I have created in AWS KMS Console a Asymmetric key, RSA_2048, for Sign and verify. I have created an IAM user to use this key and attached to it the following policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "kms:Sign",
"Resource": "*"
}
]
}
now in my java code im using the following method:
public byte[] signPDFWithAWS(ByteArrayOutputStream pdf) {
try {
// user creadentials
AWSCredentialsProvider credentialsProvider = new StaticCredentialsProvider(new BasicAWSCredentials(Config.accesskey, Config.secretkey));
AWSKMS kmsClient = AWSKMSClientBuilder.standard().withCredentials(credentialsProvider).withRegion(Config.region).build();
String keyId = "MY-KEY-ID";
byte[] pdfBytes = pdf.toByteArray();
SignRequest signRequest = new SignRequest()
.withKeyId(keyId)
.withMessage(ByteBuffer.wrap(pdfBytes));
SignResult signResult = kmsClient.sign(signRequest);
return signResult.getSignature().array();
}
catch (Exception ex) {
logger.fatal("Fatalerror: ", ex);
}
return null;
}
and when it gets to the kmsClient.sign(signRequest) part - it throws an exception:
com.amazonaws.SdkClientException: Unable to execute HTTP request: Broken pipe
what am I doing wrong?
How can I programmatically sign a pdf file so that it WONT show "Signature validity is unknown" in Adobe Reader app?
- read documentation
- read Sign a PdfDocument using the digital signature returned by AWS KMS answers but didnt understood.
