使用iTextSharp对pdf文件签名后更改签名外观 [英] Changing signature appearance after signing pdf file with iTextSharp
问题描述
我正在编写一项服务,在该服务中,我用一个空容器对pdf文件进行预签名,从pdf文件中获取字节范围的哈希值,然后将其发送到另一项服务,这将允许用户使用一部手机.我取回了一个证书,该证书将注入到预先签名的pdf文件中的签名容器中.
I'm writing a service where I pre-sign a pdf file with an empty container, take a hash of a byte range from the pdf file and send it to another service, that will allow a user to sign the hash using a mobile phone. I get back a certificate that I will inject into the signature container in the pre-signed pdf file.
到目前为止,一切正常,但我希望文档中具有可见的签名.可见签名要求证书从证书中获取信息(例如谁签名和何时签名),但似乎我需要在实际签名之前添加可见签名.
Everything works so far, except that I want to have visible signatures in the document. The visible signatures require the certificate to get information from it (like who signed it and when) but it seems that I need to add the visible signature before I actually sign it.
因此,我的问题是,在对文档进行签名后是否可以更改签名的外观?可见的签名图像似乎超出了文档的签名字节范围.
My question is therefore, is it possible to change the appearance of the signature within the document after signing it? The visible signature image seems to be outside the signed byte range of the document.
我正在使用空白容器对文件进行预签名:
I am pre-signing the file with a blank container:
IExternalSignatureContainer external = new ExternalBlankSignatureContainer(PdfName.ADOBE_PPKLITE, PdfName.ETSI_CADES_DETACHED);
MakeSignature.SignExternalContainer(_sap, external, 8192 * 2);
其中_sap是压模的SignatureAppearance,其初始化方式如下:
Where _sap is the SignatureAppearance from a stamper initialized the following way:
PdfStamper stamper = PdfStamper.CreateSignature(reader, baos, '\0', null, true);
从SignatureAppearance返回字节范围的哈希值:
The returning a hash of the byterange from the SignatureAppearance:
Stream data = _sap.GetRangeStream();
_hash = DigestAlgorithms.Digest(data, DigestAlgorithms.SHA1);
_hashStr = Convert.ToBase64String(_hash);
return _hashStr;
然后,当我获得认证时,我将创建一个自定义容器:
And then when I get the certification I create a custom container:
IExternalSignatureContainer container = new CustomContainer(cert);
MakeSignature.SignDeferred(reader, _signatureFieldName, baos, container);
自定义容器除了在其public byte[] Sign(Stream data)方法中返回cert之外,不执行任何操作.
The custom container doesn't do anything except to return the cert in it's public byte[] Sign(Stream data) method.
签名本身有效,数字签名有效,但我只需要更改可见签名本身的文本即可.我认为这是有可能的,因为可见签名实际上与证书本身没有任何关系,所以显示证书中的名称(特别是带有多个签名)特别方便.
The signing itself works, the digital signatures are valid but I just need to change the text of the visible signature itself. I would think that it's possible, since the visible signature doesn't actually have anything to do with the certificate itself, it's just a convenience to display the name from the certificate, especially with multiple signatures.
推荐答案
您写的时候是对的:看来我需要在实际签名之前添加可见签名.您错了当您写道:我认为这是可能的.
You were right when you wrote: it seems that I need to add the visible signature before I actually sign it. You were wrong when you wrote: I would think that it's possible.
签名的外观由存储在PDF文档中的字典和流组成.这些对象是经过哈希处理并随后签名的字节的一部分.您不能在不破坏签名的情况下更改这些字节.
The appearance of the signature consists of dictionaries and streams stored in the PDF document. These objects are part of the bytes that are hashed and subsequently signed. You can't change these bytes without breaking the signature.
这篇关于使用iTextSharp对pdf文件签名后更改签名外观的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
