如何使用Windows Cert Store中的证书签署PDF文档？ [英] How do I sign a PDF document using a certificate from the Windows Cert Store?

问题描述

我需要使用Windows证书存储中存在的证书来签署PDF文档。

。

p>所有缺少的是：如何获取一个IExternalSignature对象来签署PDF文件？

Rahul Singla 已经写了一个很好的例子，说明如何使用新的iText 5.3.0 API - 签署一个PDF文档，你可以访问一个.pfx文件坐在你的电脑上的某个地方

有使用Windows Cert Store中的证书签名时的上一个问题，除了它使用的是 SetCrypto 仍然存在，并且签名显然是可选的。在iText 5.3.0中，API已经改变， SetCrypto 不再是一个东西。

到目前为止（添加评论添加为后代，因为这可能是如何做到这一点的最完整和最新版本的网）：

 使用iTextSharp.text.pdf; 
使用iTextSharp.text.pdf.security; 
 using BcX509 = Org.BouncyCastle.X509; 
使用Org.BouncyCastle.Pkcs; 
使用Org.BouncyCastle.Crypto; 
使用DotNetUtils = Org.BouncyCastle.Security.DotNetUtilities; 
 
 ... 
 
 //设置PDF IO 
 PdfReader reader = new PdfReader（@some\dir\SomeTemplate.pdf）; 
 PdfStamper stamper = PdfStamper.CreateSignature（reader，
 new FileStream（@some\dir\SignedPdf.pdf，FileMode.Create），'\0'）; 
 PdfSignatureAppearance sap = stamper.SignatureAppearance; 
 
 sap.Reason =对于没有明显的葡萄干; 
 sap.Location =... 
 
 //获取证书链
 var certStore = new X509Store（StoreName.My，StoreLocation.LocalMachine）; 
 certStore.Open（OpenFlags.ReadOnly）; 
 
 X509CertificateCollection certCollection = 
 certStore.Certificates.Find（X509FindType.FindBySubjectName，
My.Cert.Subject，true）; 
 X509Certificate cert = certCollection [0]; 
 // iTextSharp需要这个证书作为BouncyCastle X509对象;这转换它。 
 BcX509.X509Certificate bcCert = DotNetUtils.FromX509Certificate（cert）; 
 var chain = new List< BcX509.X509Certificate> {bcCert}; 
 certStore.Close（）; 
 
 //好的，这是证书链。现在我如何获得PKS？ 
 IExternalSignature signature = null; / * ??? * / 
 
 //签署PDF文件并完成。 
 MakeSignature.SignDetached（sap，signature，chain，//重要的东西
 null，null，null，0，CryptoStandard.CMS）; 
 stamper.Close（）; 
  

如您所见：

解决方案

  X509Certificate cert = certCollection [ 0]; //您的代码
 X509Certificate2 signatureCert = new X509Certificate2（cert）; 
 
 var pk = Org.BouncyCastle.Security.DotNetUtilities.GetKeyPair（signatureCert.PrivateKey）.Private; 
  

如果您有pk，可以如上所述创建一个IExternalSignature， p>

  IExternalSignature es = new PrivateKeySignature（pk，SHA-256）; 
  

您还可以找到以下使用条款：

• https://www.simple-talk.com/dotnet/.net-framework/beginning-with-digital-signatures-in-.net-framework/


• http://msdn.microsoft.com/en-us /library/ms223098.aspx

I need to sign a PDF document using a certificate that exists in the Windows Certificate Store. I have been digging around all day trying to figure it out, and I am so close yet so far away.

All that is missing is this: How do I get an IExternalSignature object to sign the PDF file with?

Rahul Singla has written a beautiful example of how to sign a PDF document using the new iText 5.3.0 API - as long as you can access a .pfx file sitting around on your PC somewhere.

There is a previous question on signing using a certificate from the Windows Cert Store, except it was using a version of the API where SetCrypto still exists, and the signature was apparently optional. In iText 5.3.0, the API has changed, and SetCrypto is no longer a thing.

Here's what I have so far (comments added for posterity, since this might be the most complete and recent version of how to do this on the 'net):

using iTextSharp.text.pdf;
using iTextSharp.text.pdf.security;
using BcX509 = Org.BouncyCastle.X509;
using Org.BouncyCastle.Pkcs;
using Org.BouncyCastle.Crypto;
using DotNetUtils = Org.BouncyCastle.Security.DotNetUtilities;

...

// Set up the PDF IO
PdfReader reader = new PdfReader(@"some\dir\SomeTemplate.pdf");
PdfStamper stamper = PdfStamper.CreateSignature(reader,
    new FileStream(@"some\dir\SignedPdf.pdf", FileMode.Create), '\0');
PdfSignatureAppearance sap = stamper.SignatureAppearance;

sap.Reason = "For no apparent raisin";
sap.Location = "...";

// Acquire certificate chain
var certStore = new X509Store(StoreName.My, StoreLocation.LocalMachine);
certStore.Open(OpenFlags.ReadOnly);

X509CertificateCollection certCollection =
    certStore.Certificates.Find(X509FindType.FindBySubjectName,
    "My.Cert.Subject", true);
X509Certificate cert = certCollection[0];
// iTextSharp needs this cert as a BouncyCastle X509 object; this converts it.
BcX509.X509Certificate bcCert = DotNetUtils.FromX509Certificate(cert);
var chain = new List<BcX509.X509Certificate> { bcCert };
certStore.Close();

// Ok, that's the certificate chain done. Now how do I get the PKS?
IExternalSignature signature = null; /* ??? */

// Sign the PDF file and finish up.
MakeSignature.SignDetached(sap, signature, chain, // the important stuff
    null, null, null, 0, CryptoStandard.CMS);
stamper.Close();

As you can see: I have everything but the signature, and I'm stumped as to how I should obtain it!

解决方案

X509Certificate cert = certCollection[0]; // Your code
X509Certificate2 signatureCert = new X509Certificate2(cert);

var pk = Org.BouncyCastle.Security.DotNetUtilities.GetKeyPair(signatureCert.PrivateKey).Private;

If you have the pk, which can get as above, you create an IExternalSignature as follows:

IExternalSignature es = new PrivateKeySignature(pk, "SHA-256");

You may also find the following articles of use:

• https://www.simple-talk.com/dotnet/.net-framework/beginning-with-digital-signatures-in-.net-framework/
• http://msdn.microsoft.com/en-us/library/ms223098.aspx

这篇关于如何使用Windows Cert Store中的证书签署PDF文档？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！