签署直接使用XML的Office Word文档 [英] Directly signing an Office Word document using XML
本文介绍了签署直接使用XML的Office Word文档的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我尝试登录使用直接XML格式的C#的Microsoft Office Word文件
有一些问题和含混就出现在这里,如:
- 我该如何填写的摘要值,什么样的价值,我应该正好消化为每个引用,我就琢磨一下值为每个变换?
- 我应该签什么样的价值创造
的SignatureValue? - 我应该在X509什么证书数据又如何? (我们不到底有没有一个证书,以便创建一个指导表示赞赏。)
最后一个问题是我在做这个是否正确?也许有错误的东西在这里,我已经错过了,否则自己的OpenXML文档进行交互,并签署一个包。
但请记住,虽然,我其实是想签与有可用的PKCS11接口的外部标记(但没有CSP)的数据,所以我使用了PKCS11互操作库将其迁移到C#中,但我还是有点困惑在这里。
- 有一个包,我可以用它来签署word文档?
- ,还是有缓和的OpenXML互为作用包?
- 或做我必须做手工?
BTW在XML签名生成器看起来像这样:
<?XML版本=1.0编码=UTF-8>?;
<签名的xmlns =http://www.w3.org/2000/09/xmldsig#ID =idPackageSignature>
<&的SignedInfo GT;
< CanonicalizationMethod的算法=http://www.w3.org/TR/2001/REC-xml-c14n-20010315/>
<是SignatureMethod算法=http://www.w3.org/2001/04/xmldsig-more#rsa-sha256/>
<参考TYPE =http://www.w3.org/2000/09/xmldsig#ObjectURI =#idPackageObject>
< DigestMethod算法=http://www.w3.org/2001/04/xmlenc#sha256/>
<的DigestValue />
< /参考和GT;
<参考TYPE =http://www.w3.org/2000/09/xmldsig#ObjectURI =#idOfficeObject>
< DigestMethod算法=http://www.w3.org/2001/04/xmlenc#sha256/>
<的DigestValue />
< /参考和GT;
<参考TYPE =http://uri.etsi.org/01903#SignedPropertiesURI =#idSignedProperties>
<&变换GT;
<变换算法=http://www.w3.org/TR/2001/REC-xml-c14n-20010315/>
< /变换>
< DigestMethod算法=http://www.w3.org/2001/04/xmlenc#sha256/>
<的DigestValue />
< /参考和GT;
< /&的SignedInfo GT;
<的SignatureValue />
<密钥信息>
< X509Data>
< x509证书/>
< / X509Data>
< /密钥信息>
<对象ID =idPackageObject>
<&舱单GT;
<参考URI =/?_ RELS /的.rels的ContentType =应用程序/ vnd.openxmlformats-package.relationships + XML>
<&变换GT;
<变换算法=http://schemas.openxmlformats.org/package/2006/RelationshipTransform>
< mdssi:RelationshipReference的xmlns:mdssi =http://schemas.openxmlformats.org/package/2006/digital-signature的sourceID =RID1/>
< /转换>
<变换算法=http://www.w3.org/TR/2001/REC-xml-c14n-20010315/>
< /变换>
< DigestMethod算法=http://www.w3.org/2001/04/xmlenc#sha256/>
<的DigestValue />
< /参考和GT;
<参考URI =/字/ _rels / document.xml.rels的ContentType =应用程序/ vnd.openxmlformats-package.relationships + XML?>
<&变换GT;
<变换算法=http://schemas.openxmlformats.org/package/2006/RelationshipTransform>
< mdssi:RelationshipReference的xmlns:mdssi =http://schemas.openxmlformats.org/package/2006/digital-signature的sourceID =rId5/>
< mdssi:RelationshipReference的xmlns:mdssi =http://schemas.openxmlformats.org/package/2006/digital-signature的sourceID =rId4/>
< mdssi:RelationshipReference的xmlns:mdssi =http://schemas.openxmlformats.org/package/2006/digital-signature的sourceID =rId3/>
< mdssi:RelationshipReference的xmlns:mdssi =http://schemas.openxmlformats.org/package/2006/digital-signature的sourceID =rId2/>
< mdssi:RelationshipReference的xmlns:mdssi =http://schemas.openxmlformats.org/package/2006/digital-signature的sourceID =RID1/>
< /转换>
<变换算法=http://www.w3.org/TR/2001/REC-xml-c14n-20010315/>
< /变换>
< DigestMethod算法=http://www.w3.org/2001/04/xmlenc#sha256/>
<的DigestValue />
< /参考和GT;
<参考URI =/字/ document.xml的ContentType =应用程序/ vnd.openxmlformats-officedocument.wordprocessingml.document.main + XML?>
< DigestMethod算法=http://www.w3.org/2001/04/xmlenc#sha256/>
<的DigestValue />
< /参考和GT;
<参考URI =/字/ fontTable.xml的ContentType =应用程序/ vnd.openxmlformats-officedocument.wordprocessingml.fontTable + XML?>
< DigestMethod算法=http://www.w3.org/2001/04/xmlenc#sha256/>
<的DigestValue />
< /参考和GT;
<参考URI =?/字/ settings.xml中的ContentType =应用程序/ vnd.openxmlformats-officedocument.wordprocessingml.settings + XML>
< DigestMethod算法=http://www.w3.org/2001/04/xmlenc#sha256/>
