【发布时间】:2020-02-21 17:59:24
【问题描述】:
我看到一个关于签名数据被哈希两次的 C# 问题的类似回复,但不知道为什么我的签名数据在这里。
C# PKCS7 Smartchard Digital Signature corrupted
String provider = sdk.getProviderName();
List certList = new ArrayList();
certList.add(signerCert);
Store certs = new JcaCertStore(certList);
CMSSignedDataGenerator cmsSignedDataGenerator = new CMSSignedDataGenerator();
DigestCalculatorProvider digProvider = new JcaDigestCalculatorProviderBuilder().setProvider(provider).build();
JcaSignerInfoGeneratorBuilder signerInfoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(digProvider);
ContentSigner sha256Signer = new JcaContentSignerBuilder("SHA256withRSA").setProvider(provider).build(signerKey);
cmsSignedDataGenerator.addSignerInfoGenerator(signerInfoGeneratorBuilder.build(sha256Signer, signerCert));
cmsSignedDataGenerator.addCertificates(certs);
CMSTypedData msg = new CMSProcessableByteArray(digest);
CMSSignedData cmsSignedData = cmsSignedDataGenerator.generate(msg);
Map hashes = new HashMap();
hashes.put(CMSAlgorithm.SHA256, digest);
CMSSignedData finalCMSSignedData = new CMSSignedData(hashes, cmsSignedData.getEncoded());
return finalCMSSignedData.getEncoded();`
【问题讨论】:
-
您的代码未显示您最初散列的内容或您如何将 CMS 容器嵌入到您的 pdf 中。
-
我们是在谈论分离签名(
.pkcs7签名文件旁边的.pdf文件)还是 PDF 集成签名 - 嵌入在 PDF 中可见或不可见(因为它可以使用创建以 Acrobat 为例)?
标签: pdf digital-signature bouncycastle