM-Formaten < /p>

Code: Select all

:: certbot_to_p12.bat
del tomcat.p12
openssl.exe pkcs12 -export -in C:\Certbot\live\tugalsan.com\fullchain.pem -inkey C:\Certbot\live\tugalsan.com\privkey.pem -out D:\dat\ssl\tomcat.p12 -name "MyAllias" -password pass:MyPass
pause

:: p12_to_jks.bat
del tomcat.jks
keytool.exe -importkeystore -srckeystore D:\dat\ssl\tomcat.p12 -srcstoretype pkcs12 -destkeystore D:\dat\ssl\tomcat.jks -deststorepass MyPass -srcstorepass MyPass
pause

:: p12_to_pem.bat
del tomcat.crt.pem
del tomcat.crt.ca.pem
del tomcat.key.pem
openssl.exe pkcs12 -in D:\dat\ssl\tomcat.p12 -out D:\dat\ssl\tomcat.crt.pem -clcerts --passin pass:MyPass
openssl.exe pkcs12 -in D:\dat\ssl\tomcat.p12 -out D:\dat\ssl\tomcat.key.pem -nocerts -nodes -passin pass:MyPass
openssl.exe pkcs12 -in D:\dat\ssl\tomcat.p12 -out D:\dat\ssl\tomcat.crt.ca.pem -nodes -nokeys -cacerts -passin pass:MyPass
pause
< /code>
 Verwendete Abhängigkeit < /strong>

Ich habe unten die folgende Abhängigkeit zu meinem Pom < /p>
hinzugefügt
org.apache.pdfbox
pdfbox-examples
3.0.4

Java -Code verwendet wie unten [/b]
vereinfacht

Code: Select all

//IMPORTS
import java.awt.geom.Rectangle2D;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.KeyStore;
import org.apache.pdfbox.examples.signature.CreateVisibleSignature2;

//KEYSTORE
KeyStore keystore;
Path strPathStore = pathStore.toString().toUpperCase();
if (strPathStore.endsWith("JKS")) {
keystore = KeyStore.getInstance("JKS");
} else {
keystore = KeyStore.getInstance("PKCS12");
}
try (InputStream is = Files.newInputStream(pathStore)) {
keystore.load(is, password.toString().toCharArray());
}

//SIGNER
var signer = new CreateVisibleSignature2(keystore, password.toString().toCharArray());
signer.setExternalSigning(useExternalSignScnerio);//true or false, it has no effect on outcome
signer.signPDF(
pathPdfInput.toFile(),
pathPdfInput.resolveSibling(pathPdfInput.toFile().getName()+"_signed.pdf").toFile(),
new Rectangle2D.Float(10,200,150,50),
null,
"aaa"
);
< /code>
 Ausgabe < /strong>

Ich habe JKs und P12 -Zertifikate verwendet; Beide Rückgaben unter dem Fehler < /p>
SLF4J(W): No SLF4J providers were found.
SLF4J(W): Defaulting to no-operation (NOP) logger implementation
SLF4J(W): See https://www.slf4j.org/codes.html#noProviders for further details.
{Main}, {main}, {ERROR CAUSE: 'java.io.IOException: org.bouncycastle.operator.OperatorCreationException: cannot create signer: No installed provider supports this key: sun.security.ec.ECPrivateKeyImpl'
ERROR TREE:
org.apache.pdfbox.examples.signature.CreateSignatureBase.sign(CreateSignatureBase.java:155)
org.apache.pdfbox.pdfwriter.COSWriter.doWriteSignature(COSWriter.java:915)
org.apache.pdfbox.pdfwriter.COSWriter.visitFromDocument(COSWriter.java:1346)
org.apache.pdfbox.cos.COSDocument.accept(COSDocument.java:429)
org.apache.pdfbox.pdfwriter.COSWriter.write(COSWriter.java:1586)
org.apache.pdfbox.pdmodel.PDDocument.saveIncremental(PDDocument.java:1095)
org.apache.pdfbox.examples.signature.CreateVisibleSignature2.signPDF(CreateVisibleSignature2.java:297)
...
< /code>
 Verwandte Links < /strong>
< /p>
[list]
[*] Es gibt unten eine Antwort; Aber ich konnte es nicht verstehen, wie man es implementiert. Sign PDF -Dokumente mit unten.  Aber es verwendet pdfbox Version 2
https://github.com/intoolswetrust/jSignpdf
[/list]
 Update - Projektdateien 
C:\git\blg\com.tugalsan.blg.pdf.pdfbox3.sign>java -jar target\com.tugalsan.blg.pdf.pdfbox3.sign-1.0-SNAPSHOT-jar-with-dependencies.jar
C:\git\blg\com.tugalsan.blg.pdf.pdfbox3.sign\HelloWorld_signed.pdf
Oca 26, 2025 10:37:43 ÖS org.apache.pdfbox.examples.signature.SigUtils checkCertificateUsage
SEVERE: Certificate extended key usage does not include emailProtection, nor codeSigning, nor anyExtendedKeyUsage, nor 'Adobe Authentic Documents Trust'
java.io.IOException: org.bouncycastle.operator.OperatorCreationException: cannot create signer: No installed provider supports this key: sun.security.ec.ECPrivateKeyImpl
at org.apache.pdfbox.examples.signature.CreateSignatureBase.sign(CreateSignatureBase.java:155)
at org.apache.pdfbox.pdfwriter.COSWriter.doWriteSignature(COSWriter.java:915)
at org.apache.pdfbox.pdfwriter.COSWriter.visitFromDocument(COSWriter.java:1346)
at org.apache.pdfbox.cos.COSDocument.accept(COSDocument.java:432)
at org.apache.pdfbox.pdfwriter.COSWriter.write(COSWriter.java:1586)
at org.apache.pdfbox.pdmodel.PDDocument.saveIncremental(PDDocument.java:1099)
at org.apache.pdfbox.examples.signature.CreateVisibleSignature2.signPDF(CreateVisibleSignature2.java:297)
at com.tugalsan.blg.pdf.pdfbox3.sign.Main.main(Main.java:43)
Caused by: org.bouncycastle.operator.OperatorCreationException: cannot create signer: No installed provider supports this key: sun.security.ec.ECPrivateKeyImpl
at org.bouncycastle.operator.jcajce.JcaContentSignerBuilder.build(Unknown Source)
at org.apache.pdfbox.examples.signature.CreateSignatureBase.sign(CreateSignatureBase.java:141)
... 7 more
Caused by: java.security.InvalidKeyException: No installed provider supports this key: sun.security.ec.ECPrivateKeyImpl
at java.base/java.security.Signature$Delegate.chooseProvider(Signature.java:1302)
at java.base/java.security.Signature$Delegate.engineInitSign(Signature.java:1359)
at java.base/java.security.Signature.initSign(Signature.java:635)
... 9 more
< /code>
 Update - Hinzufügen von Sicherheit. >
Die Ausgabe änderte sich wie unten
< /p>
C:\git\blg\com.tugalsan.blg.pdf.pdfbox3.sign>java -jar target\com.tugalsan.blg.pdf.pdfbox3.sign-1.0-SNAPSHOT-jar-with-dependencies.jar
C:\git\blg\com.tugalsan.blg.pdf.pdfbox3.sign\HelloWorld_signed.pdf
Oca 26, 2025 10:52:31 ÖS org.apache.pdfbox.examples.signature.SigUtils checkCertificateUsage
SEVERE: Certificate extended key usage does not include emailProtection, nor codeSigning, nor anyExtendedKeyUsage, nor 'Adobe Authentic Documents Trust'
java.io.IOException: org.bouncycastle.operator.OperatorCreationException: cannot create signer: Supplied key (sun.security.ec.ECPrivateKeyImpl) is not a RSAPrivateKey instance
at org.apache.pdfbox.examples.signature.CreateSignatureBase.sign(CreateSignatureBase.java:155)
at org.apache.pdfbox.pdfwriter.COSWriter.doWriteSignature(COSWriter.java:915)
at org.apache.pdfbox.pdfwriter.COSWriter.visitFromDocument(COSWriter.java:1346)
at org.apache.pdfbox.cos.COSDocument.accept(COSDocument.java:432)
at org.apache.pdfbox.pdfwriter.COSWriter.write(COSWriter.java:1586)
at org.apache.pdfbox.pdmodel.PDDocument.saveIncremental(PDDocument.java:1099)
at org.apache.pdfbox.examples.signature.CreateVisibleSignature2.signPDF(CreateVisibleSignature2.java:297)
at com.tugalsan.blg.pdf.pdfbox3.sign.Main.main(Main.java:50)
Caused by: org.bouncycastle.operator.OperatorCreationException: cannot create signer: Supplied key (sun.security.ec.ECPrivateKeyImpl) is not a RSAPrivateKey instance
at org.bouncycastle.operator.jcajce.JcaContentSignerBuilder.build(Unknown Source)
at org.apache.pdfbox.examples.signature.CreateSignatureBase.sign(CreateSignatureBase.java:141)
...  7 more
Caused by: java.security.InvalidKeyException: Supplied key (sun.security.ec.ECPrivateKeyImpl) is not a RSAPrivateKey instance
at org.bouncycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi.engineInitSign(Unknown Source)
at java.base/java.security.Signature$Delegate.tryOperation(Signature.java:1321)
at java.base/java.security.Signature$Delegate.chooseProvider(Signature.java:1275)
at java.base/java.security.Signature$Delegate.engineInitSign(Signature.java:1359)
at java.base/java.security.Signature.initSign(Signature.java:635)