<的DigestValue />
< /参考和GT;
<参考URI =?/字/ styles.xml的ContentType =应用程序/ vnd.openxmlformats-officedocument.wordprocessingml.styles + XML>
< DigestMethod算法=http://www.w3.org/2001/04/xmlenc#sha256/>
<的DigestValue />
< /参考和GT;
<参考URI =/字/主题/ theme1.xml的ContentType =应用程序/ vnd.openxmlformats-officedocument.theme + XML?>
< DigestMethod算法=http://www.w3.org/2001/04/xmlenc#sha256/>
<的DigestValue />
< /参考和GT;
<参考URI =/字/ webSettings.xml的ContentType =应用程序/ vnd.openxmlformats-officedocument.wordprocessingml.webSettings + XML?>
< DigestMethod算法=http://www.w3.org/2001/04/xmlenc#sha256/>
<的DigestValue />
< /参考和GT;
< /舱单>
<&SignatureProperties中GT;
<的SignatureProperty n =idSignatureTime目标=#idPackageSignature>
< mdssi:SignatureTime的xmlns:mdssi =http://schemas.openxmlformats.org/package/2006/digital-signature>
< mdssi:格式> YYYY-MM-DDTHH:MM:ssTZD< / mdssi:格式>
< mdssi:值> 2015-11-22T17:21:28Z< / mdssi:值>
< / mdssi:SignatureTime>
< /&的SignatureProperty GT;
< / SignatureProperties中>
< /对象>
<对象ID =idOfficeObject>
<&SignatureProperties中GT;
<的SignatureProperty n =idOfficeV1Details目标=#idPackageSignature>
< SignatureInfoV1的xmlns =http://schemas.microsoft.com/office/2006/digsig>
< SetupID />
< SignatureText />
< SignatureImage />
< SignatureComments> TEST SIGNING< / SignatureComments>
< WindowsVersion> 10.0 LT; / WindowsVersion>
< OfficeVersion> 15.0 LT; / OfficeVersion>
< ApplicationVersion> 15.0 LT; / ApplicationVersion>
<显示器大于1< /显示器及GT;
< HorizontalResolution> 1920< / HorizontalResolution>
< VerticalResolution> 1080 LT; / VerticalResolution>
<&颜色质量汇总GT; 32 LT; /颜色质量汇总>
< SignatureProviderId> {00000000-0000-0000-0000-000000000000}< / SignatureProviderId>
< SignatureProviderUrl />
< SignatureProviderDetails> 9< / SignatureProviderDetails>
< SignatureType> 1 LT; / SignatureType>
< / SignatureInfoV1>
< /&的SignatureProperty GT;
< / SignatureProperties中>
< /对象>
<对象>
< XD:QualifyingProperties的xmlns:XD =http://uri.etsi.org/01903/v1.3.2#目标=#idPackageSignature>
< XD:SignedProperties n =idSignedProperties>
< XD:SignedSignatureProperties>
< XD:SigningTime> 2015-11-22T17:21:28Z< / XD:SigningTime>
< XD:SigningCertificate>
< XD:证书>
< XD:CertDigest>
< DigestMethod算法=http://www.w3.org/2001/04/xmlenc#sha256/>
<的DigestValue />
< / XD:CertDigest>
< XD:IssuerSerial>
< X509IssuerName> E=ali@ali.com,CN = ALI-PC,OU = ALI-PC,O = ALI-PC,L = ALI-PC,S = ALI-PC,C = 98< / X509IssuerName>
< X509SerialNumber> 1 LT; / X509SerialNumber>
< / XD:IssuerSerial>
< / XD:证书>
< / XD:SigningCertificate>
< XD:SignaturePolicyIdentifier>
< XD:SignaturePolicyImplied />
< / XD:SignaturePolicyIdentifier>
< / XD:SignedSignatureProperties>
< XD:SignedDataObjectProperties>
< XD:CommitmentTypeIndication>
< XD:CommitmentTypeId>
< XD:标识符> HTTP://uri.etsi.org/01903/v1.2.2#ProofOfOrigin< / XD:标识符>
< XD:说明>创建和批准了该文件与LT; / XD:说明>
< / XD:CommitmentTypeId>
< XD:AllSignedDataObjects />
< XD:CommitmentTypeQualifiers>
< XD:CommitmentTypeQualifier> TEST SIGNING< / XD:CommitmentTypeQualifier>
< / XD:CommitmentTypeQualifiers>
< / XD:CommitmentTypeIndication>
< / XD:SignedDataObjectProperties>
< / XD:SignedProperties>
< / XD:QualifyingProperties>
< /对象>
< /签署及GT;
解决方案
您可以看看的源代码< A HREF =http://assinadordigital.codeplex.com/相对=nofollow>这个项目,它涵盖了MS Office文档基本的数字签名。
注意代码是有点过时,但原则是相同的。
I'm trying to sign a Microsoft Office Word file using C# in direct XML format.
There are some questions and ambiguousness arises here like:
- How should I fill in the digest values, what value should I exactly digest for each reference, and what value should I digest for each transform?
