已签名的 PDF 未准备好 LTV

Signed PDF is not LTV-ready

我正在尝试使用 BouncyCastle CMS 签署 PDF。签名有效,但 Adob​​e Reader 告诉我它不支持 LTV。

据我所知,CRL 嵌入在 CMS SignedData 中。证书也被嵌入。还嵌入了时间戳。

签名为分离签名,放在“保留space”中。

为什么签名还没有为 LTV 做好准备?我做错了什么吗?

签名测试-PDF:http://www.filedropper.com/outputx

代码:

    CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
    // CertificateChain
    List<Certificate> certList = Arrays.asList(certChain);

    try {

        Hashtable signedAttrs = new Hashtable();
        X509Certificate signingCert = (X509Certificate) certList.get(0);
        gen.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider("BC")
                .setSignedAttributeGenerator(new AttributeTable(signedAttrs))
                .build("SHA256withRSA", privKey, signingCert));

        gen.addCertificates(new JcaCertStore(certList));
        boolean embedCrls = true;
        if (embedCrls) {
            X509CRL[] crls = fetchCRLs(signingCert);
            for (X509CRL crl : crls) {
                gen.addCRL(new JcaX509CRLHolder(crl));
            }
        }
        // gen.addOtherRevocationInfo(arg0, arg1);

        CMSProcessableByteArray processable = new CMSProcessableByteArray(IOUtils.toByteArray(content));

        CMSSignedData signedData = gen.generate(processable, false);
        if (tsaClient != null) {
            signedData = signTimeStamps(signedData);
        }
        return signedData.getEncoded();
    } catch (Exception e) {
        throw new RuntimeException(e);
    }

在可互操作的 PDF 签名中,有两种方法可以添加与验证相关的信息,并且它们都没有使用您的代码使用的默认 CMS 添加 CRL 的方法。

在签名属性中添加预取数据

旧的 ISO 32000-1 样式 “ISO 32000 中使用的 PKCS#7 签名”(后来基于 CMS 而不是 PKCS#7)被指定为包括撤销Adobe 注册的 OID 的专用 signed 属性中的信息:

12.8.3.3.2 Revocation Information

The adbe Revocation Information attribute:

adbe-revocationInfoArchival OBJECT IDENTIFIER ::=
                            { adbe(1.2.840.113583) acrobat(1) security(1) 8 }

The value of the revocation information attribute can include any of the following data types:

  • Certificate Revocation Lists (CRLs), described in RFC 3280 (see the Bibliography): CRLs are generally large and therefore should not be embedded in the PKCS#7 object.
  • Online Certificate Status Protocol (OCSP) Responses, described in RFC 2560, X.509 Internet Public Key Infrastructure Online Certificate Status Protocol—OCSP (see the Bibliography): These are generally small and constant in size and should be the data type included in the PKCS#7 object.
  • Custom revocation information: The format is not prescribed by this specification, other than that it be encoded as an OCTET STRING. The application should be able to determine the type of data contained within the OCTET STRING by looking at the associated OBJECT IDENTIFIER.

adbe's Revocation Information attribute value has ASN.1 type RevocationInfoArchival:

RevocationInfoArchival ::= SEQUENCE {
   crl [0] EXPLICIT SEQUENCE of CRLs, OPTIONAL
   ocsp [1] EXPLICIT SEQUENCE of OCSP Responses, OPTIONAL
   otherRevInfo [2] EXPLICIT SEQUENCE of OtherRevInfo, OPTIONAL
}
OtherRevInfo ::= SEQUENCE {
   Type OBJECT IDENTIFIER
   Value OCTET STRING
}

(显然这只是伪ASN.1...)

由于此结构是已签名属性的值,因此必须在签名之前获取吊销信息才能像这样添加。

在文档安全存储 (DSS) 中添加数据

对于他们的 PAdES 签名,ETSI 指定了额外的 PDF 结构来添加到签名的 PDF 文档中,这些文档可以携带额外的验证相关信息,请参阅 ETSI EN 319 142。这些结构后来被集成到 ISO 32000-2 中:

12.8.4.3 Document Security Store (DSS)

The document security store (DSS), when present, shall be a dictionary that shall be the value of a DSS key in the document catalog dictionary (see 7.7.2, "Document catalog dictionary"). This dictionary may contain:

  • an array of all certificates used for the signatures, including timestamp signatures, that occur in the document. It shall also hold all the auxiliary certificates required to validate the certificates participating in certificate chain validations.
  • an array of all Certificate Revocation Lists (CRL) (see Internet RFC 5280) used for some of the signatures, and
  • an array of all Certificate Status Protocol (OCSP) responses (see Internet RFC 6960) used for some of the signatures.
  • a VRI key whose value shall be a dictionary containing one VRI dictionary (validation-related information) for each signature represented in CMS format.

Any VRI dictionaries, if present, shall be located in document incremental update sections. If the signature dictionary to which a VRI dictionary applies is itself in an incremental update section, the DSS/VRI update shall be done later than the signature update. The inclusion of VRI dictionary entries is optional. All validation material referenced in VRI entries is included in DSS entries too.

...

正如您在此处已读到的那样,此结构设计用于在 签名后添加信息。这与 ETSI 支持在签名 之后生成的吊销信息 一起进行验证。

在 PDFBox 中

您在标签中提到了 PDFBox,因此您似乎使用 PDFBox 进行签名。

要将 预取验证数据添加到已签名的 adbe-revocationInfoArchival 属性 ,您只需将上面定义的属性添加到 signedAttrs你的代码。

要在文档安全存储 (DSS) 中添加数据,您可以使用@Tilman 在评论中提到的 PDFBox 示例 AddValidationInformation 的代码。