小贝子编程

如何使用python在pdf中签署数字签名



我正在做一个几乎已经完成的电子签名项目。但我不知道如何对来自XML响应的数字签名进行签名,我已经提到了XML响应结构。我可以从证书<UserX509Certificate>中获取数据,但现在我无法在pdf文档中添加签名或在其中签名。请帮助。

from cryptography.x509 import load_pem_x509_certificate
from cryptography.hazmat.backends import default_backend
cert_str = '''
-----BEGIN CERTIFICATE-----
MIIFmzCCBIOgAwIBAgIDAYadMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAklO...==
-----END CERTIFICATE-----'''
cert_obj = load_pem_x509_certificate(str.encode(cert_str), default_backend())

<?xml version="1.0" encoding="UTF-8"?>
<EsignResp errCode="NA" errMsg="NA" resCode="XXXXXXXXXXXXXXXXXXXXXXXX" status="1" ts="2019-05-02T15:15:13" txn="XXXXXXXXXXXXXXXXXXXXXXXX">
<UserX509Certificate>XXXXXXXXXXXXXXXXXXXXXXXX</UserX509Certificate>
<Signatures>
<DocSignature error="" id="1" sigHashAlgorithm="SHA256">XXXXXXXXXXXXXXXXXXXXXXXX</DocSignature>
</Signatures>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<DigestValue>XXXXXXXXXXXXXXXXXXXXXXXX</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>XXXXXXXXXXXXXXXXXXXXXXXX</SignatureValue>
<KeyInfo>
<KeyValue>
<RSAKeyValue>
<Modulus>XXXXXXXXXXXXXXXXXXXXXXXX</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
</KeyValue>
<X509Data>
<X509SubjectName>XXXXXXXXXXXXXXXXXXXXXXXX</X509SubjectName>
<X509Certificate>XXXXXXXXXXXXXXXXXXXXXXXX</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</EsignResp>

对于PDF文件的签名,通常会在PDF签名中使用CMS,直接在原始PDF文档中添加新的PDF修订版。参见章节";12.8数字签名";有关详细信息,请参阅ISO 32000-1。

如果您想使用XMLDSig对PDF进行签名,最好的方法是使用包络签名格式,将PDF文件的base64嵌入内容合并到签名中的ds:Object元素中,例如:

<ds:Signature ...>
...
<ds:Object Id="o-id-1">77u/PD94bWwg...</ds:Object>
</ds:Signature>

并通过应用base64编码转换的ds:Reference中的Id引用已签名元素:

<ds:Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="#o-id-1">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#base64"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>68ArneI9Ph...</ds:DigestValue>
</ds:Reference>

有关取消引用模型的更多信息,请参阅XMLDSig规范。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium