How to resolve error Salt must be 8 bytes long

itext digital-signature keystore pfx digital
Swapneel picture Swapneel · Oct 8, 2016 · Viewed 7.7k times · Source

I am writing a program to sign a pdf using certificate (pfx file). For few of the certificates I am getting below exception.

java.security.InvalidAlgorithmParameterException: Salt must be at least 8 bytes long

This happens when I execute the below code.

Keystore ks = KeyStore.getInstance("pkcs12");

I am getting an exception in the below java file at line number 123. http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/8-b132/com/sun/crypto/provider/HmacPKCS12PBESHA1.java?av=h

Answer

Navin Theruvingal picture Navin Theruvingal · Oct 10, 2016

Your keystore has one or more certificate(s) that has a salt length which is less than 8. The crypto program requires atleast 8 bytes.

I would recommend creating a new keystore with just the one certificate that you need and try signing with that.

Related questions

Adding a Digital signature to a PDF with iTextSharp

Background I have been using iTextSharp for a short while now. I have created a pdf document with two signable PdfFormFields. If I open the pdf document I can manually sign each field manually. I want this to be done …

Read More
What does "Not LTV-enabled" mean?

I'm using iText 5.5.3 to sign and timestamp PDF documents. It works very well. But I recently switched from Acrobat Pro X to XI and now I see this new line : the signature is not LTV enabled and will expire after &…

Read More
How to convert HTML to PDF using iText

import java.io.File; import java.io.FileOutputStream; import java.io.OutputStream; import com.itextpdf.text.Document; import com.itextpdf.text.Paragraph; import com.itextpdf.text.pdf.PdfWriter; public class GeneratePDF { public static void main(String[] args) { try { String k = "&…

Read More