2

我用 iText 实现了 PADES-BES 签名,但这个签名并不完全遵循标准 ETSI TS 102778-3。我不明白代码(下面)签名中缺少什么是“标准 ETSI”。

这是我的代码(C#.NET):

int contentsSize = 8192;
FileStream streamsigned = new FileStream(filetosign, FileMode.Create, FileAccess.Write);
PdfReader reader = new PdfReader(filetosign);
PdfStamper stp = PdfStamper.CreateSignature(reader, streamsigned, '\0',                    null, true);

sap = stp.SignatureAppearance;
dic = new PdfSignature(PdfName.ADOBE_PPKLITE, PdfName.ETSI_CADES_DETACHED);

sap.CryptoDictionary = dic;
System.Collections.Generic.Dictionary<PdfName, int> exc = new System.Collections.Generic.Dictionary<PdfName, int>();
                exc.Add(PdfName.CONTENTS, contentSize * 2 + 2);
sap.PreClose(exc);

Stream data = sap.GetRangeStream();
System.Security.Cryptography.SHA256Managed sha = new System.Security.Cryptography.SHA256Managed();
byte[] hashToSign = sha.ComputeHash(data);

//here sign hash with an external device 
byte[] hashSigned = signservice.pkcs7signhash(hashToSign, ...);

byte[] paddedSig = new byte[contentsSize];

System.Array.Copy(hashSigned, 0, paddedSig, 0, hashSigned.Length);
PdfDictionary pdfDictionary = new PdfDictionary();
pdfDictionary.Put(PdfName.CONTENTS, new PdfString(paddedSig).SetHexWriting(true));

sap.Close(pdfDictionary);
4

0 回答 0