如何从 PKCS#1 Zeal id 集成中获取 CMS (PKCS#7)
How to get CMS (PKCS#7) from PKCS#1 Zeal id integration
我正在集成 CSC2QR 热心 ID 集成。我发送 Base64 URL 编码的 SHA256 哈希值(OGRlY2M4NTcxOTQ2ZDRjZDcwYTAyNDk0OWUwMzNhMmEyYTU0Mzc3ZmU5ZjFjMWI5NDRjMjBmOWVlMTFhOWU1MQ==)进行签名,作为响应,我得到了 PKCS#1 原始签名。我对如何使用此信息对文档进行数字签名感到困惑。我正在使用 itext7 .
"signatures": [
"uXPiaQOEToyju50OIMrNe5gTstUQhnufmlcxmI9mG5tPCCMDYdfEV4Y+gKkixdzD\r\nZqni1+QAfy8cabRzpq13Puz31qUJ5spDRLfY/VLgBvLZLWTDK0KnJPsPWb36vMY5\r\n8CAn3DSbB02QkOoAafJkcOL3StnXc/JnAszk0lICwIM4lC3IW/pv3tWetrIn6pAJ\r\n7XBSX/zw2tfW9czFFrBaLm7hSe2NlQ1JsMgyLWEBauvFHeyFLdf9rLMM+aCoagRU\r\nD7T4Z31LrxmHFKVelS5dRvZuj8GTYJ78lfYfigSiVMsD8NEY3+YDthAsw2Lmgqs5\r\nMgVmRaQrjSdUMNeDZduFR1IeC/DLmQoBa8oXmeVqgxM0nIplq9gze1FklbPgiZ7G\r\n5zmdD8lnAP9BLawu9P+hC2GZNkeqVep3QzmoO149Iyu0jK8nrhYmxcEEqzaZiklc\r\nIKK7t03Ypst93Kps0OLc0s09A2g2wU+KzuuM+s29VKaE/gua9DKHNtf1iIZDmLtv\r\nRUoQxV9odJvRZwa+UMPsRTVejKb9pbgodiUtieyLq8Kr/NjJl+wnuH8CIiXYWxpe\r\nFoQ+J1teMOok/`sbO2X90SNqg5jvsyFTCBrGSgGWSob1TFghgWgRNiDBienXWWY09`\r\noaii058RhlJDm5l1KhMurBUZsyAre9rs74qj5tntMyQ="
]
我也收到了签名者证书作为回应
响应-:
{
"authMode": "oauth2code",
"cert": {},
"key": {
"algo": [
"1.2.840.113549.1.1.11"
],
"len": 4096,
"status": "enabled"
},
"lang": "en-US",
"multisign": 1
}
我不知道 CSC 2QR API,更不用说完成解决它的代码了。因此,在这个答案中,我将显示一个框架来集成任意远程签名 API.
将远程签名服务与 iText 7 签名 API 集成的最简单方法是相应地实施 IExternalSignature。这可能看起来像这样(特定于 CSC 2QR API 的伪代码表示的代码):
public class CSC2QRSignature implements IExternalSignature {
Certificate[] chain;
String hashAlgorithm = "SHA256";
String encryptionAlgorithm = "RSA";
public CSC2QRSignature([... parameters you need for CSC 2QR communication ...]) {
[... request your CSC 2QR Credentials Info and initialize ...]
[... chain, hashAlgorithm, and encryptionAlgorithm accordingly ...]
}
@Override
public String getEncryptionAlgorithm() {
return encryptionAlgorithm;
}
@Override
public String getHashAlgorithm() {
return hashAlgorithm;
}
public Certificate[] getChain() {
return chain;
}
@Override
public byte[] sign(byte[] message) throws GeneralSecurityException {
byte[] digest = MessageDigest.getInstance(hashAlgorithm).digest(message);
[... call CSC 2QR Sign Hash for the base64 encoded digest ...]
[... and return the base64 decoded signature from the response ...]
