使用 adbe 创建签名 PDF。pkcs7.detached

Creating a signed PDF using adbe.pkcs7.detached

我正在生成这个非常基本的 PDF 并尝试对其进行签名。但是我遗漏了一些东西并且可以弄清楚是什么,也许你们有一个主意。 Acrobat 确实识别签名,但显示:

The validity of the document certification is UNKNOWN. An error occurred while attempting to validate this signature.

签名应该没问题。 ByteRange 偏移量也很好。 所以我只能想到我缺少的字段或对象(?)

%PDF-1.7
%âãÏÓ
1 0 obj
<</Type/Catalog/Version/1.7/Pages 2 0 R/Perms<</DocMDP 3 0 R>>/AcroForm<</Fields[4 0 R]/SigFlags 1>>>>
endobj
2 0 obj
<</Type/Pages/Kids[5 0 R]/Count 1>>
endobj
3 0 obj
<</Type/Sig/Filter/Adobe.PPKLite/ByteRange[0 295 3295 846]                               /Contents<308204db06092a864886f70d010702a08204cc308204c8020101310f300d06096086480165030402010500300b06092a864886f70d010701a082027f3082027b308201e4020900b4b98c33de20e306300d06092a864886f70d01010b0500308180310b30090603550406130244453112301006035504080c09617364662061736466310d300b06035504070c0461736466310d300b060355040a0c0461736466310d300b060355040b0c0461736466310c300a06035504030c036173663122302006092a864886f70d01090116136173646661736466406173646661732e636f6d3020170d3230313032303131303833315a180f33303230303232313131303833315a308180310b30090603550406130244453112301006035504080c09617364662061736466310d300b06035504070c0461736466310d300b060355040a0c0461736466310d300b060355040b0c0461736466310c300a06035504030c036173663122302006092a864886f70d01090116136173646661736466406173646661732e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100dec31622a34a21373280798b444024738d7420500f1865466f760f8e3ba8effc320bbe4c4e15553af31518952a745852a1a4dffaff8f9ca95bf9b0b89595d6a0ffd698a42392361a7cbb5490c17a56ebcb7843aaff77a50424015c5a1c7acd2a29728b5893f9469cc1bef21f3d94278219c3084847c01d8720438da4819264b50203010001300d06092a864886f70d01010b05000381810023ae25bab322bff456acba1d1fa187a65b2bac659c0c7fd21dfc6cc56fd3eb5a3c2d681b4742667a36823633a70a6c6d4af602c4438b5d545950fcb2bf12a40f36bd82cc375c7c6ce03b488e55e014dbd176a74182465fab2dbcc5029f68ce36bb9135c8d4c2a1a692fa89d1c13f3b074f66ac97b1b011e53bdb84cfe1d0a690318202203082021c02010130818e308180310b30090603550406130244453112301006035504080c09617364662061736466310d300b06035504070c0461736466310d300b060355040a0c0461736466310d300b060355040b0c0461736466310c300a06035504030c036173663122302006092a864886f70d01090116136173646661736466406173646661732e636f6d020900b4b98c33de20e306300d06096086480165030402010500a081e4301806092a864886f70d010903310b06092a864886f70d010701301c06092a864886f70d010905310f170d3230313032313231323131305a302f06092a864886f70d01090431220420da807ca67317ae0b36afaa745f2dd2c3331bcb550e271e2757cf19c6974cdcb2307906092a864886f70d01090f316c306a300b060960864801650304012a300b0609608648016503040116300b0609608648016503040102300a06082a864886f70d0307300e06082a864886f70d030202020080300d06082a864886f70d0302020140300706052b0e030207300d06082a864886f70d0302020128300d06092a864886f70d01010105000481800df9fd0348768d03bf3328db4635b8a7845eb614d2b01f6c82b9c8c459bdbd0324c95d3b1c32de79883dc0468fae51ca5a8fe2a7a58351cb3dd09c02a65cbce54c0fbf7aeda516bbe6c2cc30b067b1f7ca4f4d94e37d47b21ef098f418e81104249e5dfc24e9aad76f1fbc9f30a2a2164a1beb2be2cbf318d7bbff77e32d6f7600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000>/ContactInfo(contact@example.com)/M(D:20201021212110+0000)/Location(Germany)/Name(Foo Bar)/Reason(Testing)/SubFilter/adbe.pkcs7.detached/Reference[<</TransformMethod/DocMDP/TransformParams<</Type/TransformParams/P 2/V/1.2>>/Type/SigRef>>]>>
endobj
4 0 obj
<</FT/Sig/V 3 0 R/Subtype/Widget/Type/Annot/Rect[0 0 0 0]/P 5 0 R/Ff 0/T(Signature)/F 4>>
endobj
5 0 obj
<</Type/Page/LastModified(D:20201021212110+0000)/Resources<<>>/Contents 6 0 R/MediaBox[0 0 100 100]/Parent 2 0 R/Annots[4 0 R]>>
endobj
6 0 obj
<</Length 26>>
stream
1 0 0 rg
25 25 50 50 re
f

endstream

endobj
xref
0 7
0000000000 65535 f 
0000000019 00000 n 
0000000137 00000 n 
0000000188 00000 n 
0000003544 00000 n 
0000003649 00000 n 
0000003793 00000 n 
trailer
<</Size 7/Root 1 0 R/ID[<710C628807B8A8C0FE59D85C01B973A4><710C628807B8A8C0FE59D85C01B973A4>]>>
startxref
3868
%%EOF

欢迎任何提示!

您的文件中至少有两个错误。

不正确字节范围

ByteRange 中的间隙仅包含签名值的十六进制数字

308204db...00000000

但它应该包含整个十六进制字符串,包括它的定界符、尖括号

<308204db...00000000>

根据互操作签名规范的要求:

For byte range signatures, Contents shall be a hexadecimal string with “<” and “>” delimiters. It shall fit precisely in the space between the ranges specified by ByteRange.

(ISO 32000-1 第 12.8.3.3.2 节)

因此,您的 ByteRange 数组应该是 [0 294 3296 845] 而不是 [0 295 3295 846]

签名日期不正确

你的签名字典M值为

(D:20201022075138+0000)

这在两个方面是不正确的:

  • 首先,如果您在日期对象中同时具有时区偏移量的小时和分钟,则它们必须用撇号分隔。因此,

    (D:20201022075138+00'00)

  • 此外,“+”号保留用于正时区偏移;对于零偏移量,必须使用 'Z'。因此,

    (D:20201022075138Z00'00)

这是日期对象规范所要求的:

A date shall be a text string of the form

(D:YYYYMMDDHHmmSSOHH'mm)

...

A PLUS SIGN as the value of the O field signifies that local time is later than UT, a HYPHEN-MINUS signifies that local time is earlier than UT, and the LATIN CAPITAL LETTER Z signifies that local time is equal to UT.

此外,AcroForm 字典中的 SigFlags3 而不是 1 会改善PDF 查看器的用户体验。