- What value should I sign to create the
SignatureValue? - And what certificate should I include in x509 data and how? (We don't exactly have a certificate so a guide for creating one is appreciated.)
The last question is am I doing this correctly? Maybe there is something wrong here and I have missed a package that would otherwise itself interact with the openxml document and sign it.
But remember though that I am actually trying to sign a data with an external token which has a pkcs11 interface available(but no CSP) so I have used the PKCS11 Interop library to migrate it to c#, but I'm still a little confused here.
- Is there a package that I can use to sign word documents?
- Or is there a package that eases openXML interation?
- Or do I have to do it manually?
Just for heads up any library that does the openXML interaction should also allow me to sign the documents using the pkcs11 commands (i.e which gives me the bytestream to sign and digest but does the other parts itself, pkcs11 is really should not be considered an importance here(you can replace it with my custom algorithm))
BTW a signature builder in XML looks like this:
<?xml version="1.0" encoding="UTF-8"?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="idPackageSignature">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="#idPackageObject">
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue/>
</Reference>
<Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="#idOfficeObject">
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue/>
</Reference>
<Reference Type="http://uri.etsi.org/01903#SignedProperties" URI="#idSignedProperties">
<Transforms>
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue/>
</Reference>
</SignedInfo>
<SignatureValue/>
<KeyInfo>
<X509Data>
<X509Certificate/>
</X509Data>
</KeyInfo>
<Object Id="idPackageObject">
<Manifest>
<Reference URI="/_rels/.rels?ContentType=application/vnd.openxmlformats-package.relationships+xml">
<Transforms>
<Transform Algorithm="http://schemas.openxmlformats.org/package/2006/RelationshipTransform">
<mdssi:RelationshipReference xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" SourceId="rId1"/>
</Transform>
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue/>
</Reference>
<Reference URI="/word/_rels/document.xml.rels?ContentType=application/vnd.openxmlformats-package.relationships+xml">
<Transforms>
<Transform Algorithm="http://schemas.openxmlformats.org/package/2006/RelationshipTransform">
<mdssi:RelationshipReference xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" SourceId="rId5"/>
<mdssi:RelationshipReference xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" SourceId="rId4"/>
<mdssi:RelationshipReference xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" SourceId="rId3"/>
<mdssi:RelationshipReference xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" SourceId="rId2"/>
<mdssi:RelationshipReference xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" SourceId="rId1"/>
</Transform>
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue/>
</Reference>
<Reference URI="/word/document.xml?ContentType=application/vnd.openxmlformats-officedocument.wordprocessingml.document.main+xml">
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue/>
</Reference>
<Reference URI="/word/fontTable.xml?ContentType=application/vnd.openxmlformats-officedocument.wordprocessingml.fontTable+xml">
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue/>
