Adding a digital signature to a PDF using Java

后端 未结 3 1974
南旧
南旧 2021-02-03 12:08

I want to digitally sign a PDF file using a certificate stored on a USB-token, HSM, etc. How do I use the private key stored on the USB token using JAVA?

3条回答
  •  灰色年华
    2021-02-03 12:41

    Steps involved in Adding Digital Signature to a PDF File:

    (I) Create Template PDFDocument :

    Create PDFDocument with template signature:

    PDSignature pdSignature;
    pdSignature.setByteRange(new int[]{0, 0, 0, 0});
    pdSignature.setContents(new byte[n*1024]);
    

    where n is an integer, ie multiple of kbs.

    Note: Content Size should be greater than or equal to sum of length of Signature and Certificate File.

    (II) Update the Template PDF Docuement :

    (a) Update /ByteRange[a b c d]:
    (i) a= Offset of % in "%PDF"(=0, by default)
    (ii) b= Offset of < in "/Contents<000...000>"
    (iii) c= Offset of > in "/Contents<000...000>"
    (iv) d= Offset of F in "%%EOF" minus c from above

    (b) update xref section:
    update the cross-reference table(xref section), that specifies the position of the objects and

    (c) Update startxref section:
    update startxref, which is the offset of start of cross-reference table(xref).

    (III) Generate Digital Signature of the Updated Template Document:
    Generate of the Updated Template Document Excluding the Temporary Signed Data ("000...000) of "/Contents<000...000>"

    (IV) Update Content<> Section:
    Substitute First/Initial "0"s of Signed Data length in "/Contents<000...000>" with Signed Data (Enveloped) of template PDFFile.

    Suggestions:

    Use SignatureInterface of PDFBox :

    (a) implement SignatureInterface to call sign() method (b) supply the input, output files, keystore, alias, pin (c) do save incrment

    (or) use any java pdf library (like iText...)

    (or) Implement the Steps I-IV in java yourself.

提交回复
热议问题