iTextSharp - 签名哈希 [英] iTextSharp - Signed Hash
问题描述
- 客户端选择要签署的PDF格式
- Web服务从pdf中提取哈希并将其发送到外部提供程序
- 外部提供程序对哈希进行签名
- 外部提供程序发回已签名的哈希
- Web服务包括已签名的哈希返回到pdf
- 客户端拥有签名PDF
我试图将签名散列插入/更新为pdf时遇到一个大问题。
$ b
我正在使用iTextSharp。
我已经阅读Bruno Lowagie的白皮书PDF文档的数字签名这是一个很大的帮助,但我无法弄清楚如何插入签名散列,顺便说一句,这是我唯一拥有的,没有证书,没有任何东西。
Please,help。
Gabriel
根据你的评论,你目前的做法如下:
基本上,我提取pdf文件的哈希像这样。
使用(SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider())
$ $ $ $ b $ $私人字符串FileHash(byte [] vGblFilePDF) $ b {
vGblHash = Convert.ToBase64String(sha1.ComputeHash(vGblFilePDF));
}
返回vGblHash;
}
然后我将它发送给提供者,形成一个WS,只添加一个Id号码,那么提供者会将我签名的哈希发送给我(签名后),我必须将其插入到pdf中。
这种做法从根本上说是错误的,您已经开始计算错误的哈希值了!
您首先必须准备您的PDF ;在此准备步骤中,您将某些结构添加到PDF中,将PDF标记为包含签名并为稍后插入签名容器预留一部分;所有除了该保留区段之外都将被散列:
(有关某些背景和指向其他文献的信息,请参阅此答案) 此后,必须创建一个具有该文档散列签名的完整PKCS#7 / CMS签名容器并将其插入该保留部分。 这是大多数iText签名代码(这里是Java代码)为您提供的功能: (取自 C2_01_SignHelloWorld.java 相当于 C2_01_SignHelloWorld.cs ) 您只需提供与您的提供商进行通信的 I'm developing a WebService were a client could sign a PDF, this are the steps: I'd encounter a big problem trying to insert/update the signed hash into the pdf. I'm using iTextSharp. I'd already read the white paper "Digital Signatures for PDF documents" from Bruno Lowagie, and it was a great help, but i can't figure it out how to insert the signed hash, wich by the way, is the only thing i have, no certificates, o nothing. Please, help. Gabriel According to your comment your current approach is as follows: Basically I extract the hash of the pdf file like this. then i send it to the provider trought a WS, adding only a Id number, then the provider send me back (after an identification) the signed hash, wich i have to insert into the pdf. This approach is fundamentally wrong, you already start by calculating the wrong hash! You first have to prepare your PDF; during this preparation step you add certain structures to the PDF that mark the PDF as containing a signature and reserve a section for the later insertion of a signature container; everything with the exception of that reserved section then is to be hashed: (For some backgrounds and pointers to additional literature cf. this answer.) Thereafter a full-blown PKCS#7 / CMS signature container with a signature for that document hash has to be created and inserted in that reserved section. This is what most of the iText signing code (here in Java) does for you: (taken from C2_01_SignHelloWorld.java equivalent to C2_01_SignHelloWorld.cs) You merely need to provide a
这篇关于iTextSharp - 签名哈希的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
PdfReader reader = new PdfReader(src);
FileOutputStream os = new FileOutputStream(dest);
PdfStamper stamper = PdfStamper.createSignature(reader,os,'\0');
//创建外观
PdfSignatureAppearance外观= stamper.getSignatureAppearance();
appearance.setReason(原因);
appearance.setLocation(location);
appearance.setVisibleSignature(new Rectangle(36,748,144,780),1,sig);
//创建签名
ExternalDigest digest = new BouncyCastleDigest();
ExternalSignature签名= ...;
MakeSignature.signDetached(外观,摘要,签名,链,null,null,null,0,subfilter);
ExternalSignature
/ IExternalSignature
实施方案:
public interface IExternalSignature {
$ b $ / **
*返回散列算法。
* @返回哈希算法(例如SHA-1,SHA-256,...)
* /
String GetHashAlgorithm();
/ **
*返回用于签名的加密算法。
* @返回加密算法(RSA或DSA)
* /
String GetEncryptionAlgorithm();
/ **
*使用加密算法和
*摘要算法进行签名。
* @param消息你想被哈希和签名的消息
* @返回一个签名的消息摘要
* @throws GeneralSecurityException
* /
byte [] Sign (byte []消息);
}
private string FileHash(byte[] vGblFilePDF)
{
using (SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider())
{
vGblHash = Convert.ToBase64String(sha1.ComputeHash(vGblFilePDF));
}
return vGblHash;
}
PdfReader reader = new PdfReader(src);
FileOutputStream os = new FileOutputStream(dest);
PdfStamper stamper = PdfStamper.createSignature(reader, os, '\0');
// Creating the appearance
PdfSignatureAppearance appearance = stamper.getSignatureAppearance();
appearance.setReason(reason);
appearance.setLocation(location);
appearance.setVisibleSignature(new Rectangle(36, 748, 144, 780), 1, "sig");
// Creating the signature
ExternalDigest digest = new BouncyCastleDigest();
ExternalSignature signature = ...;
MakeSignature.signDetached(appearance, digest, signature, chain, null, null, null, 0, subfilter);
ExternalSignature
/IExternalSignature
implementation communicating with your provider:public interface IExternalSignature {
/**
* Returns the hash algorithm.
* @return the hash algorithm (e.g. "SHA-1", "SHA-256,...")
*/
String GetHashAlgorithm();
/**
* Returns the encryption algorithm used for signing.
* @return the encryption algorithm ("RSA" or "DSA")
*/
String GetEncryptionAlgorithm();
/**
* Signs it using the encryption algorithm in combination with
* the digest algorithm.
* @param message the message you want to be hashed and signed
* @return a signed message digest
* @throws GeneralSecurityException
*/
byte[] Sign(byte[] message);
}