PDF文档结构分析可参见:http://blog.csdn.net/pdfMaker/article/details/573990。下面仅对PDF的电子签名进行分析
PDF的签名标准是 PAdES,ETSI TS 102 778.
签名后的PDF文档格式:
其实符号“<>”并没有算入被签名里面
签名值的对象格式:
21 0 obj
<</ByteRange[ 0 60202 65080 4917] /Contents<30........000000>/Filter/Adobe.PPKLite/M(D:20141005145612+08'00')/Name(CSP_test11)/Prop_Build<</App<</Name/Reader/OS[/Win]/R 720903/REx(11.0.7)/TrustedMode true>>/Filter<</Date(May 8 2014 13:48:44)/Name/Adobe.PPKLite/R 131104>>/PubSec<</Date(May 8 2014 13:48:44)/NonEFontNoWarn true/R 131105>>>>/SubFilter/adbe.pkcs7.detached/Type/Sig>>
endobj
为什么Contents里面会有这么多0,因为需要先预算出ByteRange,所以先预多一点签名值数据,不够就补0
对Contents<>里面的数据进行分析,可知签名格式分:
adbe.pkcs7.detached(P7不带内容)
adbe.pkcs7.sha1(P7带内容。先对PDF数据做SHA1,再把SHA1数据作为P7内容,相当于做了2次摘要)
adbe.x509.rsa_sha1(数字证书+P1签名)
ETSI.CAdES.detached(CAdES不带内容)
以上签名格式可以在注册表修改:
[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0\Security\cPubSec]
"aSignFormat"="adbe.pkcs7.detached"
参考资料:http://www.adobe.com/devnet-docs/acrobatetk/tools/PrefRef/Windows/Security.html
adbe.x509.rsa_sha1签名:
21 0 obj
<</ByteRange[ 0 63435 63715 4925]/Cert[(0......?)]/Contents<0......>/Filter/Adobe.PPKLite/M(D:20141106102436+08'00')/Name(......)/Prop_Build<</App<</Name/Reader/OS[/Win]/R 720905/REx(11.0.9)/TrustedMode true>>/Filter<</Date(Sep 12 2014 09:43:12)/Name/Adobe.PPKLite/R 131104>>/PubSec<</Date(Sep 12 2014 09:43:12)/NonEFontNoWarn true/R 131105>>>>/SubFilter/adbe.x509.rsa_sha1/Type/Sig>>
endobj
多了个/Cert对象
时间戳:
16 0 obj
<</ByteRange[ 0 1476 13782 4877]/Contents<3082072e....0000>/Filter/Adobe.PPKLite/Prop_Build<</App<</Name/Reader/OS[/Win]/R 720903/REx(11.0.7)/TrustedMode true>>/Filter<</Date(May 8 2014 13:48:44)/Name/Adobe.PPKLite/R 131104>>/PubSec<</Date(May 8 2014 13:48:44)/NonEFontNoWarn true/R 131105>>>>/SubFilter/ETSI.RFC3161/Type/DocTimeStamp/V 0>>
endobj
