when I am signing a PDF using IText with e-token then signed pdf is showing'at least one signature is invalid' in Acrobat Adobe Reader.I am using valid e-token. Below is the code for signing Pdf.
//path of destination file String destFile = "D://sign_test.pdf"; // load key store KeyStore ks = KeyStore.getInstance("Windows-MY"); ks.load(null, "password".toCharArray()); Enumeration enumeration = ks.aliases(); String alias = null; while(enumeration.hasMoreElements()){ alias = (String)enumeration.nextElement(); if(alias.equalsIgnoreCase("alias of the certificate"))// to get specific certificate from keystore break; } PrivateKey pk = (PrivateKey)ks.getKey(alias, "password".toCharArray()); Certificate[] chain = ks.getCertificateChain(alias); PdfReader reader = new PdfReader(sourceFile); FileOutputStream os = new FileOutputStream(destFile); PdfStamper stamper = PdfStamper.createSignature(reader, os, '\0'); PdfSignatureAppearance appearance = stamper .getSignatureAppearance(); appearance.setReason("I've written this."); appearance.setLocation("Foobar"); appearance.setVisibleSignature(new Rectangle(72, 732, 144, 780),1,"first"); ExternalSignature es = new PrivateKeySignature(pk, "SHA-256", "SunMSCAPI"); ExternalDigest digest = new ProviderDigest("SunMSCAPI"); MakeSignature.signDetached(appearance, digest, es, chain, null, null, null, 0, CryptoStandard.CMS); stamper.close();
The reason is: Your chosen certificate is invalid
If you look at what Acrobat Adobe Reader says exactly, you find in the signature panel:
Thus, the signature itself is mathematically correct:
Document has not been modified since this signature was applied
but the problem is in your certificate:
Signer's certificate is invalid
If you click further through to the certificate view you'll see
So the reason why the signer's certificate is invalid is:
Not valid for usage.
Indeed, you see the intended usage above:
Encrypt Keys
For creating signatures, you need Signing or Non-Repudiation.
So you merely have to select a certificate which is intended for signing.
thanks it solved my problem. the problem was two certificate having same alias name in e-token.