可以使用SSL证书对文件进行数字签名吗? [英] Can SSL cert be used to digitally sign files?
问题描述
我不太想问关于数字签名的问题。
我不想创建用于对某些(PDF)文件进行签名的自签名证书,而是想获取已验证数据的SSL证书。
I want to ask a thing about digital signing I am not very sure. Instead of creating a self signed certificate to use to sign some (PDF) files, I wanted to take my SSL cert which have my data already verified.
但是问题是:可以将SSL证书用于数字签名文件还是以某种方式不兼容?
But the question is: Can a SSL cert be used to digital sign files or is it incompatible in some manner?
编辑:要澄清一下,这个问题不是关于如何签名PDF,仅与是否可以使用SSL证书(或以任何方式转换)来签名文件有关。
To clarify, this question is not about how to sign PDFs, is only about if a SSL cert can be used (or converted in any way) to sign files.
推荐答案
到支持数字签名证书的 keyUsage
字段中必须具有 digitalSignature
选项(以及 codeSigning $如果您要使用它对程序进行签名,请在
extendedKeyUsage
字段中使用c $ c>选项。
To support digital signing certificate must have digitalSignature
option in it's keyUsage
field (and codeSigning
option in it's extendedKeyUsage
field if your want to sign programs with it).
使用现有工具完成或手动完成(java示例,您并没有要求,但是此代码段可能仍然有用):
Signing may be done with existing tools or manually (java example, you are not asking for it, but this code snippet might be useful anyway):
byte[] bytesToSign = loadMyData();
KeyStore ks = KeyStore.getInstance("pkcs12", "SunJSSE");
ks.load(new FileInputStream("cert.p12"), "passwd1".toCharArray());
PrivateKey privateKey = (PrivateKey) ks.getKey("myalias", "passwd2".toCharArray());
Signature sig = Signature.getInstance("SHA1withRSA", ks.getProvider());
sig.initSign(privateKey);
sig.update(bytesToSign);
byte[] signature = sig.sign();
要使用openssl制作自己的非自签名证书,请参见这样的答案。
To make your own not self-signed certificate with openssl see this SO answer.
也很好奇对PDF签名-这些文件的哈希值不够大吗?
Also curious about signing PDF's - aren't separate hash sums of these files enough in your case?
edit::如果您需要任何符号,而不是现有工具的X.509符号,则可以从中提取RSA密钥您的证书并进行签名,而不必担心 keyUsage
字段。
edit: if you want any sign, not exactly X.509 sign by existing tools, you can extract RSA key from your cert and do signing without bothering about keyUsage
field.
这篇关于可以使用SSL证书对文件进行数字签名吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!