CN103617403A - PDF file digital signature and verification method and system - Google Patents
PDF file digital signature and verification method and system Download PDFInfo
- Publication number
- CN103617403A CN103617403A CN201310608077.2A CN201310608077A CN103617403A CN 103617403 A CN103617403 A CN 103617403A CN 201310608077 A CN201310608077 A CN 201310608077A CN 103617403 A CN103617403 A CN 103617403A
- Authority
- CN
- China
- Prior art keywords
- digital signature
- data
- pdf document
- original text
- signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Document Processing Apparatus (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a PDF file digital signature and verification method and system. The PDF file digital signature method includes the following steps of obtaining data, to be verified, of a PDF file to be signed and the data length of the data to be verified; creating the text of a digital signature according to the data to be verified and the data length; calculating a digital signature value according to the text of the digital signature, a user public key certificate and a user private secret key; writing the digital signature value into the PDF file. According to the PDF file digital signature and verification method and system, an invisible signature which can not be recognized by a client is created, data of the invisible signature can be reedited by the user, and effectiveness of the invisible signature can not be destroyed.
Description
Technical field
The present invention relates to the technical field of digital signature and authentication service, particularly relate to the verification method of a kind of pdf document digital signature method, a kind of pdf document digital signature system and a kind of pdf document digital signature, a kind of verification system of pdf document digital signature.
Background technology
PDF is unique cross-platform file layout of the english abbreviation ,Shi Adobe company exploitation of portable document (Portable Document Format).This file layout and operating system platform are irrelevant, this means pdf document no matter be at Windows, Unix or can be general in Mac OS operating system.This feature makes it become the desirable document format that carries out electronic document distribution and digital information propagation on Internet.PDF file has become the industrial standard adopting in every profession and trade Process of Information at present.
In addition, digital signature has become a kind of electric endorsement method that in current ecommerce, E-Government, application is the most general, technology is the most ripe, operability is the strongest.It is to have adopted normalized program and scientific method, for the identification of signer's identity and the approval to an electronic data content.Digital signature is defined as in ISO7498-2 standard: be attached to some data in data cell; or the cryptographic transformation that data cell is done; this data and conversion allow the recipient of data cell in order to confirm the integrality of data cell source and data cell; and protected data, prevent from for example, being forged by people (recipient).U.S. electronic signature standard FIPS186 has made description below to digital signature: utilize set of rule and a parameter data to be calculated to the result of gained, by this result, can confirm the identity of signer and the integrality of data.
The feature of digital signature is the feature that it has represented file, if file changes, the value of digital signature also will change.Digital signature has two kinds of effects: the one, can determine that information really signed by transmit leg and send, because other people cannot palm off the signature of transmit leg; The 2nd, digital signature can be determined information integrity.The digital signature technology of use based on public key cryptography, can confirm e-file author's identity, and guarantees the integrality in transmitting procedure, for its authority as authentication provides technical support.On April 1st, 2005 rises, the stem < < of People's Republic of China (PRC) law of electronic signature > > formally implements, and clearly stipulates reliable electronic signature and handwritten signature or affix one's seal to have equal legal effect.Relevant rules policy is for the identification of the legal effect of digital signature, for it provides legal basis.
ISO32000-1 provides the international standard of pdf document form, the support of digital signature that pdf document form is built-in.Be illustrated in figure 1 the schematic diagram that utilizes public key cryptography to create digital signature in pdf document, by the digital signature dictionary of embedding/SIG type in pdf document, wherein: Contents is PKCS# standard signature value; ByteRange parameter has been indicated the scope (start offset address, data length) of original document; In dictionary, also comprise the public key certificate for signature, for effective identity of authentication of users; In calculating the process of digital signature, also need to use user's private cipher key.
Owing to also needing to add the elements such as cross-index table (xref), end of file section (trailer) after digital signature dictionary, therefore for calculating the original text packet of digital signature, contain two segmentations, digital signature is between two segmentations.As shown in Figure 2, in order to indicate two segmentations of original text data, ByteRange comprises 2 groups of data, has identified respectively start offset address and the data length of two segmentations.
In addition, pdf document form is also supported the pattern of appending, and can in existing document, increase update content, and add cross-index table (xref) and the end of file identifier (EOF) upgrading.This characteristic can support that many people sign continuously well, in this case, allows to create a plurality of revision versions (Revision) of pdf document.As shown in Figure 3, whenever adding a new digital signature, already present revision version will become the content of first segmentation of new establishment digital signature original text to be signed.Such structure, allows user can extract certain revision version, thereby is discarded in all digital signature of adding after this version.
