从 DSS 中的 getDataToSign 方法获取 signatureValue
get signatureValue from getDataToSign method in DSS
我使用 SD-DSS 开源解决方案对文档进行数字签名。我查看了 dss-documentation 页面,但不确定如何获取示例请求中的 signatureValue。正如我解释的那样,我必须使用 getDataToSign 的输出,摘要为 signatureValue,但示例 REST 项目中的这些值不匹配。
getDataToSign 的输出是:
{{
{ "bytes" : "MYIBETAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xODAzMjYwODEyMDlaMC0GCSqGSIb3DQEJNDEgMB4wDQYJYIZIAWUDBAIBBQChDQYJKoZIhvcNAQELBQAwLwYJKoZIhvcNAQkEMSIEIBhfjbMicf4l9WGm/JOLLiZDBuwwTtpRgAfRdkgmOBlpMHcGCyqGSIb3DQEJEAIvMWgwZjBkMGIEIALz68oBYydCU7yAnSdJjdQbsDFtfmsGaWARXeFVWJ2cMD4wNKQyMDAxGzAZBgNVBAMMElJvb3RTZWxmU2lnbmVkRmFrZTERMA8GA1UECgwIRFNTLXRlc3QCBi7WFNe7Vw==" }
}}
signDocument 请求中的值:
{{ "signatureValue" : { "algorithm" : "RSA_SHA256", "value" : "AQIDBA==" },}}
更新:
我使用这些请求:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<ns2:getDataToSign xmlns:ns2="http://signature.dss.esig.europa.eu/">
<dataToSignDTO>
<parameters>
<BLevelParams>
<trustAnchorBPPolicy>true</trustAnchorBPPolicy>
<signingDate>2019-01-01T01:01:01.464Z</signingDate>
</BLevelParams>
<digestAlgorithm>SHA256</digestAlgorithm>
<encryptionAlgorithm>RSA</encryptionAlgorithm>
<signatureLevel>PAdES_BASELINE_B</signatureLevel>
<signaturePackaging>ENVELOPED</signaturePackaging>
<signingCertificate>
<encodedCertificate>${#cert}</encodedCertificate>
</signingCertificate>
</parameters>
<toSignDocument>
<bytes><xop:Include xmlns:xop="http://www.w3.org/2004/08/xop/include" href="ref1"/></bytes>
</toSignDocument>
</dataToSignDTO>
</ns2:getDataToSign>
</soap:Body>
</soap:Envelope>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<ns2:signDocument xmlns:ns2="http://signature.dss.esig.europa.eu/">
<signDocumentDTO>
<parameters>
<BLevelParams>
<trustAnchorBPPolicy>true</trustAnchorBPPolicy>
<signingDate>2019-01-01T01:01:01.464Z</signingDate>
</BLevelParams>
<digestAlgorithm>SHA256</digestAlgorithm>
<signatureLevel>PAdES_BASELINE_B</signatureLevel>
<signaturePackaging>ENVELOPED</signaturePackaging>
<signingCertificate>
<encodedCertificate>${#cert}</encodedCertificate>
</signingCertificate>
</parameters>
<signatureValue>
<algorithm>RSA_SHA256</algorithm>
<value>${#datatosign}</value>
</signatureValue>
<toSignDocument>
<bytes><xop:Include xmlns:xop="http://www.w3.org/2004/08/xop/include" href="ref1"/></bytes>
<name>dsstest</name>
</toSignDocument>
</signDocumentDTO>
</ns2:signDocument>
</soap:Body>
</soap:Envelope>
要生成的代码 signatureValue:
try (Pkcs12SignatureToken token = new Pkcs12SignatureToken("src/main/resources/user_a_rsa.p12", new PasswordProtection("password".toCharArray()))) {
List<DSSPrivateKeyEntry> keys = token.getKeys();
for (DSSPrivateKeyEntry entry : keys) {
System.out.println(entry.getCertificate().getCertificate());
}
ToBeSigned toBeSigned = new ToBeSigned("Hello world".getBytes());
SignatureValue signatureValue = token.sign(toBeSigned, DigestAlgorithm.SHA256, keys.get(0));
System.out.println("Signature value : " + Utils.toBase64(signatureValue.getValue()));
}
DSS 在 getDataToSign 中为您提供要使用与您发送的证书相对应的私钥签名的摘要。
您必须使用指定的算法对该值进行数字签名,并将结果发送到 signDocument。在您的情况下,带有 SHA256
的 RSA PKCS#1
伪代码
var digestToSign = getDataToSign(document, params)
var signatureValue = PKCS#1_v1.5(privateKey, digestToSign, SHA256)
