我需要使用Windows证书存储中存在的证书来签署PDF文档。
。 p>所有缺少的是:如何获取一个IExternalSignature对象来签署PDF文件?Rahul Singla 已经写了一个很好的例子,说明如何使用新的iText 5.3.0 API - 签署一个PDF文档,你可以访问一个.pfx文件坐在你的电脑上的某个地方
有使用Windows Cert Store中的证书签名时的上一个问题,除了它使用的是 SetCrypto 仍然存在,并且签名显然是可选的。在iText 5.3.0中,API已经改变, SetCrypto 不再是一个东西。
到目前为止(添加评论添加为后代,因为这可能是如何做到这一点的最完整和最新版本的网):
使用iTextSharp.text.pdf; 使用iTextSharp.text.pdf.security; using BcX509 = Org.BouncyCastle.X509; 使用Org.BouncyCastle.Pkcs; 使用Org.BouncyCastle.Crypto; 使用DotNetUtils = Org.BouncyCastle.Security.DotNetUtilities; ... //设置PDF IO PdfReader reader = new PdfReader(@some\dir\SomeTemplate.pdf); PdfStamper stamper = PdfStamper.CreateSignature(reader, new FileStream(@some\dir\SignedPdf.pdf,FileMode.Create),'\0'); PdfSignatureAppearance sap = stamper.SignatureAppearance; sap.Reason =对于没有明显的葡萄干; sap.Location =... //获取证书链 var certStore = new X509Store(StoreName.My,StoreLocation.LocalMachine); certStore.Open(OpenFlags.ReadOnly); X509CertificateCollection certCollection = certStore.Certificates.Find(X509FindType.FindBySubjectName,My.Cert.Subject,true); X509Certificate cert = certCollection [0]; // iTextSharp需要这个证书作为BouncyCastle X509对象;这转换它。 BcX509.X509Certificate bcCert = DotNetUtils.FromX509Certificate(cert); var chain = new List< BcX509.X509Certificate> {bcCert}; certStore.Close(); //好的,这是证书链。现在我如何获得PKS? IExternalSignature signature = null; / * ??? * / //签署PDF文件并完成。 MakeSignature.SignDetached(sap,signature,chain,//重要的东西 null,null,null,0,CryptoStandard.CMS); stamper.Close();如您所见:
解决方案X509Certificate cert = certCollection [ 0]; //您的代码 X509Certificate2 signatureCert = new X509Certificate2(cert); var pk = Org.BouncyCastle.Security.DotNetUtilities.GetKeyPair(signatureCert.PrivateKey).Private;
如果您有pk,可以如上所述创建一个IExternalSignature, p>
IExternalSignature es = new PrivateKeySignature(pk,SHA-256);您还可以找到以下使用条款:
- www.simple-talk/dotnet/-framework/beginning-with-digital-signatures-in--framework/
- msdn.microsoft/en-us /library/ms223098.aspx
I need to sign a PDF document using a certificate that exists in the Windows Certificate Store. I have been digging around all day trying to figure it out, and I am so close yet so far away.
All that is missing is this: How do I get an IExternalSignature object to sign the PDF file with?
Rahul Singla has written a beautiful example of how to sign a PDF document using the new iText 5.3.0 API - as long as you can access a .pfx file sitting around on your PC somewhere.
There is a previous question on signing using a certificate from the Windows Cert Store, except it was using a version of the API where SetCrypto still exists, and the signature was apparently optional. In iText 5.3.0, the API has changed, and SetCrypto is no longer a thing.
Here's what I have so far (comments added for posterity, since this might be the most complete and recent version of how to do this on the 'net):
using iTextSharp.text.pdf; using iTextSharp.text.pdf.security; using BcX509 = Org.BouncyCastle.X509; using Org.BouncyCastle.Pkcs; using Org.BouncyCastle.Crypto; using DotNetUtils = Org.BouncyCastle.Security.DotNetUtilities; ... // Set up the PDF IO PdfReader reader = new PdfReader(@"some\dir\SomeTemplate.pdf"); PdfStamper stamper = PdfStamper.CreateSignature(reader, new FileStream(@"some\dir\SignedPdf.pdf", FileMode.Create), '\0'); PdfSignatureAppearance sap = stamper.SignatureAppearance; sap.Reason = "For no apparent raisin"; sap.Location = "..."; // Acquire certificate chain var certStore = new X509Store(StoreName.My, StoreLocation.LocalMachine); certStore.Open(OpenFlags.ReadOnly); X509CertificateCollection certCollection = certStore.Certificates.Find(X509FindType.FindBySubjectName, "My.Cert.Subject", true); X509Certificate cert = certCollection[0]; // iTextSharp needs this cert as a BouncyCastle X509 object; this converts it. BcX509.X509Certificate bcCert = DotNetUtils.FromX509Certificate(cert); var chain = new List<BcX509.X509Certificate> { bcCert }; certStore.Close(); // Ok, that's the certificate chain done. Now how do I get the PKS? IExternalSignature signature = null; /* ??? */ // Sign the PDF file and finish up. MakeSignature.SignDetached(sap, signature, chain, // the important stuff null, null, null, 0, CryptoStandard.CMS); stamper.Close();As you can see: I have everything but the signature, and I'm stumped as to how I should obtain it!
解决方案 X509Certificate cert = certCollection[0]; // Your code X509Certificate2 signatureCert = new X509Certificate2(cert); var pk = Org.BouncyCastle.Security.DotNetUtilities.GetKeyPair(signatureCert.PrivateKey).Private;If you have the pk, which can get as above, you create an IExternalSignature as follows:
IExternalSignature es = new PrivateKeySignature(pk, "SHA-256");You may also find the following articles of use:
- www.simple-talk/dotnet/-framework/beginning-with-digital-signatures-in--framework/
- msdn.microsoft/en-us/library/ms223098.aspx
更多推荐
如何使用Windows Cert Store中的证书签署PDF文档?
发布评论