This are the kind of cards in use: https://www.cac.mil/common-access-card/
There are multiple types of distribution we do: Client Side Apps, Server based web pages and some special ones. Everything is java on the backend and JS on the front end, even client apps. No matter what package we release, they all use cards like these to login, sign PDFs and similar... the private key shouldn't leave the smartcard I agree. What I don't know is how these cards really work because I don't have access to them, but I know internet isn't required to use them and rarely is available on the client side apps. I have seen the end user sign a PDF with acrobat reader and they seem to do it normally, with a certificate selector. I would guess that these cards act as a sort of keystore themselves and the clients have special software installed that, when the card is inserted and authenticated, grants access to the certificate and perhaps imports them into the windows keystore so that apps (like acrobat) know where to look when signing... but that is just a laymen guess and I could be wrong... Based on my (lack of) knowledge on these cards, javascript seems like the only way... yet I suspect that would be more limiting in functionality than a java solution. Any questions? > From: Wade Polk > Sent: Wednesday, December 18, 2019 5:58 PM > > Yeah... it's our main use case but we won't have access to the smart > cards anytime soon. Internet isn't an option so web services won't work. > Javascript solution is the only way to go it would appear... at least > for these smartcards; still need the keystore approach as well too > though, not Need actual specifics here... > everyone uses them. > > On Wed, Dec 18, 2019 at 5:15 PM Jason Pyeron <[email protected]> wrote: > > > While this is not in regards to version 1.8, we are currently using > > smartcards and signing PDFs via web services. > > > > So no a keystore is not required, only the ability to digitally sign > > a digest value. > > > > > -----Original Message----- > > > From: gunslingor gunslingorsadf <[email protected]> > > > Sent: Wednesday, December 18, 2019 3:32 PM > > > To: [email protected] > > > Subject: PDF Signing Validation > > > > > > PDFBox 1.8.10, in reference to visible signature examples > > > > > > > > > > > > Is it possible to sign a PDF without a keystore? > > > > > > > > > i.e. folks use SIM card devices… they plug it into the computer, > > > enter user/pass (or maybe alias/pin) and then the actual > > > certificate is used > > and > > > compared against the certificate stored in the user management > > > system > > (i.e. > > > cert == cert). This sounds a little odd to me, but I am no SSL > > > expert, it was built before I arrived and these SIM devices (which > > > I don't even have access to) make this situation a little different. > > > > > > > > > Any help appreciated > > > > > > -------------------------------------------------------------------- > > - To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
