我用 iText 实现了 PADES-BES 签名,但这个签名并不完全遵循标准 ETSI TS 102778-3。我不明白代码(下面)签名中缺少什么是“标准 ETSI”。
这是我的代码(C#.NET):
int contentsSize = 8192;
FileStream streamsigned = new FileStream(filetosign, FileMode.Create, FileAccess.Write);
PdfReader reader = new PdfReader(filetosign);
PdfStamper stp = PdfStamper.CreateSignature(reader, streamsigned, '\0', null, true);
sap = stp.SignatureAppearance;
dic = new PdfSignature(PdfName.ADOBE_PPKLITE, PdfName.ETSI_CADES_DETACHED);
sap.CryptoDictionary = dic;
System.Collections.Generic.Dictionary<PdfName, int> exc = new System.Collections.Generic.Dictionary<PdfName, int>();
exc.Add(PdfName.CONTENTS, contentSize * 2 + 2);
sap.PreClose(exc);
Stream data = sap.GetRangeStream();
System.Security.Cryptography.SHA256Managed sha = new System.Security.Cryptography.SHA256Managed();
byte[] hashToSign = sha.ComputeHash(data);
//here sign hash with an external device
byte[] hashSigned = signservice.pkcs7signhash(hashToSign, ...);
byte[] paddedSig = new byte[contentsSize];
System.Array.Copy(hashSigned, 0, paddedSig, 0, hashSigned.Length);
PdfDictionary pdfDictionary = new PdfDictionary();
pdfDictionary.Put(PdfName.CONTENTS, new PdfString(paddedSig).SetHexWriting(true));
sap.Close(pdfDictionary);