I have a SHA256withRSA X.509 certificate which is contained in a SmartCard. I need to use it to sign documents in Java generating a P7M (CAdES) envelope. So far I've found some examples of signing documents but the problem is that:
我有一个包含在SmartCard中的SHA256withRSA X.509证书。我需要用它在Java中签署生成P7M(CAdES)信封的文档。到目前为止,我已经找到了一些签署文档的例子,但问题是:
- Most examples use just PDF (such as itext libraries) but I need to sign also other documents such as .doc
- 大多数示例仅使用PDF(例如itext库),但我还需要签署其他文档,例如.doc
- Signing examples use a keystore or private key.But I have just the X.509 certificate. I suppose the key is embodied in the X.509 certificate
- 签名示例使用密钥库或私钥。但我只有X.509证书。我想密钥体现在X.509证书中
Do you have any pointers to get started ? I'm quite confused and cannot find a starting point.
Thanks!
你有什么指示可以开始吗?我很困惑,找不到起点。谢谢!
1 个解决方案
#1
0
1.) You can sign any file by using the byte[]
of the file. This will be a binary signature. It works on any file (.html, .txt, .pdf, .doc, ..).
1.)您可以使用文件的byte []对任何文件进行签名。这将是二进制签名。它适用于任何文件(.html,.txt,.pdf,.doc,..)。
As comparison to your mentioned "signatures of PDFs", these signatures are called PAdES signatures. These signatures are being recognized by certain applications, like the Adobe Acrobat. If you open such a PDF with the appropriate application, the application will inform you that the document is signed. But the applications can not do that if you use binary signatures - but at least you can sign everything.
与您提到的“PDF签名”相比,这些签名称为PAdES签名。这些签名正在被某些应用程序识别,例如Adobe Acrobat。如果您使用相应的应用程序打开此类PDF,应用程序将通知您该文档已签名。但是如果你使用二进制签名,应用程序就无法做到 - 但至少你可以签署所有内容。
2.) You need a private key in order to sign something. A [X.509][2} certificate only contains the public part of the public-private keypair. The private part must be kept in secret. In your case the private part of the key is stored on the smart card.
2.)您需要一个私钥才能签名。 [X.509] [2}证书仅包含公钥 - 私钥对的公共部分。私密部分必须保密。在您的情况下,密钥的私有部分存储在智能卡上。
Read the manual of the smart card in order to use it. If you do not understand how the public/private key work, go ahead and read something about PKI.
阅读智能卡手册以便使用它。如果您不了解公钥/私钥如何工作,请继续阅读有关PKI的内容。
#1
0
1.) You can sign any file by using the byte[]
of the file. This will be a binary signature. It works on any file (.html, .txt, .pdf, .doc, ..).
1.)您可以使用文件的byte []对任何文件进行签名。这将是二进制签名。它适用于任何文件(.html,.txt,.pdf,.doc,..)。
As comparison to your mentioned "signatures of PDFs", these signatures are called PAdES signatures. These signatures are being recognized by certain applications, like the Adobe Acrobat. If you open such a PDF with the appropriate application, the application will inform you that the document is signed. But the applications can not do that if you use binary signatures - but at least you can sign everything.
与您提到的“PDF签名”相比,这些签名称为PAdES签名。这些签名正在被某些应用程序识别,例如Adobe Acrobat。如果您使用相应的应用程序打开此类PDF,应用程序将通知您该文档已签名。但是如果你使用二进制签名,应用程序就无法做到 - 但至少你可以签署所有内容。
2.) You need a private key in order to sign something. A [X.509][2} certificate only contains the public part of the public-private keypair. The private part must be kept in secret. In your case the private part of the key is stored on the smart card.
2.)您需要一个私钥才能签名。 [X.509] [2}证书仅包含公钥 - 私钥对的公共部分。私密部分必须保密。在您的情况下,密钥的私有部分存储在智能卡上。
Read the manual of the smart card in order to use it. If you do not understand how the public/private key work, go ahead and read something about PKI.
阅读智能卡手册以便使用它。如果您不了解公钥/私钥如何工作,请继续阅读有关PKI的内容。