C# itextsharp 5.0数字签名不正确。签名后文档已损坏
我使用iTextSharp将证书和可见签名元素添加到pdf文档X509中。代码不会导致错误,但当我打开已签名文档时,会出现一条消息,表明证书无效,因为签名后文档已损坏。我已将证书添加到受信任列表中。有什么问题吗? 我在这里使用的代码C# itextsharp 5.0数字签名不正确。签名后文档已损坏,c#,itext,C#,Itext,我使用iTextSharp将证书和可见签名元素添加到pdf文档X509中。代码不会导致错误,但当我打开已签名文档时,会出现一条消息,表明证书无效,因为签名后文档已损坏。我已将证书添加到受信任列表中。有什么问题吗? 我在这里使用的代码 public void Sign() { X509Certificate2 certificate = GetSert(); Org.BouncyCastle.X509.X509Certificate[] chain = ne
public void Sign()
{
X509Certificate2 certificate = GetSert();
Org.BouncyCastle.X509.X509Certificate[] chain = new Org.BouncyCastle.X509.X509Certificate[] { Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(certificate) };
PdfReader reader = new PdfReader(@"C:\ Test.pdf");
PdfDictionary dict = reader.GetPageN(reader.NumberOfPages);
IList<iTextSharp.text.Image> list = GetImagesFromPdfDict(dict, reader);
PdfStamper stp = PdfStamper.CreateSignature(reader, new
FileStream(NewFP, FileMode.Create), '\0', null, true);
iTextSharp.text.Rectangle cropBox = reader.GetCropBox(reader.NumberOfPages);
PdfSignatureAppearance sap = stp.SignatureAppearance;
iTextSharp.text.Rectangle signPosition = new iTextSharp.text.Rectangle(cropBox.GetLeft(reader.NumberOfPages) + 55, Y, cropBox.GetLeft(reader.NumberOfPages) + 260, Y - 80);
byte[] pk = certificate.GetRawCertData();
sap.SignDate = DateTime.Now;
sap.Acro6Layers = true;
sap.Layer4Text = "";
sap.Layer2Text = "";
sap.SignatureGraphic = list[0];
sap.Render =
PdfSignatureAppearance.SignatureRender.Graphic;
PdfSignature dic = new PdfSignature(PdfName.ADBE_X509_RSA_SHA1,
PdfName.ADBE_X509_RSA_SHA1);
dic.Cert = certificate.GetRawCertData();
dic.Date = new PdfDate(sap.SignDate);
dic.Name = PdfPKCS7.GetSubjectFields(chain[0]).GetField("CN");
sap.CryptoDictionary = dic;
int csize = pk.Length;
Dictionary<PdfName, int> ex = new Dictionary<PdfName, int>(1);
ex.Add(PdfName.CONTENTS, csize * 2 + 2);
exc[PdfName.CONTENTS] = csize * 2 + 2;
sap.CertificationLevel = PdfSignatureAppearance.CERTIFIED_FORM_FILLING_AND_ANNOTATIONS;
sap.SetVisibleSignature(signPosition, reader.NumberOfPages, null);
sap.SetCrypto(null, chain, null, PdfSignatureAppearance.WINCER_SIGNED);
sap.PreClose(ex);
byte[] outc = new byte[csize];
PdfDictionary dic2 = new PdfDictionary();
Array.Copy(pk, 0, outc, 0, pk.Length);
dic2.Put(PdfName.CONTENTS, new
PdfString(outc).SetHexWriting(true));
sap.Close(dic2);
}
但它比前一个更糟糕。我得到一个错误:
也许签名不正确?我的alghoritm证书是sha256RSA
//09.12.2020
我使用以下代码获得了成功:
public void PrepareSignatureAndGetHash(X509Certificate2 cert)
{
using (var reader = new PdfReader(@"C:\Test.pdf"))
{
using (var fileStream = new
FileStream(@"C:\Output.pdf", FileMode.Create))
{
using (var stamper = PdfStamper.CreateSignature(reader, fileStream, '0', null, true))
{
var signatureAppearance = stamper.SignatureAppearance;
Rectangle cropBox = reader.GetCropBox(reader.NumberOfPages);
Rectangle signPosition = new Rectangle(cropBox.GetRight(0) - 20, cropBox.GetBottom(0), cropBox.GetRight(0) - 250, cropBox.GetBottom(0) + 80);
signatureAppearance.SetVisibleSignature(signPosition, reader.NumberOfPages, null);
signatureAppearance.Reason = "Sig";
signatureAppearance.Layer2Text = "";
signatureAppearance.Image = iTextSharp.text.Image.GetInstance(@"C:\Stamp.png");
if (!cert.HasPrivateKey) { MessageBox.Show("Не найдено закрытого ключа"); }
var keyPair = Org.BouncyCastle.Security.DotNetUtilities.GetKeyPair(cert.PrivateKey).Private;
