6 Replies Latest reply on Sep 18, 2009 2:32 AM by kapss

    Can I automatic upload pkcs#12 file into LC Trust Store Management?

    Jyang257 Level 1

      Hi, Does anyone know if I already have some pkcs#12 file and can I automatic upload to Trust Store Management--> Local Credentials? is there any service I can use it?

       

      Thanks

      Jack

        • 1. Re: Can I automatic upload pkcs#12 file into LC Trust Store Management?
          N Santosh Kumar Adobe Employee

          Hi Jack,

           

          You cannot programmatically upload p12 files , You can do this only through LiveCycle adminui

           

           

          Thanks,

          Santosh

          • 2. Re: Can I automatic upload pkcs#12 file into LC Trust Store Management?
            Jyang257 Level 1

            Thank you. But if I have thousands of PKCS#12, what can I do? Is there any tool I can use for  the batch upload?

            • 3. Re: Can I automatic upload pkcs#12 file into LC Trust Store Management?
              N Santosh Kumar Adobe Employee

              Hi Jack,

               

               

              You can mimick the human behavior that is by UI automation you can automatically upload any number of pkcs#12 files.

               

              Usually importing credentials (p12 files) is a one time activity,

              PKCS#12 file password is required to import the credential programatically.

              Users who own pkcs#12 files will not share the password to a company or administrator to automatically upload their private keys.

               

               

              Automatically importing credentials functionality is exposed only to the LiveCycle services but not for end users.

               

              Could you please explain the complete usecase for why thousands of p12 files are uploaded using a program? (If it is for migration , LiveCycle automatically handles migration of old credentials to newer versions of LC)

               

               

              Thanks,

              Santosh

              • 4. Re: Can I automatic upload pkcs#12 file into LC Trust Store Management?
                lcisawesome

                Hi Santosh,

                 

                I am also interested in this topic since I am doing some server-side digital signature. Could you let me know which LiveCycle services have the automatically importing credentials functionality? And can user invoke it through Java API or Web Services?

                 

                thanks a ton!

                 

                Wayne

                • 5. Re: Can I automatic upload pkcs#12 file into LC Trust Store Management?
                  Jyang257 Level 1


                   
                  We are going to build a user registration form to let user fill out the form and automatic generate a pkcs#12 file then upload to LC Trust Store Management. Since the password is user created, like you said, user will not share the password to us, so we can not manually import the p12 file to the  liveCycle server.

                   

                  Could you please let me know which  LiveCycle services can handle automatically importing credentials?

                   

                   

                  Thanks

                  Jack

                  • 6. Re: Can I automatic upload pkcs#12 file into LC Trust Store Management?
                    kapss

                    You can use the adobe-truststore-client.jar packaged in the SDK to do this.

                    I am sharing a code snippet to use when this is being done using a custom dsc in the LiveCycle container.

                     

                    CredentialServiceClient cl = new CredentialServiceClient(ServiceClientFactory.createInstance());
                    cl.importCredential("Cred Alias", new com.adobe.idp.Document(new File("p12 file path"),false), "password", new String[]{"truststore.usage.type.sign"});

                     

                    If you were importing a credential for reader extension the last argument would be "truststore.usage.type.lcre".

                    Here since this is inVM call, the ServiceClientFactory is created with default settings. If you want to do this from a remote VM, you would have to use

                    ServiceClientFactory.createInstance(Properties p) where properties identify the LiveCycle server installation. This you would find in the LiveCycle documents.

                     

                    I am however not sure if private keys can be dealt in a batch. This would require the PKCS#12 file password to decrypt the key and I am not sure that how you can integrate the user who owns the key to submit the password in a batch request mechanism. On the other hand, if he is not involved, that implies his password being kept somewhere in clear text for use which again as you'll agree could be a problem.