keypassword attribute

Inherited:no
Used By:input
See:alias handler keystoretype location password reason signer

This attribute sets the password to unlock the private key used for digital signatures. It is only used with the input type="signature" element. Often the entire keystore is locked, with the private key not having a separate password. In this case you don't need to specify this, but should instead set the password attribute.

This shows how to digitally sign a document

<input type="signature"
       handler="acrobat6"               // handler used to verify this signature
       keystore="file:/privatekey.jks"  // URL of the keystore
       keystoretype="JKS-SUN"           // type of keystore
       password="storepassword"         // password to unlock the keystore
       alias="secretkey"                // key from the keystore to use
       keypassword="secretkeypassword"  // password to unlock the key, if required
       signer="John Smith"              // name to place on the signature
       reason="I am the author"         // reason you're signing the document
/>

Same as the above example but showing the additional keys that might be used to create a signature with "long-term validation".

<input type="signature"
       handler="acrobat6"               // handler used to verify this signature
       keystore="file:/privatekey.jks"  // URL of the keystore
       keystoretype="JKS-SUN"           // type of keystore
       password="storepassword"         // password to unlock the keystore
       alias="secretkey"                // key from the keystore to use
       keypassword="secretkeypassword"  // password to unlock the key, if required
       signer="John Smith"              // name to place on the signature
       reason="I am the author"         // reason you're signing the document
       timestampurl="http://timestamp.entrust.net/TSS/RFC3161sha1TS" // URL of the RFC3161 Timestamp service
       pades="true"                     // Mark the signature as PAdES compatible
       ocsp="true"                      // Perform OCSP and CRL verification at time of signing
       algorithm="SHA256"               // Set the digest algorithm to SHA-256 (optional).
/>