我尝试使用 Pkcs11Interop和 Pkcs11Interop 对 pdf 文档进行签名.PDF扩展名由 @jariq(这里(。有时(并非总是如此(,我收到一条带有消息的异常:找不到带有串行和标签的令牌,然后重试,没有引发异常。请告诉我为什么。我的设备是SafeNet Luna Network HSM,这是我的代码:
Using pkcs11 As Pkcs11RsaSignature = New Pkcs11RsaSignature(LIBRARY_PATH, partitionSerial, partitionAlias, pin, privateKeyAlias, Nothing, Net.Pkcs11Interop.PDF.HashAlgorithm.SHA256)
Dim signingCertificate As Byte() = pkcs11.GetSigningCertificate()
Dim otherCertificates As List(Of Byte()) = pkcs11.GetAllCertificates()
Dim certPath As ICollection(Of Org.BouncyCastle.X509.X509Certificate) = CertUtils.BuildCertPath(signingCertificate, otherCertificates)
Using reader As New PdfReader(tempFile)
Using os As New FileStream(absolutePath, FileMode.Create)
Using stamper = PdfStamper.CreateSignature(reader, os, ControlChars.NullChar)
appearance = stamper.SignatureAppearance
appearance.SignDate = IIf(signDate = Nothing, DateTime.Now, signDate)
appearance.SetVisibleSignature(New iTextSharp.text.Rectangle(380, 60, 560, 120), reader.NumberOfPages, "sign_name")
appearance.CertificationLevel = PdfSignatureAppearance.CERTIFIED_NO_CHANGES_ALLOWED
Dim bf As BaseFont = BaseFont.CreateFont("C:WindowsFontstimes.ttf", BaseFont.IDENTITY_H, BaseFont.EMBEDDED)
appearance.Layer2Font = New iTextSharp.text.Font(bf, 9, Font.NORMAL, iTextSharp.text.BaseColor.RED)
MakeSignature.SignDetached(appearance, pkcs11, certPath, Nothing, Nothing, Nothing, 0, CryptoStandard.CADES)
End Using
End Using
End Using
End Using
Pkcs11互操作从 HSM 供应商提供的非托管 PKCS#11 库中请求插槽/令牌列表。然后,它会搜索该列表并查找与提供的序列号/标签条件匹配的插槽/令牌。如果它说找不到这样的令牌,那么非托管的 PKCS#11 库很可能没有返回这样的插槽,你需要向你的 HSM 供应商寻求帮助。
如果要检查是否是这种情况,则需要记录PKCS#11库的所有PKCS#11调用/响应。启用此类日志记录所需的确切步骤应出现在 PKCS#11 库供应商提供的文档中。或者,您可以使用PKCS11-LOGGER。