使用用户签名在服务器文档上签署 PDF [英] Signing PDFs on a server document using a signature from the user
问题描述
这是我想要做的:
- 用户创建文档(html)
- 编辑 -> 在服务器上保存 PDF
- 询问用户是否要签署文件
- (是的)这是问题
- (不)没问题
所以现在我面临的问题是如何在步骤 3 中做到这一点(是的).如果签名在服务器上没问题,我有一些 html->php->pdf 类可以使用数字签名进行签名,但是签名必须作为文件在服务器上.问题是,我怎样才能直接在服务器上做到这一点.用户选择是,读取签名(从他计算机上的阅读器)并发送到服务器并完成签名.在这里,我相信没有 Java 之类的东西我就做不到.在我看来,PHP 和 JavaScript 肯定不足以完成此操作.
So now the problem I face is how to do that (yes) in step 3. If the signature is on the server no problem, I have some html->php->pdf classes that can sign with digital signatures but the signature must be on the server as a file. The question is, how can I do it directly on the server. The user chooses yes, the signature is read (from his reader on his computer) and send to the server and signing is done. Here I believe I can't do it without something like Java or so. In my opinion PHP and JavaScript sure as hell aren't going to be enough for this action.
有没有人遇到过这样的问题?也许一些准备好使用的图书馆?
Has anyone ever encountered a problem like that? Maybe some ready to use library?
附言不太确定标签是否正确,但不知道该放哪个.
P.S. not quite sure if the tags are correct, but couldn't figure out which to put.
推荐答案
如果带有私钥的证书在客户端,那么您需要一个客户端模块来进行签名.JavaScript 是不够的,因为它无法访问客户端上的密钥.虽然您可以尝试调用 来自 JavaScript 的 CAPICOM,这是一个部分(不支持 PKCS#11)、Windows 特定的和过时的解决方案.更好的选择是使用 Java 编写的浏览器小程序来执行签名(见下文).
If the certificate with a private key is on the client, then you need a client-side module to do signing. JavaScript won't be enough as it won't have access to the key on the client. While you can try calling CAPICOM from JavaScript, this is a partial (no PKCS#11 support), Windows-specific and obsolete solution. Better option is to have a browser applet written in Java that will perform signing (see below).
我们的 SecureBlackbox 产品有一个分布式签名插件,它完全符合您的描述(目前支持 PHP、Java、ASP.NET 和编译模块).您可以看到附加组件的工作原理:
Our SecureBlackbox product has a distributed signature add-on which does exactly what you describe (PHP, Java, ASP.NET and compiled modules are supported at the moment). You can see the scheme how the add-on works:
在我们的产品中,我们提供预构建的浏览器模块 - Java Applet、ActiveX 控件和 Flash 小程序,但 Java 小程序在大多数情况下就足够了,因为它可以访问 Windows 上的 PKCS#11 存储和 Windows 证书存储.对于不支持 Java 小程序的浏览器,SecureBlackbox 允许通过 Java Web Start 将小程序用作外部应用程序".
In our product we offer pre-built browser modules - Java Applet, ActiveX control and Flash applet, yet Java applet is in most cases enough as it can access PKCS#11 storages and Windows Certificate storage on Windows. For browsers that don't support Java applets SecureBlackbox allows to use the applet via Java Web Start, as an external "application".
您可能需要重新创建这个完整的方案,但是在服务器上计算散列并将其传递给客户端进行签名,然后将签名嵌入到文档中是一个很大的技巧.
You will probably need to re-create this complete scheme, however it's a big trick to calculate the hash on the server and pass it to the client for signing and then embed the signature back to the document.
将完整的文档传输到客户端并拥有一个 Java 小程序来使用我们的 SecureBlackbox 的 iText 或 Java 版本对该文档进行签名,然后将文档上传回服务器可能会更容易.
It would probably be easier to transfer the complete document to the client and have a Java applet that will sign that document using iText or Java edition of our SecureBlackbox and then upload the document back to the server.
这篇关于使用用户签名在服务器文档上签署 PDF的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
