如何在PHP中实现数字签名 [英] How to implement Digital Signature in PHP

问题描述

我必须在证书中实现数字签名，然后在PHP中将其打印为PDF。

要求就像是由注册服务商或分注册服务商之类的授权人以数字方式签署证书。实施数字签名的基本思想是要知道：

1）证书是由授权人进行数字签名的，并且是由授权人或其他人创建的

2）在注册服务商/分注册服务商对证书进行数字签名后，证书中是否有任何更改（制止伪造）。

>

3）文档何时签署或何时进行更改。

我在这个主题上进行了很多搜索把什么也没有得到，甚至没有任何指南可以指导我如何做到这一点。我之前从未听说过，但是根据要求我必须这样做。因此，请有人指导我或帮助我如何在PHP中实现它。我必须在其中实现的证书是 http://crsdemo.lsipl.com/crs/web/index.php/auth/birthCertificate/view/cert/B/NzU2MjQ%3D

解决方案

有可用的软件库，使您可以对PDF文件进行数字签名。 iText是其中之一，但也有很多其他东西。保护签名人的数字证书，尤其是证书的私钥。

如果签名的PDF将被审核或提交给想要进行审核的依赖方（收件人）要确保自己确实是PDF的真实签名者，那么数字证书（和签名系统）必须是QSCD合格的签名创建设备。 （同一想法的旧名称是SSCD，安全签名创建设备。）

智能卡是创建QSCD的旧方法。更现代的是使用集中式签名设备。我的公司DocuSign制作了 QSCD 和 API ，其他人也这样做。

I have to Implement a digital signature in a certificate which we print as PDF in PHP.

The requirement is like that a authorized person like Registrar or Sub Registrar digitally signs a certificate. The basic idea behind implementing Digital signature is to know that:

1) Is the certificate digitally signed by the Authorized person and who was that authorized person or someone else has created it who dont have the authority.

2) Is there any changes in the certificate after the registrar/Sub-Registrar digitally signed the certificate (To stop forgery).

3) When was the document signed or when were the changes were done.

I have searched a lot on this topic put getting nothing and even not any tutorial which could guide me how to do this. I have never heard about this before but according to requirement I have to do this. So please someone guide me or help me how can I implement this in PHP. The certificate in which I have to implement this is http://crsdemo.lsipl.com/crs/web/index.php/auth/birthCertificate/view/cert/B/NzU2MjQ%3D

解决方案

There are software libraries available that will enable you to digitally sign PDF files. iText is one, but there are plenty of others, too.

However all of the libraries tend to suffer from a common problem: safe-guarding the signer's digital certificate, and in particular, the certificate's private key.

If the signed PDF will ever be audited or submitted to a relying party (recipient) who wants to assure himself that the PDF was really signed by the person who is purported to have signed it, then the digital certificate (and signing system) must be a QSCD -- Qualified Signature Creation Device. (An older name for the same idea was SSCD, "Secure Signature Creation Device.")

Smart cards were the old way to create a QSCD. More modern is to use a centralized signing appliance. My company, DocuSign, makes a QSCD with an API, others do too.

这篇关于如何在PHP中实现数字签名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！