}
}
使用 class 你可以像这样签署 PDF:
PdfReader reader = new PdfReader(SOURCE_PDF);
OutputStream os = new FileOutputStream(RESULT_PDF);
CSC2QRSignature signature = new CSC2QRSignature(...);
IExternalDigest digest = new BouncyCastleDigest();
PdfSigner signer = new PdfSigner(reader, os, new StampingProperties());
signer.signDetached(digest, signature, signature.getChain() , null, null, null, 0, CryptoStandard.CMS);
我正在集成 CSC2QR 热心 ID 集成。我发送 Base64 URL 编码的 SHA256 哈希值(OGRlY2M4NTcxOTQ2ZDRjZDcwYTAyNDk0OWUwMzNhMmEyYTU0Mzc3ZmU5ZjFjMWI5NDRjMjBmOWVlMTFhOWU1MQ==)进行签名,作为响应,我得到了 PKCS#1 原始签名。我对如何使用此信息对文档进行数字签名感到困惑。我正在使用 itext7 .
"signatures": [
"uXPiaQOEToyju50OIMrNe5gTstUQhnufmlcxmI9mG5tPCCMDYdfEV4Y+gKkixdzD\r\nZqni1+QAfy8cabRzpq13Puz31qUJ5spDRLfY/VLgBvLZLWTDK0KnJPsPWb36vMY5\r\n8CAn3DSbB02QkOoAafJkcOL3StnXc/JnAszk0lICwIM4lC3IW/pv3tWetrIn6pAJ\r\n7XBSX/zw2tfW9czFFrBaLm7hSe2NlQ1JsMgyLWEBauvFHeyFLdf9rLMM+aCoagRU\r\nD7T4Z31LrxmHFKVelS5dRvZuj8GTYJ78lfYfigSiVMsD8NEY3+YDthAsw2Lmgqs5\r\nMgVmRaQrjSdUMNeDZduFR1IeC/DLmQoBa8oXmeVqgxM0nIplq9gze1FklbPgiZ7G\r\n5zmdD8lnAP9BLawu9P+hC2GZNkeqVep3QzmoO149Iyu0jK8nrhYmxcEEqzaZiklc\r\nIKK7t03Ypst93Kps0OLc0s09A2g2wU+KzuuM+s29VKaE/gua9DKHNtf1iIZDmLtv\r\nRUoQxV9odJvRZwa+UMPsRTVejKb9pbgodiUtieyLq8Kr/NjJl+wnuH8CIiXYWxpe\r\nFoQ+J1teMOok/`sbO2X90SNqg5jvsyFTCBrGSgGWSob1TFghgWgRNiDBienXWWY09`\r\noaii058RhlJDm5l1KhMurBUZsyAre9rs74qj5tntMyQ="
]
我也收到了签名者证书作为回应 响应-:
{
"authMode": "oauth2code",
"cert": {},
"key": {
"algo": [
"1.2.840.113549.1.1.11"
],
"len": 4096,
"status": "enabled"
},
"lang": "en-US",
"multisign": 1
}
我不知道 CSC 2QR API,更不用说完成解决它的代码了。因此,在这个答案中,我将显示一个框架来集成任意远程签名 API.
将远程签名服务与 iText 7 签名 API 集成的最简单方法是相应地实施 IExternalSignature。这可能看起来像这样(特定于 CSC 2QR API 的伪代码表示的代码):
public class CSC2QRSignature implements IExternalSignature {
Certificate[] chain;
String hashAlgorithm = "SHA256";
String encryptionAlgorithm = "RSA";
public CSC2QRSignature([... parameters you need for CSC 2QR communication ...]) {
[... request your CSC 2QR Credentials Info and initialize ...]
[... chain, hashAlgorithm, and encryptionAlgorithm accordingly ...]
}
@Override
public String getEncryptionAlgorithm() {
return encryptionAlgorithm;
}
@Override
public String getHashAlgorithm() {
return hashAlgorithm;
}
public Certificate[] getChain() {
return chain;
}
@Override
public byte[] sign(byte[] message) throws GeneralSecurityException {
byte[] digest = MessageDigest.getInstance(hashAlgorithm).digest(message);
[... call CSC 2QR Sign Hash for the base64 encoded digest ...]
[... and return the base64 decoded signature from the response ...]
}
}
使用 class 你可以像这样签署 PDF:
PdfReader reader = new PdfReader(SOURCE_PDF);
OutputStream os = new FileOutputStream(RESULT_PDF);
CSC2QRSignature signature = new CSC2QRSignature(...);
IExternalDigest digest = new BouncyCastleDigest();
PdfSigner signer = new PdfSigner(reader, os, new StampingProperties());
signer.signDetached(digest, signature, signature.getChain() , null, null, null, 0, CryptoStandard.CMS);