Type: | The name of a keystore type and optional keystore package provider. |
---|---|
Inherited: | no |
Used By: | input |
Default: | "JKS" |
See: | alias handler keypassword keystore location password reason signer |
This attribute determines the type of keystore specified by the keystore attribute. It is only used by the input type="signature" element. The parameter is passed directly into the constructor for java.security.KeyStore
, except when it contains a hyphen - in which case it is split at that point into the type and provider. For example, setting the keystoretype to "JKS-SUN" would load the Sun implementation of the JKS store, whereas setting it to "pkcs12" would use any implementation of a PKCS#12 keystore that was available in the system.
This shows how to digitally sign a document
<input type="signature" handler="acrobat6" // handler used to verify this signature keystore="file:/privatekey.jks" // URL of the keystore keystoretype="JKS-SUN" // type of keystore password="storepassword" // password to unlock the keystore alias="secretkey" // key from the keystore to use keypassword="secretkeypassword" // password to unlock the key, if required certify="nochanges" // allow no changes after signing signer="John Smith" // name to place on the signature reason="I am the author" // reason you're signing the document />
Same as the above example but showing the additional keys that might be used to create a signature with "long-term validation".
<input type="signature" handler="acrobat6" // handler used to verify this signature keystore="file:/privatekey.jks" // URL of the keystore keystoretype="JKS-SUN" // type of keystore password="storepassword" // password to unlock the keystore alias="secretkey" // key from the keystore to use keypassword="secretkeypassword" // password to unlock the key, if required signer="John Smith" // name to place on the signature reason="I am the author" // reason you're signing the document timestampurl="http://timestamp.entrust.net/TSS/RFC3161sha1TS" // URL of the RFC3161 Timestamp service pades="true" // Mark the signature as PAdES compatible ocsp="true" // Perform OCSP and CRL verification at time of signing algorithm="SHA256" // Set the digest algorithm to SHA-256 (optional). />