var finalDocument = signDocument(signatureValue)
在此之后,DSS 将构建最终的签名文档。
我使用 SD-DSS 开源解决方案对文档进行数字签名。我查看了 dss-documentation 页面,但不确定如何获取示例请求中的 signatureValue。正如我解释的那样,我必须使用 getDataToSign 的输出,摘要为 signatureValue,但示例 REST 项目中的这些值不匹配。
getDataToSign 的输出是:
{{
{ "bytes" : "MYIBETAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xODAzMjYwODEyMDlaMC0GCSqGSIb3DQEJNDEgMB4wDQYJYIZIAWUDBAIBBQChDQYJKoZIhvcNAQELBQAwLwYJKoZIhvcNAQkEMSIEIBhfjbMicf4l9WGm/JOLLiZDBuwwTtpRgAfRdkgmOBlpMHcGCyqGSIb3DQEJEAIvMWgwZjBkMGIEIALz68oBYydCU7yAnSdJjdQbsDFtfmsGaWARXeFVWJ2cMD4wNKQyMDAxGzAZBgNVBAMMElJvb3RTZWxmU2lnbmVkRmFrZTERMA8GA1UECgwIRFNTLXRlc3QCBi7WFNe7Vw==" }
}}
signDocument 请求中的值:
{{ "signatureValue" : { "algorithm" : "RSA_SHA256", "value" : "AQIDBA==" },}}
更新:
我使用这些请求:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<ns2:getDataToSign xmlns:ns2="http://signature.dss.esig.europa.eu/">
<dataToSignDTO>
<parameters>
<BLevelParams>
<trustAnchorBPPolicy>true</trustAnchorBPPolicy>
<signingDate>2019-01-01T01:01:01.464Z</signingDate>
</BLevelParams>
<digestAlgorithm>SHA256</digestAlgorithm>
<encryptionAlgorithm>RSA</encryptionAlgorithm>
<signatureLevel>PAdES_BASELINE_B</signatureLevel>
<signaturePackaging>ENVELOPED</signaturePackaging>
<signingCertificate>
<encodedCertificate>${#cert}</encodedCertificate>
</signingCertificate>
</parameters>
<toSignDocument>
<bytes><xop:Include xmlns:xop="http://www.w3.org/2004/08/xop/include" href="ref1"/></bytes>
</toSignDocument>
</dataToSignDTO>
</ns2:getDataToSign>
</soap:Body>
</soap:Envelope>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<ns2:signDocument xmlns:ns2="http://signature.dss.esig.europa.eu/">
<signDocumentDTO>
<parameters>
<BLevelParams>
<trustAnchorBPPolicy>true</trustAnchorBPPolicy>
<signingDate>2019-01-01T01:01:01.464Z</signingDate>
</BLevelParams>
<digestAlgorithm>SHA256</digestAlgorithm>
<signatureLevel>PAdES_BASELINE_B</signatureLevel>
<signaturePackaging>ENVELOPED</signaturePackaging>
<signingCertificate>
<encodedCertificate>${#cert}</encodedCertificate>
</signingCertificate>
</parameters>
<signatureValue>
<algorithm>RSA_SHA256</algorithm>
<value>${#datatosign}</value>
</signatureValue>
<toSignDocument>
<bytes><xop:Include xmlns:xop="http://www.w3.org/2004/08/xop/include" href="ref1"/></bytes>
<name>dsstest</name>
</toSignDocument>
</signDocumentDTO>
</ns2:signDocument>
</soap:Body>
</soap:Envelope>
要生成的代码 signatureValue:
try (Pkcs12SignatureToken token = new Pkcs12SignatureToken("src/main/resources/user_a_rsa.p12", new PasswordProtection("password".toCharArray()))) {
List<DSSPrivateKeyEntry> keys = token.getKeys();
for (DSSPrivateKeyEntry entry : keys) {
System.out.println(entry.getCertificate().getCertificate());
}
ToBeSigned toBeSigned = new ToBeSigned("Hello world".getBytes());
SignatureValue signatureValue = token.sign(toBeSigned, DigestAlgorithm.SHA256, keys.get(0));
System.out.println("Signature value : " + Utils.toBase64(signatureValue.getValue()));
}
DSS 在 getDataToSign 中为您提供要使用与您发送的证书相对应的私钥签名的摘要。
您必须使用指定的算法对该值进行数字签名,并将结果发送到 signDocument。在您的情况下,带有 SHA256
伪代码
var digestToSign = getDataToSign(document, params)
var signatureValue = PKCS#1_v1.5(privateKey, digestToSign, SHA256)
var finalDocument = signDocument(signatureValue)
在此之后,DSS 将构建最终的签名文档。