In PDF standard, also defined the digital signature that is called UR3, this dictionary is sightless digital signature, has wherein recorded the document function authority of document creator to the document appointment, comprises the definition of the authorities such as annotation is filled, added to document form fields.The LiveCycle external member that Adobe company provides provides Reader Extensions assembly, and certain digital certificate that adopts Adobe company to issue is signed UR3 dictionary.Only have the pdf document through signature, can be identified by Adobe Reader client, and the operation of signing in client executing number.
Because the digital certificate that LiveCycle is used is signed and issued by Adobe company, UR3 digital signature can verify that PDF list signed by LiveCycle, but is unfavorable for distinguishing the service provider's who disposes LiveCycle external member identity; Meanwhile, the digital certificate that Adobe company signs and issues is PKCS#12 digital certificate, is not the hard certificate (referring to the digital certificate of private key in hardware medium) that meets national Password Management office related specifications.
Therefore, for security consideration, need to provide the method for PDF list being carried out to strong authentication, and require Form Authentication to adopt sightless hiding digital signature.For PDF list is carried out to strong authentication, and implant the list authorization message defined by service provider, need to add another one digital signature completing on the list basis of Reader Extended Permission, the public key certificate that this digital signature is used is issued by service provider, or by third party CA(Certificate Authority, Certificate Authority) mechanism issues for service provider.By verifying that this digital signature verifies that list signed by certain service provider, and obtain customizing form authority information.
In traditional method of adding sightless hiding digital signature in list, by revising the digital signature form of ISO32000-1 standard definition, as the type in digital signature dictionary (/Type) is modified, to reach structure, hide the object of signature.But when the new digital signature of user add, because Adobe Reader client can not be identified this hiding digital signature, client will be destroyed the data of hiding signature, thereby make to hide signature, lost efficacy.
Summary of the invention
For the traditional digital signature method of above-mentioned employing, add and hide the problem that signature lost efficacy, the invention provides a kind of pdf document digital signature and verification method thereof, system.
A pdf document digital signature method, comprises the following steps:
Obtain the data to be certified of pdf document to be signed and the data length of these data to be certified;
According to the original text of described data to be certified and data length structure digital signature;
According to the original text of described digital signature, client public key certificate and user's private cipher key, calculate digital signature value;
Described digital signature value is write to described pdf document.
A pdf document digital signature system, comprising:
Data acquisition module, for obtaining the data to be certified of pdf document to be signed and the data length of these data to be certified;
Original text builds module, for build the original text of digital signature according to described data to be certified and data length;
Digital signature value computing module, for calculating digital signature value according to the original text of described digital signature, client public key certificate and user's private cipher key;
Digital signature is added module, for described digital signature value is write to described pdf document.
A verification method for pdf document digital signature, comprises the following steps:
According to the hiding signature field of predefined signature type location pdf document, in this hiding signature field, obtain the data length of described pdf document;
According to described data length, obtain original text data area, and according to described original text data area, read the original text data of described pdf document;
According to the original text of described original text data and data length structure digital signature;
Obtain the digital signature value of described pdf document, and verify described digital signature value according to the original text of the client public key certificate in described digital signature value and described digital signature.
A verification system for pdf document digital signature, comprising:
Data length acquisition module for according to the hiding signature field of predefined signature type location pdf document, obtains the data length of described pdf document in this hiding signature field;
Original text data acquisition module, for obtaining original text data area according to described data length, and reads the original text data of described pdf document according to described original text data area;
Signature original text builds module, for build the original text of digital signature according to described original text data and data length;
Authentication module, for obtaining the digital signature value of described pdf document, and verifies described digital signature value according to the original text of the client public key certificate in described digital signature value and described digital signature.
By above scheme, can be found out, pdf document digital signature of the present invention and verification method thereof, system, build the original text of digital signature according to data to be certified and data length, then calculate digital signature value and write pdf document.The present invention has created the hiding signature that Adobe Reader client can not be identified, and the privacy of list mandate is provided; And the data of hiding signature in the present invention allow to be updated by client, as long as the data of each node do not change in signature field, when the sequence of each node changes or the position of whole signature field in pdf document changes, can't destroy the validity of hiding signature, thereby met on the market, pdf document is added to the demand of hiding signature, for the security of pdf document provides effective guarantee.
