2

我有一个签名的 pdf 我通过itextsharp将证书(.pfx)附加到文档中。代码中的所有内容都经过测试并且工作正常,但是当我在 acrobat 阅读器中下载并打开 pdf 时,它说签名无效我已经更改了首选项,自昨天以来几乎尝试了所有设置,但没有任何运气。

我在证书细节中注意到两件事,因为它的“预期”属性:没有提到数字签名,而提到了加密文档等,这是它不验证文档以进行签名的原因。它说的第二件事:证书有错误:对使用无效

附证书代码;

 var pathCert = 
 Server.MapPath("..../App_Data/Certificates/.....sdd.pfx");

string Password = "**************";
var pass = Password.ToCharArray();

System.Security.Cryptography.X509Certificates.X509Store store =
new System.Security.Cryptography.X509Certificates.X509Store
(Cryptography.X509Certificates.StoreLocation.CurrentUser);



store.Open(System.Security.
Cryptography.X509Certificates.OpenFlags.ReadOnly);


string PfxFileName = pathCert;
string PfxPassword = Password;

System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new 


 System.Security.Cryptography.X509Certificates.X509Certificate2
 (PfxFileName, PfxPassword, Security.Cryptography.X509Certificates.
 X509KeyStorageFlags.MachineKeySet);


 string SourcePdfFileName = "(Directory)/Desktop/tetsing/test.pdf";
 string DestPdfFileName = "(Directory)/Desktop/tetsing/test_Signed.pdf";
 Org.BouncyCastle.X509.X509CertificateParser cp = new 
 Org.BouncyCastle.X509.X509CertificateParser();
 Org.BouncyCastle.X509.X509Certificate[] chain = new 
 Org.BouncyCastle.X509.X509Certificate[] { 
 cp.ReadCertificate(cert.RawData) };
 iTextSharp.text.pdf.security.IExternalSignature externalSignature = new 
 iTextSharp.text.pdf.security.X509Certificate2Signature(cert, "SHA-1");
 PdfReader pdfReader = new PdfReader(SourcePdfFileName);
 FileStream signedPdf = new FileStream(DestPdfFileName, FileMode.Create);  
 //the output pdf file
 PdfStamper pdfStamper = PdfStamper.CreateSignature(pdfReader, signedPdf, 
 '\0');
 PdfSignatureAppearance signatureAppearance = 
 pdfStamper.SignatureAppearance;

 signatureAppearance.Reason = "Signed Document";
 signatureAppearance.Location = "Unknown";
 signatureAppearance.SignatureRenderingMode = 
 PdfSignatureAppearance.RenderingMode.DESCRIPTION;
 MakeSignature.SignDetached(signatureAppearance, externalSignature, 
 chain, 
 null, null, null, 0, CryptoStandard.CMS);

 pdfReader.Close();
4

2 回答 2

0

证书有错误:无效使用

根据适用于 IT 的 Adob​​e 数字签名指南,Adobe Acrobat 仅接受

  • 以下一项或多项密钥使用值(如果有)

    • 不可否认性
    • signTransaction(仅限 11.0.09)
    • 数字签名(11.0.10 及更高版本)

  • 以及以下一项或多项扩展密钥使用值(如果有)

    • 电子邮件保护
    • 代码签名
    • anyExtendedKeyUsage
    • 1.2.840.113583.1.1.5(Adobe Authentic Documents Trust)

请相应地检查您的证书,如果它不满足此条件,请更换它。

于 2019-07-25T22:20:59.157 回答
0

Adobe acrobat reader 对证书密钥的使用和预期用途(Key Usage 和 Enhanced Key Usage)以及证书的其他细节非常挑剔。您是否尝试过具有Digital Signature密钥用途和Code Signing预期用途的证书?

是一篇博客文章,展示了如果您无权访问真正的公开信任的签名证书,如何使用该属性对证书进行自签名以进行签名。

于 2019-07-25T15:40:22.990 回答