Fatal编程技术网
  • csharp/
  • C# itextsharp 5.0数字签名不正确。签名后文档已损坏

C# itextsharp 5.0数字签名不正确。签名后文档已损坏

c# itext

C# itextsharp 5.0数字签名不正确。签名后文档已损坏,c#,itext,C#,Itext,我使用iTextSharp将证书和可见签名元素添加到pdf文档X509中。代码不会导致错误,但当我打开已签名文档时,会出现一条消息,表明证书无效,因为签名后文档已损坏。我已将证书添加到受信任列表中。有什么问题吗? 我在这里使用的代码 public void Sign() { X509Certificate2 certificate = GetSert(); Org.BouncyCastle.X509.X509Certificate[] chain = ne

我使用iTextSharp将证书和可见签名元素添加到pdf文档X509中。代码不会导致错误,但当我打开已签名文档时,会出现一条消息,表明证书无效,因为签名后文档已损坏。我已将证书添加到受信任列表中。有什么问题吗? 我在这里使用的代码

public void Sign()
    {
        X509Certificate2 certificate = GetSert();
        Org.BouncyCastle.X509.X509Certificate[] chain = new Org.BouncyCastle.X509.X509Certificate[] { Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(certificate) };

        PdfReader reader = new PdfReader(@"C:\ Test.pdf");
        PdfDictionary dict = reader.GetPageN(reader.NumberOfPages);
        IList<iTextSharp.text.Image> list = GetImagesFromPdfDict(dict, reader);
        PdfStamper stp = PdfStamper.CreateSignature(reader, new
        FileStream(NewFP, FileMode.Create), '\0', null, true);
        iTextSharp.text.Rectangle cropBox = reader.GetCropBox(reader.NumberOfPages);
        PdfSignatureAppearance sap = stp.SignatureAppearance;
        iTextSharp.text.Rectangle signPosition = new iTextSharp.text.Rectangle(cropBox.GetLeft(reader.NumberOfPages) + 55, Y, cropBox.GetLeft(reader.NumberOfPages) + 260, Y - 80); 

        byte[] pk = certificate.GetRawCertData();

        sap.SignDate = DateTime.Now;
        sap.Acro6Layers = true;
        sap.Layer4Text = "";
        sap.Layer2Text = "";
        sap.SignatureGraphic = list[0];
        sap.Render =
        PdfSignatureAppearance.SignatureRender.Graphic;
        PdfSignature dic = new PdfSignature(PdfName.ADBE_X509_RSA_SHA1,
        PdfName.ADBE_X509_RSA_SHA1);
        dic.Cert = certificate.GetRawCertData();
        dic.Date = new PdfDate(sap.SignDate);
        dic.Name = PdfPKCS7.GetSubjectFields(chain[0]).GetField("CN");
        sap.CryptoDictionary = dic;
        int csize = pk.Length;
        Dictionary<PdfName, int> ex = new Dictionary<PdfName, int>(1);
        ex.Add(PdfName.CONTENTS, csize * 2 + 2);
        exc[PdfName.CONTENTS] = csize * 2 + 2;
        sap.CertificationLevel = PdfSignatureAppearance.CERTIFIED_FORM_FILLING_AND_ANNOTATIONS;

        sap.SetVisibleSignature(signPosition, reader.NumberOfPages, null);
        sap.SetCrypto(null, chain, null, PdfSignatureAppearance.WINCER_SIGNED);
        sap.PreClose(ex);
         byte[] outc = new byte[csize]; 
        PdfDictionary dic2 = new PdfDictionary();

        Array.Copy(pk, 0, outc, 0, pk.Length);

        dic2.Put(PdfName.CONTENTS, new
        PdfString(outc).SetHexWriting(true));

        sap.Close(dic2);

    }
但它比前一个更糟糕。我得到一个错误:

也许签名不正确?我的alghoritm证书是sha256RSA

//09.12.2020 我使用以下代码获得了成功:

 public void PrepareSignatureAndGetHash(X509Certificate2 cert)
    {

        using (var reader = new PdfReader(@"C:\Test.pdf"))
        {
            using (var fileStream = new
                    FileStream(@"C:\Output.pdf", FileMode.Create))
            {
                using (var stamper = PdfStamper.CreateSignature(reader, fileStream, '0', null, true))
                {
                    var signatureAppearance = stamper.SignatureAppearance;
                    Rectangle cropBox = reader.GetCropBox(reader.NumberOfPages);
                    Rectangle signPosition = new Rectangle(cropBox.GetRight(0) - 20, cropBox.GetBottom(0), cropBox.GetRight(0) - 250, cropBox.GetBottom(0) + 80);
                    signatureAppearance.SetVisibleSignature(signPosition, reader.NumberOfPages, null);
                    signatureAppearance.Reason = "Sig";
                    signatureAppearance.Layer2Text = "";
                    signatureAppearance.Image = iTextSharp.text.Image.GetInstance(@"C:\Stamp.png");


                    if (!cert.HasPrivateKey) { MessageBox.Show("Не найдено закрытого ключа"); }
                    var keyPair = Org.BouncyCastle.Security.DotNetUtilities.GetKeyPair(cert.PrivateKey).Private;
                    Org.BouncyCastle.X509.X509Certificate bcCert = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(cert);
                    var chain = new List<Org.BouncyCastle.X509.X509Certificate> { bcCert };
                    IExternalSignature signature = new PrivateKeySignature(keyPair, "SHA-256");

