Can we digitally sign the document with every signing user having his/her own certificates ?

We are using the nuxeo digital signatures addon to sign the pdf documents. We configured the keystore as follows:

 < extension target="org.nuxeo.ecm.platform.signature.api.pki.RootService"  point="rootconfig">
  < configuration >
    < rootKeystoreFilePath>D:/recm/keystore/SecKeys.jks< /rootKeystoreFilePath>
    < rootKeystorePassword>secretpassword</rootKeystorePassword >
    < rootCertificateAlias>my_alias< /rootCertificateAlias>
    < rootKeyAlias>my_alias< /rootKeyAlias>
    < rootKeyPassword>secretpassword< /rootKeyPassword>
  < /configuration>
 < /extension>

Everything works as great as expected. With the above configuration , i am able to sign the document with the same certificate for every user.i.e every document gets signed with the root certificate alias , my_alias. But if i have multiple users , and i want that every signing user should be able to sign with his/her own certificates ,then , how can i achieve this? It would be great help if someone answers my question .Thanks in advance :)

0 votes

2 answers

1130 views

ANSWER



Hi Florent, That means in multi-tenancy environment also a single certificate will be used. But user will get their own certificates based on the main certificate.

0 votes



The Nuxeo Digital Signature addon does not do what you describe. This is the reality:

  • the configuration file you describe is not for configuring a signing key, but for configuring a root certificate used to generate per-user keys,
  • each user has his own key, generated by the system for him, and itself signed by the root certificate.
0 votes



Thank you Florent for your response.You have always replied to our queries :-).

We created a new component and reused the code provided by Nuxeo Digital Signature to achieve our requirement :-)

05/16/2013