通过智能卡C#数字签署PDF文档
我是网站的新手,所以如果我做错了什么,请纠正我。
我一直在尝试通过智能卡签名PDF文档(以前从未尝试过或做过)。到目前为止,我还没有很多运气,但是我尝试从智能卡中导出证书,并以这种方式使用它们。问题是在智能卡上,有2个单独的证书,其中一个用于身份验证,并且具有私钥,而另一个几乎仅在没有密钥的情况下是相同的。 我的目标是构建一个将分批签署PDF文件的应用程序。 我完全迷失了这一点,因此我非常感谢
我尝试实施此操作的帮助,但到目前为止没有运气。 iTextsharp 中添加数字签名
在 尝试了此示例,但是我从导出证书获得的PFX文件以某种方式无效 e e-signing pdf pdf pdf pdf
: 我目前正在尝试使用的代码来自此答案。 我遇到的错误是“指定的标志无效”。以下是从命令certutil -scinfo导出的命令行,
================ Certificate 1 ================
--- Reader: Generic EMV Smartcard Reader 0
--- Card: SmartCafe Expert v7.0 with NetSeT PKI
Provider = Microsoft Base Smart Card Crypto Provider
Key Container = ed70b1d1fbcb443ab1bb3bb40******
Serial Number: *********
Issuer: CN=********, O=********, OU=********, OID********, L=********, C=********
NotBefore: 10.05.2022 07:42
NotAfter: 10.05.2027 07:42
Subject: CN=******** ******** Sign, G=********, SN=********, SERIALNUMBER=CA:********, SERIALNUMBER=********, C=********
Non-root Certificate
Cert Hash(sha1): e30749b119fba55f6a8242d72d7e5e********
Performing AT_SIGNATURE public key matching test...
Public key matching test succeeded
Key Container = ed70b1d1fbcb443ab1bb3bb40******
Provider = Microsoft Base Smart Card Crypto Provider
ProviderType = 1
Flags = 1
0x1 (1)
KeySpec = 2 -- AT_SIGNATURE
Private key verifies
Performing cert chain verification...
Chain validates
Smart Card Logon: Chain validates
dwFlags = CA_VERIFY_FLAGS_NT_AUTH (0x10)
dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000)
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000)
Application[0] = 1.3.6.1.4.1.311.20.2.2 Smart Card Logon
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000)
HCCE_LOCAL_MACHINE
CERT_CHAIN_POLICY_NT_AUTH
-------- CERT_CHAIN_CONTEXT --------
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
ChainContext.dwRevocationFreshnessTime: 167 Days, 1 Minutes, 7 Seconds
SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
SimpleChain.dwRevocationFreshnessTime: 167 Days, 1 Minutes, 7 Seconds
我正在使用应用程序中的以下输入参数:
providername =“ Microsoft Base Smart Card Crypto Provider”
keyContainername =“ ED70B1D1FBCB443AB1BB3BB40 ******”
I am new to the site so please correct me if I do something wrong.
I have been trying to digitally sign PDF documents from a smart card (never tried or done it before). So far I haven't had much luck but I've tried exporting the certificates from my smart card and use them that way. Problem is on the smart card, there are 2 separate certificates where one of them is used for authentication and has a private key and the other is almost the same only without the key.
My goal is to build an application that will sign pdf files in batches.
I am completely lost on this one so I would really appreciate some help
I tried implementing this but had no luck so far.
Adding a Digital signature to a PDF with iTextSharp
Also tried this example but the pfx file I get from exporting the certificate is invalid somehow
E-signing PDF documents with iTextSharp
Edit:
The code I am currently trying to use is from this answer.
The error I am getting is "Invalid flags specified". Below is a command line export from the command CertUtil -ScInfo
================ Certificate 1 ================
--- Reader: Generic EMV Smartcard Reader 0
--- Card: SmartCafe Expert v7.0 with NetSeT PKI
Provider = Microsoft Base Smart Card Crypto Provider
Key Container = ed70b1d1fbcb443ab1bb3bb40******
Serial Number: *********
Issuer: CN=********, O=********, OU=********, OID********, L=********, C=********
NotBefore: 10.05.2022 07:42
NotAfter: 10.05.2027 07:42
Subject: CN=******** ******** Sign, G=********, SN=********, SERIALNUMBER=CA:********, SERIALNUMBER=********, C=********
Non-root Certificate
Cert Hash(sha1): e30749b119fba55f6a8242d72d7e5e********
Performing AT_SIGNATURE public key matching test...
Public key matching test succeeded
Key Container = ed70b1d1fbcb443ab1bb3bb40******
Provider = Microsoft Base Smart Card Crypto Provider
ProviderType = 1
Flags = 1
0x1 (1)
KeySpec = 2 -- AT_SIGNATURE
Private key verifies
Performing cert chain verification...
Chain validates
Smart Card Logon: Chain validates
dwFlags = CA_VERIFY_FLAGS_NT_AUTH (0x10)
dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000)
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000)
Application[0] = 1.3.6.1.4.1.311.20.2.2 Smart Card Logon
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000)
HCCE_LOCAL_MACHINE
CERT_CHAIN_POLICY_NT_AUTH
-------- CERT_CHAIN_CONTEXT --------
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
ChainContext.dwRevocationFreshnessTime: 167 Days, 1 Minutes, 7 Seconds
SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
SimpleChain.dwRevocationFreshnessTime: 167 Days, 1 Minutes, 7 Seconds
I am using the following input parameters in the app:
ProviderName="Microsoft Base Smart Card Crypto Provider"
KeyContainerName = "ed70b1d1fbcb443ab1bb3bb40******"
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
最终目标是什么?网络,控制台或桌面应用? Web有点复杂一些,因为它似乎仅与Java一起使用,除非您使用外部证书和私钥在后端签名,并将用户从其智能卡中的签名信息放在签名字段中。 Java是唯一可以与SmartCard中间件交谈以挑战我所知道的智能卡上的私钥的客户软件。如果是桌面或控制台应用程序,则应该很容易。我将ITEXT 7与SmartCard数字签名一起使用。目前我正在做网络。我们不能再使用Java,因此它是由Web服务器证书签名的,但如果有道理,则将用户的智能卡信息放在数字签名字段中。根据您的最终目标,我可能可以在正确的方向上为您提供帮助。
What is the end goal? web, console, or desktop app? Web is a little more complicated because it seems to only work with Java, unless you use an external certificate and private key to sign on the back end and put the users signature info from their smart card in the signature field. Java is the only client software that can talk to the smartcard middleware to challenge the private key on the smart card that I know of. If it's a desktop or console app, then it should be easy. I'm using iText 7 with smartcard digital signatures. I'm doing the web one at the moment. We can't use Java anymore, so it is signed by the web server certificate but puts the smartcard info of the user in the digital signature field, if that makes sense. I can probably assist you in the right direction depending on your end goal.