Org.BouncyCastle.X509.X509Certificate bcCert = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(cert);
var chain = new List<Org.BouncyCastle.X509.X509Certificate> { bcCert };
IExternalSignature signature = new PrivateKeySignature(keyPair, "SHA-256");
MakeSignature.SignDetached(signatureAppearance, signature, chain, null, null, null, 0, CryptoStandard.CMS);
}
}
}
}
public void PrepareSignatureAndGetHash(X509Certificate2Cert)
{
使用(var reader=newpdfreader(@“C:\Test.pdf”))
{
使用(var fileStream=new)
FileStream(@“C:\Output.pdf”,FileMode.Create))
{
使用(var stamper=PdfStamper.CreateSignature(读取器,fileStream,'0',null,true))
{
var SignaturePearance=母版。SignaturePearance;
矩形cropBox=reader.GetCropBox(reader.NumberOfPages);
矩形符号位置=新矩形(cropBox.GetRight(0)-20,cropBox.GetBottom(0),cropBox.GetRight(0)-250,cropBox.GetBottom(0)+80);
SignaturePearance.SetVisibleSignature(signPosition,reader.NumberOfPages,null);
signaturepearance.Reason=“Sig”;
SignaturePearance.Layer2Text=“”;
SignaturePearance.Image=iTextSharp.text.Image.GetInstance(@“C:\Stamp.png”);
如果(!cert.HasPrivateKey){MessageBox.Show(“зззззззааааазазззз
var keyPair=Org.BouncyCastle.Security.DotNetUtilities.GetKeyPair(cert.PrivateKey).Private;
Org.BouncyCastle.X509.X509Certificate bcCert=Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(cert);
var chain=新列表{bcCert};
IExternalSignature签名=新的私有密钥签名(密钥对,“SHA-256”);
MakeSignature.SignDistached(SignaturePearance,signature,chain,null,null,null,0,CryptoStandard.CMS);
}
}
}
}
使用低级代码时,我无法正确签名您如何验证证书,在哪台计算机上,使用哪位用户?证书需要同时加载到用户和计算机存储中。要验证证书,请进行虚拟连接。因此,作为连接的一部分,将执行TLS身份验证。您可能正在使用TLS 1.0/1.1,作为安全推送的一部分,Microsoft在6月份禁用了它。因此,您必须确保使用TLS 1.2/1.3。操作系统还必须支持TLS 1.2/1.3。Itext 5.0不支持TLS 1.2或更高版本。升级到Itext 5.5:请共享一个由代码签名的示例pdf进行分析。我将测试pdf文件附加到我的帖子中。如果我手动签署该文件,则签名有效。在这两种情况下都可以跟踪证书路径。问题是文档在使用itextOk签名后被破坏,在查看了示例文件后,我知道了在代码中查找什么。有许多问题。首先,您根本不进行签名,而是注入证书的签名值:
pk
应该是范围流的签名值,但它是certificate.GetRawCertData()
。因此,在sap.PreClose
之后,从sap
检索范围流并对其内容签名。此外,您选择了仅在有限程度上受支持的签名方案adbe.x509.rsa_sha1。最好是adbe.pkcs7.detached和ETSI.CAdES.detached。此外,还可以使用旧的、非常低级的签名API。您应该至少更新到更高的5.3.x,最好更新到5.5.x,并使用更新的签名API。
public void PrepareSignatureAndGetHash(X509Certificate2 cert)
{
using (var reader = new PdfReader(@"C:\Test.pdf"))
{
using (var fileStream = new
FileStream(@"C:\Output.pdf", FileMode.Create))
{
using (var stamper = PdfStamper.CreateSignature(reader, fileStream, '0', null, true))
{
var signatureAppearance = stamper.SignatureAppearance;
Rectangle cropBox = reader.GetCropBox(reader.NumberOfPages);
Rectangle signPosition = new Rectangle(cropBox.GetRight(0) - 20, cropBox.GetBottom(0), cropBox.GetRight(0) - 250, cropBox.GetBottom(0) + 80);
signatureAppearance.SetVisibleSignature(signPosition, reader.NumberOfPages, null);
signatureAppearance.Reason = "Sig";
signatureAppearance.Layer2Text = "";
signatureAppearance.Image = iTextSharp.text.Image.GetInstance(@"C:\Stamp.png");
if (!cert.HasPrivateKey) { MessageBox.Show("Не найдено закрытого ключа"); }
var keyPair = Org.BouncyCastle.Security.DotNetUtilities.GetKeyPair(cert.PrivateKey).Private;
Org.BouncyCastle.X509.X509Certificate bcCert = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(cert);
var chain = new List<Org.BouncyCastle.X509.X509Certificate> { bcCert };
IExternalSignature signature = new PrivateKeySignature(keyPair, "SHA-256");
MakeSignature.SignDetached(signatureAppearance, signature, chain, null, null, null, 0, CryptoStandard.CMS);
}
}
}
}