                    MakeSignature.SignDetached(signatureAppearance, signature, chain, null, null, null, 0, CryptoStandard.CMS);
                    
                }
            }
        }
        
    }

    

public void PrepareSignatureAndGetHash(X509Certificate2Cert)
{
使用(var reader=newpdfreader(@“C:\Test.pdf”))
{
使用(var fileStream=new)
FileStream(@“C:\Output.pdf”,FileMode.Create))
{
使用(var stamper=PdfStamper.CreateSignature(读取器,fileStream,'0',null,true))
{
var SignaturePearance=母版。SignaturePearance;
矩形cropBox=reader.GetCropBox(reader.NumberOfPages);
矩形符号位置=新矩形(cropBox.GetRight(0)-20,cropBox.GetBottom(0),cropBox.GetRight(0)-250,cropBox.GetBottom(0)+80);
SignaturePearance.SetVisibleSignature(signPosition,reader.NumberOfPages,null);
signaturepearance.Reason=“Sig”;
SignaturePearance.Layer2Text=“”;
SignaturePearance.Image=iTextSharp.text.Image.GetInstance(@“C:\Stamp.png”);
如果(!cert.HasPrivateKey){MessageBox.Show(“зззззззааааазазззз
var keyPair=Org.BouncyCastle.Security.DotNetUtilities.GetKeyPair(cert.PrivateKey).Private;
Org.BouncyCastle.X509.X509Certificate bcCert=Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(cert);
var chain=新列表{bcCert};
IExternalSignature签名=新的私有密钥签名(密钥对,“SHA-256”);
MakeSignature.SignDistached(SignaturePearance,signature,chain,null,null,null,0,CryptoStandard.CMS);
}
}
}
}
使用低级代码时,我无法正确签名

您如何验证证书,在哪台计算机上,使用哪位用户?证书需要同时加载到用户和计算机存储中。要验证证书,请进行虚拟连接。因此,作为连接的一部分,将执行TLS身份验证。您可能正在使用TLS 1.0/1.1,作为安全推送的一部分,Microsoft在6月份禁用了它。因此,您必须确保使用TLS 1.2/1.3。操作系统还必须支持TLS 1.2/1.3。Itext 5.0不支持TLS 1.2或更高版本。升级到Itext 5.5:请共享一个由代码签名的示例pdf进行分析。我将测试pdf文件附加到我的帖子中。如果我手动签署该文件,则签名有效。在这两种情况下都可以跟踪证书路径。问题是文档在使用itextOk签名后被破坏,在查看了示例文件后,我知道了在代码中查找什么。有许多问题。首先,您根本不进行签名,而是注入证书的签名值:
pk
应该是范围流的签名值,但它是
certificate.GetRawCertData()
。因此,在
sap.PreClose
之后,从
sap
检索范围流并对其内容签名。此外,您选择了仅在有限程度上受支持的签名方案adbe.x509.rsa_sha1。最好是adbe.pkcs7.detached和ETSI.CAdES.detached。此外,还可以使用旧的、非常低级的签名API。您应该至少更新到更高的5.3.x,最好更新到5.5.x,并使用更新的签名API。 
 public void PrepareSignatureAndGetHash(X509Certificate2 cert)
    {

        using (var reader = new PdfReader(@"C:\Test.pdf"))
        {
            using (var fileStream = new
                    FileStream(@"C:\Output.pdf", FileMode.Create))
            {
                using (var stamper = PdfStamper.CreateSignature(reader, fileStream, '0', null, true))
                {
                    var signatureAppearance = stamper.SignatureAppearance;
                    Rectangle cropBox = reader.GetCropBox(reader.NumberOfPages);
                    Rectangle signPosition = new Rectangle(cropBox.GetRight(0) - 20, cropBox.GetBottom(0), cropBox.GetRight(0) - 250, cropBox.GetBottom(0) + 80);
                    signatureAppearance.SetVisibleSignature(signPosition, reader.NumberOfPages, null);
                    signatureAppearance.Reason = "Sig";
                    signatureAppearance.Layer2Text = "";
                    signatureAppearance.Image = iTextSharp.text.Image.GetInstance(@"C:\Stamp.png");


                    if (!cert.HasPrivateKey) { MessageBox.Show("Не найдено закрытого ключа"); }
                    var keyPair = Org.BouncyCastle.Security.DotNetUtilities.GetKeyPair(cert.PrivateKey).Private;
                    Org.BouncyCastle.X509.X509Certificate bcCert = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(cert);
                    var chain = new List<Org.BouncyCastle.X509.X509Certificate> { bcCert };
                    IExternalSignature signature = new PrivateKeySignature(keyPair, "SHA-256");

                    MakeSignature.SignDetached(signatureAppearance, signature, chain, null, null, null, 0, CryptoStandard.CMS);
                    
                }
            }
        }
        
    }