Accompanying drawing explanation
Fig. 1 for to utilize public key cryptography to create the schematic diagram of digital signature in pdf document;
Fig. 2 is the schematic diagram of digital signature between two segmentations;
Fig. 3 possesses many people pdf document schematic diagram of signature continuously;
Fig. 4 is the schematic flow sheet of a kind of pdf document digital signature method in the embodiment of the present invention one;
Fig. 5 is the schematic flow sheet of a kind of pdf document digital signature method in the embodiment of the present invention two;
Fig. 6 is the structural representation of a kind of pdf document digital signature system in the embodiment of the present invention three;
Fig. 7 is the schematic flow sheet of the verification method of a kind of pdf document digital signature in the embodiment of the present invention four;
Fig. 8 is the structural representation of the verification system of a kind of pdf document digital signature in the embodiment of the present invention five.
Embodiment
Below in conjunction with accompanying drawing and specific embodiment, technical scheme of the present invention is further described.
Embodiment mono-
Shown in Figure 4, a kind of pdf document digital signature method, comprises the following steps:
Step S101, obtains the data length (Length) of data to be certified (Array) and these data to be certified of pdf document to be signed.
As a good embodiment, the data to be certified of obtaining in the present invention can be the full content of pdf document described to be signed; The data length of the data to be certified of obtaining can be the length of pdf document described to be signed.
Step S102, according to the original text (Text) of described data Array to be certified and data length Length structure digital signature; Specifically can be as follows: Text=Length||Array; Wherein || symbology beading process; Length is 32 bit integer values.
Step S103, calculates digital signature value according to the original text of described digital signature, client public key certificate and user's private cipher key.Specifically can be as follows: Contents=SIGN (Text, PublicCerts, PrivateKey), in formula, Contents is digital signature value, the original text that Text is digital signature, PublicCerts is client public key certificate, and PrivateKey is user's private cipher key; Here can adopt the Digital Signature Algorithm of PKCS#7 standard definition to calculate.
Step S104, writes described pdf document by described digital signature value.
As a good embodiment, the above-mentioned process that digital signature value is write to described pdf document specifically can comprise as follows:
Step S1041 adds digital signature dictionary in described pdf document with the pattern of appending, described digital signature dictionary comprises: signature type (Type), digital signature value (Contents) etc.; It should be noted that, in the embodiment of the present invention, described signature type value is for being different from arbitrarily the data of standard signature type (/SIG);
Step S1042 adds necessary cross-index table (xref) and end of file identifier (EOF) in described pdf document, completes the digital signature operation of pdf document.
As a good embodiment, described user's private cipher key can be the private cipher key being stored in the hardware medium that meets national Password Management office standard, so can realize the object of PDF list being carried out to strong authentication.
As a good embodiment, after obtaining data to be certified and data length, can also comprise the steps: to judge whether to exist predefined list authority set (Usage); If so, there is the set of predefined list authority, obtain the data in described list authority set Usage; If not, there is not the set of predefined list authority, can operate according to original flow process (entering step S102).
In addition, as a good embodiment, in the situation that above-mentioned judgement draws in predefined list authority set, and after getting the data in the set of list authority, can also comprise the steps: to build according to the set of described list authority, data to be certified and data length the original text of described digital signature.When building the original text of digital signature, adopt operation: Text=[Usage as follows] || Length||Array; Wherein, || symbology beading process; Length is 32 bit integer values; Usage data are optional, add the set of list authority if do not need, and these data are empty.And after building the original text of described digital signature according to the set of described list authority, data to be certified and data length, in digital signature dictionary, add accordingly list authority set (add the set of list authority if do not need, do not add Usage node).
In addition, in the digital signature dictionary adding in step S1041, can also comprise: data length (Length), this Length information is value accessed in preceding step S101.
Embodiment bis-
By above-described embodiment one, in pdf document, add and hide signature, can authenticate any PDF original text.In the present embodiment, provide a kind of hiding signature of interpolation only to authenticate the method for the data of UR3 binding.Shown in Figure 5, a kind of pdf document digital signature method, comprises the following steps:
Step S201, obtains the UR3 dictionary of pdf document to be signed, and reads the bytes range (ByteRange) in this UR3 dictionary, then enters step S202.
