问题描述
我正在生成带有签名的PDF文档,并且希望将其启用LTV.为此,我在创建PDF时对其进行签名,然后添加包含DSS以及验证相关信息(VRI)的第二个版本.正如我在某些文章中发现的那样,我需要添加证书链(不包含根证书-Authority)和证书吊销列表(CRL).就我而言,这两个元素都有两个.之后,我添加了VRI的条目,该条目是签名内容的SHA-1哈希(在/Contents的第一个PDF版本中找到),其值引用了上面提到的证书和CRL.
I'm generating a PDF document with signature and I want it to be LTV enabled.For this, I sign the PDF when creating it and then I add the second version containing the DSS with the validation related informations (VRI).As I found in some articles, I need to add the Certificate chain (without the root certificate - Authority) and the Certificate Revocation List (CRL). In my case, both will have 2 elements. After that I add the entry for the VRI which is a SHA-1 hash of the signature content (found in the first PDF verion in the /Contents ) with the value which refers the Certificates and CRL mentioned above.
对于证书和吊销列表元素,我都使用内容的原始字节流.
For both the certificates and the revocation list elements I use the raw bytes stream of the content.
这里是我的PDF示例
修改
我获取CRL信息的方式是像这样使用WynCrypt:
The way I obtain the CRL information is uising WynCrypt like this:
//Retrieve chained certificate
if(!CertGetCertificateChain(hChainEngine, pSignerCert, pTime, hAdditionalStore, &chainPara, dwFlags, NULL, &ppChainContext))
return NULL;
//first cert in chain is the end cert; last one is the root cert
for(int i = 0; i < ppChainContext->cChain; ++i)
{
PCERT_SIMPLE_CHAIN simpleChain = ppChainContext->rgpChain[i];
for(int j = 0; j < (int)simpleChain->cElement - 1; j++)//do not include root certificate
{
PCERT_CHAIN_ELEMENT chainElement = simpleChain->rgpElement[j];
if(chainElement->pCertContext)
{
//the certificate bytes
byte* certBytes =chainElement->pCertContext->pbCertEncoded
}
if(chainElement->pRevocationInfo && chainElement->pRevocationInfo->pCrlInfo)
{
PCCRL_CONTEXT crlContext = chainElement->pRevocationInfo->pCrlInfo->pBaseCrlContext;//get revocation context
//the bytes that will be written in PDF
byte* crlBytes = crlContext->pbCrlEncoded;
}
}
}
推荐答案
解决方案
与解决该问题的方法相同:
这篇关于无法弄清楚为什么我的PDF签名未启用LTV的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!