keystore attribute

Type:url
Inherited:no
Used By:input
See:algorithm alias certify handler keypassword keystoretype location ocsp pades password reason signer timestampurl

This attribute sets the URL of the keystore containing the private key for digital signatures. It is only used with the input type="signature" element, and is mandatory.

This shows how to digitally sign a document

<input type="signature"
       handler="acrobat6"               // handler used to verify this signature
       keystore="file:/privatekey.jks"  // URL of the keystore
       keystoretype="JKS-SUN"           // type of keystore
       password="storepassword"         // password to unlock the keystore
       alias="secretkey"                // key from the keystore to use
       keypassword="secretkeypassword"  // password to unlock the key, if required
       certify="nochanges"              // allow no changes after signing
       signer="John Smith"              // name to place on the signature
       reason="I am the author"         // reason you're signing the document
/>

Same as the above example but showing the additional keys that might be used to create a signature with "long-term validation".

<input type="signature"
       handler="acrobat6"               // handler used to verify this signature
       keystore="file:/privatekey.jks"  // URL of the keystore
       keystoretype="JKS-SUN"           // type of keystore
       password="storepassword"         // password to unlock the keystore
       alias="secretkey"                // key from the keystore to use
       keypassword="secretkeypassword"  // password to unlock the key, if required
       signer="John Smith"              // name to place on the signature
       reason="I am the author"         // reason you're signing the document
       timestampurl="http://timestamp.entrust.net/TSS/RFC3161sha1TS" // URL of the RFC3161 Timestamp service
       pades="true"                     // Mark the signature as PAdES compatible
       ocsp="true"                      // Perform OCSP and CRL verification at time of signing
       algorithm="SHA256"               // Set the digest algorithm to SHA-256 (optional).
/>