</Reference>
<Reference URI="/word/settings.xml?ContentType=application/vnd.openxmlformats-officedocument.wordprocessingml.settings+xml">
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue/>
</Reference>
<Reference URI="/word/styles.xml?ContentType=application/vnd.openxmlformats-officedocument.wordprocessingml.styles+xml">
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue/>
</Reference>
<Reference URI="/word/theme/theme1.xml?ContentType=application/vnd.openxmlformats-officedocument.theme+xml">
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue/>
</Reference>
<Reference URI="/word/webSettings.xml?ContentType=application/vnd.openxmlformats-officedocument.wordprocessingml.webSettings+xml">
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue/>
</Reference>
</Manifest>
<SignatureProperties>
<SignatureProperty Id="idSignatureTime" Target="#idPackageSignature">
<mdssi:SignatureTime xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature">
<mdssi:Format>YYYY-MM-DDThh:mm:ssTZD</mdssi:Format>
<mdssi:Value>2015-11-22T17:21:28Z</mdssi:Value>
</mdssi:SignatureTime>
</SignatureProperty>
</SignatureProperties>
</Object>
<Object Id="idOfficeObject">
<SignatureProperties>
<SignatureProperty Id="idOfficeV1Details" Target="#idPackageSignature">
<SignatureInfoV1 xmlns="http://schemas.microsoft.com/office/2006/digsig">
<SetupID/>
<SignatureText/>
<SignatureImage/>
<SignatureComments>TEST SIGNING</SignatureComments>
<WindowsVersion>10.0</WindowsVersion>
<OfficeVersion>15.0</OfficeVersion>
<ApplicationVersion>15.0</ApplicationVersion>
<Monitors>1</Monitors>
<HorizontalResolution>1920</HorizontalResolution>
<VerticalResolution>1080</VerticalResolution>
<ColorDepth>32</ColorDepth>
<SignatureProviderId>{00000000-0000-0000-0000-000000000000}</SignatureProviderId>
<SignatureProviderUrl/>
<SignatureProviderDetails>9</SignatureProviderDetails>
<SignatureType>1</SignatureType>
</SignatureInfoV1>
</SignatureProperty>
</SignatureProperties>
</Object>
<Object>
<xd:QualifyingProperties xmlns:xd="http://uri.etsi.org/01903/v1.3.2#" Target="#idPackageSignature">
<xd:SignedProperties Id="idSignedProperties">
<xd:SignedSignatureProperties>
<xd:SigningTime>2015-11-22T17:21:28Z</xd:SigningTime>
<xd:SigningCertificate>
<xd:Cert>
<xd:CertDigest>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue/>
</xd:CertDigest>
<xd:IssuerSerial>
<X509IssuerName>E=ali@ali.com, CN=ALI-PC, OU=ALI-PC, O=ALI-PC, L=ALI-PC, S=ALI-PC, C=98</X509IssuerName>
<X509SerialNumber>1</X509SerialNumber>
</xd:IssuerSerial>
</xd:Cert>
</xd:SigningCertificate>
<xd:SignaturePolicyIdentifier>
<xd:SignaturePolicyImplied/>
</xd:SignaturePolicyIdentifier>
</xd:SignedSignatureProperties>
<xd:SignedDataObjectProperties>
<xd:CommitmentTypeIndication>
<xd:CommitmentTypeId>
<xd:Identifier>http://uri.etsi.org/01903/v1.2.2#ProofOfOrigin</xd:Identifier>
<xd:Description>Created and approved this document</xd:Description>
</xd:CommitmentTypeId>
<xd:AllSignedDataObjects/>
<xd:CommitmentTypeQualifiers>
<xd:CommitmentTypeQualifier>TEST SIGNING</xd:CommitmentTypeQualifier>
</xd:CommitmentTypeQualifiers>
</xd:CommitmentTypeIndication>
</xd:SignedDataObjectProperties>
</xd:SignedProperties>
</xd:QualifyingProperties>
</Object>
</Signature>
解决方案
You can have a look at the source code of this project, it covers basic digital signatures for MS Office documents. Note that the code is a bit outdated but the principles are the same
这篇关于签署直接使用XML的Office Word文档的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
