如何使用Windows Cert Store中的证书签署PDF文档？

本文介绍了如何使用Windows Cert Store中的证书签署PDF文档？的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我需要使用Windows证书存储中存在的证书来签署PDF文档。

。

p>所有缺少的是：如何获取一个IExternalSignature对象来签署PDF文件？

Rahul Singla 已经写了一个很好的例子，说明如何使用新的iText 5.3.0 API - 签署一个PDF文档，你可以访问一个.pfx文件坐在你的电脑上的某个地方

有使用Windows Cert Store中的证书签名时的上一个问题，除了它使用的是 SetCrypto 仍然存在，并且签名显然是可选的。在iText 5.3.0中，API已经改变， SetCrypto 不再是一个东西。

到目前为止（添加评论添加为后代，因为这可能是如何做到这一点的最完整和最新版本的网）：

使用iTextSharp.text.pdf; 使用iTextSharp.text.pdf.security; using BcX509 = Org.BouncyCastle.X509; 使用Org.BouncyCastle.Pkcs; 使用Org.BouncyCastle.Crypto; 使用DotNetUtils = Org.BouncyCastle.Security.DotNetUtilities; ... //设置PDF IO PdfReader reader = new PdfReader（@some\dir\SomeTemplate.pdf）; PdfStamper stamper = PdfStamper.CreateSignature（reader， new FileStream（@some\dir\SignedPdf.pdf，FileMode.Create），'\0'）; PdfSignatureAppearance sap = stamper.SignatureAppearance; sap.Reason =对于没有明显的葡萄干; sap.Location =... //获取证书链 var certStore = new X509Store（StoreName.My，StoreLocation.LocalMachine）; certStore.Open（OpenFlags.ReadOnly）; X509CertificateCollection certCollection = certStore.Certificates.Find（X509FindType.FindBySubjectName，My.Cert.Subject，true）; X509Certificate cert = certCollection [0]; // iTextSharp需要这个证书作为BouncyCastle X509对象;这转换它。 BcX509.X509Certificate bcCert = DotNetUtils.FromX509Certificate（cert）; var chain = new List< BcX509.X509Certificate> {bcCert}; certStore.Close（）; //好的，这是证书链。现在我如何获得PKS？ IExternalSignature signature = null; / * ??? * / //签署PDF文件并完成。 MakeSignature.SignDetached（sap，signature，chain，//重要的东西 null，null，null，0，CryptoStandard.CMS）; stamper.Close（）;

如您所见：

解决方案

X509Certificate cert = certCollection [ 0]; //您的代码 X509Certificate2 signatureCert = new X509Certificate2（cert）; var pk = Org.BouncyCastle.Security.DotNetUtilities.GetKeyPair（signatureCert.PrivateKey）.Private;

如果您有pk，可以如上所述创建一个IExternalSignature， p>

IExternalSignature es = new PrivateKeySignature（pk，SHA-256）;

您还可以找到以下使用条款：

• www.simple-talk/dotnet/-framework/beginning-with-digital-signatures-in--framework/
• msdn.microsoft/en-us /library/ms223098.aspx

I need to sign a PDF document using a certificate that exists in the Windows Certificate Store. I have been digging around all day trying to figure it out, and I am so close yet so far away.

All that is missing is this: How do I get an IExternalSignature object to sign the PDF file with?

Rahul Singla has written a beautiful example of how to sign a PDF document using the new iText 5.3.0 API - as long as you can access a .pfx file sitting around on your PC somewhere.

There is a previous question on signing using a certificate from the Windows Cert Store, except it was using a version of the API where SetCrypto still exists, and the signature was apparently optional. In iText 5.3.0, the API has changed, and SetCrypto is no longer a thing.

Here's what I have so far (comments added for posterity, since this might be the most complete and recent version of how to do this on the 'net):

using iTextSharp.text.pdf; using iTextSharp.text.pdf.security; using BcX509 = Org.BouncyCastle.X509; using Org.BouncyCastle.Pkcs; using Org.BouncyCastle.Crypto; using DotNetUtils = Org.BouncyCastle.Security.DotNetUtilities; ... // Set up the PDF IO PdfReader reader = new PdfReader(@"some\dir\SomeTemplate.pdf"); PdfStamper stamper = PdfStamper.CreateSignature(reader, new FileStream(@"some\dir\SignedPdf.pdf", FileMode.Create), '\0'); PdfSignatureAppearance sap = stamper.SignatureAppearance; sap.Reason = "For no apparent raisin"; sap.Location = "..."; // Acquire certificate chain var certStore = new X509Store(StoreName.My, StoreLocation.LocalMachine); certStore.Open(OpenFlags.ReadOnly); X509CertificateCollection certCollection = certStore.Certificates.Find(X509FindType.FindBySubjectName, "My.Cert.Subject", true); X509Certificate cert = certCollection[0]; // iTextSharp needs this cert as a BouncyCastle X509 object; this converts it. BcX509.X509Certificate bcCert = DotNetUtils.FromX509Certificate(cert); var chain = new List<BcX509.X509Certificate> { bcCert }; certStore.Close(); // Ok, that's the certificate chain done. Now how do I get the PKS? IExternalSignature signature = null; /* ??? */ // Sign the PDF file and finish up. MakeSignature.SignDetached(sap, signature, chain, // the important stuff null, null, null, 0, CryptoStandard.CMS); stamper.Close();

As you can see: I have everything but the signature, and I'm stumped as to how I should obtain it!

解决方案

X509Certificate cert = certCollection[0]; // Your code X509Certificate2 signatureCert = new X509Certificate2(cert); var pk = Org.BouncyCastle.Security.DotNetUtilities.GetKeyPair(signatureCert.PrivateKey).Private;

If you have the pk, which can get as above, you create an IExternalSignature as follows:

IExternalSignature es = new PrivateKeySignature(pk, "SHA-256");

You may also find the following articles of use:

• www.simple-talk/dotnet/-framework/beginning-with-digital-signatures-in--framework/
• msdn.microsoft/en-us/library/ms223098.aspx