使用用户签名在服务器文档上签名PDF [英] Signing PDFs on a server document using a signature from the user
问题描述
以下是我想要做的事情:
Here is what I want to do:
- 用户创建文档(html)
- 编辑 - >在服务器上保存PDF
- 询问用户是否要签署文件
- (是)这里是问题
- (没有)没问题
- user creates document (html)
- edit -> save PDF on server
- ask if user wants to sign the document
- (yes) here is the problem
- (no) no problem
所以现在我遇到的问题是如何在步骤3中执行此操作(是)。如果签名已打开服务器没问题,我有一些html-> php-> pdf类,可以用数字签名签名,但签名必须在服务器上作为文件。问题是,我怎样才能直接在服务器上进行。用户选择是,读取签名(从他的计算机上的读者)并发送到服务器并完成签名。在这里,我相信如果没有像Java这样的东西,我就无法做到。在我看来,PHP和JavaScript肯定不足以完成这个动作。
So now the problem I face is how to do that (yes) in step 3. If the signature is on the server no problem, I have some html->php->pdf classes that can sign with digital signatures but the signature must be on the server as a file. The question is, how can I do it directly on the server. The user chooses yes, the signature is read (from his reader on his computer) and send to the server and signing is done. Here I believe I can't do it without something like Java or so. In my opinion PHP and JavaScript sure as hell aren't going to be enough for this action.
有没有人遇到过这样的问题?也许一些准备使用的库?
Has anyone ever encountered a problem like that? Maybe some ready to use library?
P.S。不太确定标签是否正确,但无法确定要放哪个。
P.S. not quite sure if the tags are correct, but couldn't figure out which to put.
推荐答案
如果证书带私有key在客户端上,然后您需要一个客户端模块来进行签名。 JavaScript是不够的,因为它无法访问客户端上的密钥。您可以尝试拨打来自JavaScript的CAPICOM ,这是部分(没有PKCS#11支持),Windows特定和过时的解决方案。更好的选择是使用Java编写的浏览器小程序将执行签名(见下文)。
If the certificate with a private key is on the client, then you need a client-side module to do signing. JavaScript won't be enough as it won't have access to the key on the client. While you can try calling CAPICOM from JavaScript, this is a partial (no PKCS#11 support), Windows-specific and obsolete solution. Better option is to have a browser applet written in Java that will perform signing (see below).
我们的SecureBlackbox产品有一个分布式签名附加组件,它完全符合您的描述(目前支持PHP,Java,ASP.NET和编译模块)。您可以看到附加组件的工作方式:
Our SecureBlackbox product has a distributed signature add-on which does exactly what you describe (PHP, Java, ASP.NET and compiled modules are supported at the moment). You can see the scheme how the add-on works:
在我们的产品中,我们提供预构建的浏览器模块 - Java Applet,ActiveX控件和Flash applet,但Java applet在大多数情况下都足够了因为它可以访问Windows上的PKCS#11存储和Windows证书存储。对于不支持Java applet的浏览器,SecureBlackbox允许通过Java Web Start使用applet作为外部应用程序。
In our product we offer pre-built browser modules - Java Applet, ActiveX control and Flash applet, yet Java applet is in most cases enough as it can access PKCS#11 storages and Windows Certificate storage on Windows. For browsers that don't support Java applets SecureBlackbox allows to use the applet via Java Web Start, as an external "application".
您可能需要重新创建这个完整的方案,但是计算服务器上的哈希并将其传递给客户端进行签名然后嵌入是一个很大的技巧回溯到文档的签名。
You will probably need to re-create this complete scheme, however it's a big trick to calculate the hash on the server and pass it to the client for signing and then embed the signature back to the document.
将完整的文档传输到客户端可能更容易,并且有一个Java applet将使用iText或Java版本签署该文档我们的SecureBlackbox然后将文档上传回服务器。
It would probably be easier to transfer the complete document to the client and have a Java applet that will sign that document using iText or Java edition of our SecureBlackbox and then upload the document back to the server.
这篇关于使用用户签名在服务器文档上签名PDF的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!