Step S202, calculates the data length of described pdf document according to described bytes range ByteRange, and according to described data length, obtains the data to be certified of described pdf document.Concrete, due to the ByteRange form of UR3 be Offset1, Length1, Offset2, Length2}, can calculate data length Length=Offset2+Length2 accordingly; And from offset address 0, the data Array(that reads Length byte is data to be certified), these data are the form datas with UR3 signature.
Step S203, according to the original text (Text) of described data Array to be certified and data length Length structure digital signature; Specifically can be as follows: Text=Length||Array; Wherein || symbology beading process; Length is 32 bit integer values.
Step S204, calculates digital signature value according to the original text of described digital signature, client public key certificate and user's private cipher key.Specifically can be as follows: Contents=SIGN (Text, PublicCerts, PrivateKey), in formula, Contents is digital signature value, the original text that Text is digital signature, PublicCerts is client public key certificate, and PrivateKey is user's private cipher key; Here can adopt the Digital Signature Algorithm of PKCS#7 standard definition to calculate.
Step S205 adds digital signature dictionary in described pdf document with the pattern of appending, described digital signature dictionary comprises: signature type (Type), digital signature value (Contents) etc.; It should be noted that, in the embodiment of the present invention, described signature type value is for being different from arbitrarily the data of standard signature type (/SIG).
Step S206 adds necessary cross-index table (xref) and end of file identifier (EOF) in described pdf document, completes the digital signature operation of pdf document.
Other technical characterictic in the present embodiment is identical with embodiment mono-, and it will not go into details herein.
Embodiment tri-
Corresponding with above-described embodiment one, embodiment bis-, the present invention also provides a kind of pdf document digital signature system, as shown in Figure 6, comprising:
Data acquisition module 101, for obtaining data to be certified and the data length of pdf document to be signed;
Original text builds module 102, for build the original text of digital signature according to described data to be certified and data length;
Digital signature value computing module 103, for calculating digital signature value according to the original text of described digital signature, client public key certificate and user's private cipher key;
Digital signature is added module 104, for described digital signature value is write to described pdf document.
As a good embodiment, described digital signature is added in module 104 and can be comprised:
Digital signature dictionary adds module, and for adding digital signature dictionary with the pattern of appending in described pdf document, described digital signature dictionary comprises: signature type, digital signature value; Described signature type value is for being different from arbitrarily the data of standard signature type;
End mark is added module, for add cross-index table and end of file identifier in described pdf document.
As a good embodiment, described user's private cipher key can be stored in the hardware medium that meets national Password Management office standard, to realize the object of PDF list being carried out to strong authentication.
As a good embodiment, the data to be certified of obtaining in the present invention can be the full content of pdf document described to be signed; The data length of the data to be certified of obtaining can be the length of pdf document described to be signed.
As a good embodiment, in described data acquisition module 101, can comprise:
UR3 dictionary obtains submodule, for obtaining the UR3 dictionary of pdf document to be signed, and reads the bytes range in this UR3 dictionary;
Data calculating sub module, for calculate the data length of described pdf document according to described bytes range, and obtains the data to be certified of described pdf document according to described data length.
As a good embodiment, the pdf document digital signature system in the present embodiment can also comprise:
Judge module, for after obtaining the data to be certified and data length of pdf document to be signed, judges whether to exist the set of predefined list authority;
List authority set acquisition module, in the situation that judgment result is that of described judge module is to obtain the data in the set of described list authority.
As a good embodiment, described original text builds module can also, for after obtaining the data of described list authority set, build the original text of described digital signature according to the set of described list authority, data to be certified and data length.
Other technical characterictic of a kind of pdf document digital signature system in the present embodiment and above-described embodiment one, embodiment bis-are identical, and it will not go into details herein.
Embodiment tetra-
Corresponding with the pdf document digital signature method in embodiment mono-, the present invention also provides a kind of verification method of pdf document digital signature, as shown in Figure 7, comprises the following steps:
Step S301 according to the hiding signature field of predefined signature type Type location pdf document, obtains the data length Length of described pdf document in this hiding signature field; It should be noted that, this node data is 32 bit integer values.
Step S302, obtains original text data area Range=[0, Length according to described data length], and according to described original text data area, read the original text data Array of described pdf document;
Step S303, according to the original text Text of described original text data Array and data length Length structure digital signature; Specifically can be as follows: Text=Length||Array; Wherein || symbology beading process; Length is 32 bit integer values.
