我想对 pdf 进行数字签名,最简单的选择是 itext。我只是附加一个签名,以防万一有第一个签名。但当会员查看时,却显示未知,错误
Error information : Error during signature verification. Signature contains incorrect ,unrecognized, corrupted or suspicious data. Support information SigDict/Contents illegal data
。我能做什么?
import com.itextpdf.kernel.pdf.StampingProperties;
import com.itextpdf.signatures.*;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;
import com.itextpdf.kernel.pdf.PdfReader;
public class App {
public static void digitalSignature(String sourceFile, String signatureFieldName, String outputFile, Certificate[] certificateChain, PrivateKey privateKey, String digestAlgorithm,
String bouncyCastleProvider, PdfSigner.CryptoStandard cryptoStandardSubFilter, String reason, String location)
throws GeneralSecurityException, IOException {
PdfReader pdfReader = new PdfReader(sourceFile);
PdfSigner pdfSigner = new PdfSigner(pdfReader, new FileOutputStream(outputFile), new StampingProperties());
// Create the signature appearance
PdfSignatureAppearance pdfSignatureAppearance = pdfSigner.getSignatureAppearance()
.setReason(reason)
.setLocation(location);
// This name corresponds to the name of the field that already exists in the document.
pdfSigner.setFieldName(signatureFieldName);
pdfSignatureAppearance.setRenderingMode(PdfSignatureAppearance.RenderingMode.NAME_AND_DESCRIPTION);
IExternalSignature iExternalSignature = new PrivateKeySignature(privateKey, digestAlgorithm, bouncyCastleProvider);
IExternalDigest iExternalDigest = new BouncyCastleDigest();
// Sign the document using the detached mode, CMS, or CAdES equivalent.
pdfSigner.signDetached(iExternalDigest, iExternalSignature, certificateChain, null, null, null, 0, cryptoStandardSubFilter);
}
}
我将不胜感激任何帮助。我在这方面花费了很多时间。目的实际上是在文档中添加第二个签名以进行验证。我不想要创建/复制此文档的选项,因为第一个签名可能会丢失。
正如评论中已经提到的,在实例化
new StampingProperties()
时使用普通的 PdfSigner
:
PdfSigner pdfSigner = new PdfSigner(pdfReader,
new FileOutputStream(outputFile), new StampingProperties());
因此,您不会“附加”签名,而是以混合任何早期签名的方式添加它。请尝试改为new StampingProperties().useAppendMode()
:
PdfSigner pdfSigner = new PdfSigner(pdfReader,
new FileOutputStream(outputFile), new StampingProperties().useAppendMode());
作为回应,您确认该方法有效并评论:
它只是帮助消除了错误,现在签名不被认为是损坏的,而只是引发错误
At least one signature has a problems
,我认为原因是Adobe对其进行了标记,因为它不在
中,除非我可以做另一件事,然后我相信直到用户打开我的签名的信任证书。 事实上,除非由 AATL 或 EUTL CA 颁发,否则证书通常不可信。AATL
在公司内部使用的情况下,IT 部门可能会将对自定义 CA 证书的信任推广到所有计算机。除此之外,请获取 AATL 或 EUTL CA 颁发的证书。