数字签名验证,所选证书有错误,无法使用[closed]

简言之

其关联私钥已用于签署PDF的证书具有 密钥用法 表示它不是用于签署文件而是用于加密私钥或秘密密钥,即用于密钥传输的条目。

请使用为文档签名生成的私钥和证书

详细地

您的证书具有

1088   14:         SEQUENCE {
1090    3:           OBJECT IDENTIFIER keyUsage (2 5 29 15)
1095    1:           BOOLEAN TRUE
1098    4:           OCTET STRING, encapsulates {
1100    2:             BIT STRING 5 unused bits
         :               '100'B (bit 2)
         :             }
         :           }

RFC 5280 定义:

  KeyUsage ::= BIT STRING {
       digitalSignature        (0),
       nonRepudiation          (1), -- recent editions of X.509 have
                            -- renamed this bit to contentCommitment
       keyEncipherment         (2),
       dataEncipherment        (3),
       keyAgreement            (4),
       keyCertSign             (5),
       cRLSign                 (6),
       encipherOnly            (7),
       decipherOnly            (8) }

...

  The keyEncipherment bit is asserted when the subject public key is
  used for enciphering private or secret keys, i.e., for key
  transport.  For example, this bit shall be set when an RSA public
  key is to be used for encrypting a symmetric content-decryption
  key or an asymmetric private key.

证书需要由CA(非自签名)签名,否则Acrobat将显示“此签名有问题”消息。您可以通过将证书临时添加到受信任的存储中,在本地为您的计算机解决此问题(尽管其他计算机仍会看到警告)(但是,请确保在测试后将其删除: https://security.stackexchange.com/questions/36913/adding-self-signed-certificate-to-trusted-store ).