Step S304, obtains the digital signature value Contents of described pdf document, and verifies that according to the original text Text of the client public key certificate in described digital signature value and described digital signature whether described digital signature value is effective; If certifying digital signature is effective, this list is authenticated.
As a good embodiment, after the hiding signature field of location pdf document, can also comprise the steps: to judge in described hiding signature field, whether have predefined list authority set Usage; If so, there is the set of predefined list authority, obtain the data in described list authority set Usage; If not, there is not the set of predefined list authority, can directly carry out follow-up operation.
In addition, as a good embodiment, in the situation that above-mentioned judgement draws in predefined list authority set, and after getting the data in the set of list authority, can also comprise the steps: to build according to the set of described list authority, original text data and data length the original text of described digital signature.When building the original text of digital signature, adopt operation: Text=[Usage as follows] || Length||Array; Wherein, || symbology beading process; Usage data are optional, add the set of list authority if do not need, and these data are empty.
As a good embodiment, at some, defined in the pdf document of digital signature of UR3, can obtain in the following way the data length of described pdf document: in described hiding signature field, obtain the UR3 dictionary of described pdf document, and read the bytes range ByteRange in this UR3 dictionary; The form of ByteRange be Offset1, Length1, Offset2, Length2}, the data length that can calculate accordingly described pdf document is Length=Offset2+Length2.
Embodiment five
Corresponding with the verification method of a kind of pdf document digital signature in embodiment tetra-, the present invention also provides a kind of verification system of pdf document digital signature, as shown in Figure 8, comprising:
Data length acquisition module 301 for according to the hiding signature field of predefined signature type location pdf document, obtains the data length of described pdf document in this hiding signature field;
Original text data acquisition module 302, for obtaining original text data area according to described data length, and reads the original text data of described pdf document according to described original text data area;
Signature original text builds module 303, for build the original text of digital signature according to described original text data and data length;
As a good embodiment, described data length acquisition module can comprise:
Bytes range is obtained submodule, for obtain the UR3 dictionary of described pdf document at described hiding signature field, and reads the bytes range in this UR3 dictionary;
Length computation submodule, for calculating the data length of described pdf document according to described bytes range.
As a good embodiment, the verification system of described pdf document digital signature can also comprise:
Judge module, after the hiding signature field in location pdf document, judges in described hiding signature field, whether there is the set of predefined list authority;
List authority set acquisition module, in the situation that judgment result is that of described judge module is to obtain the data in the set of described list authority.
As a good embodiment, described signature original text builds module can also, for after obtaining the data of described list authority set, build the original text of described digital signature according to the set of described list authority, original text data and data length.
Other technical characterictic of the verification system of a kind of pdf document digital signature in the present embodiment is identical with the verification method of a kind of pdf document digital signature in embodiment tetra-, and it will not go into details herein.
Scheme by above several embodiment can be found out, pdf document digital signature of the present invention and verification method thereof, system build the original text of digital signature according to data to be certified and data length, then calculate digital signature value and write pdf document.The present invention has created the hiding signature that Adobe Reader client can not be identified, and the privacy of list mandate is provided; And the data of hiding signature in the present invention allow to be updated by client, as long as the data of each node do not change in signature field, when the sequence of each node changes or the position of whole signature field in pdf document changes, can't destroy the validity of hiding signature, thereby met on the market, pdf document is added to the demand of hiding signature, for the security of pdf document provides effective guarantee.
The above embodiment has only expressed several embodiment of the present invention, and it describes comparatively concrete and detailed, but can not therefore be interpreted as the restriction to the scope of the claims of the present invention.It should be pointed out that for the person of ordinary skill of the art, without departing from the inventive concept of the premise, can also make some distortion and improvement, these all belong to protection scope of the present invention.Therefore, the protection domain of patent of the present invention should be as the criterion with claims.
Claims (20)
1. a pdf document digital signature method, is characterized in that, comprises the following steps:
Obtain the data to be certified of pdf document to be signed and the data length of these data to be certified;
According to the original text of described data to be certified and data length structure digital signature;
According to the original text of described digital signature, client public key certificate and user's private cipher key, calculate digital signature value;
Described digital signature value is write to described pdf document.
2. pdf document digital signature method according to claim 1, is characterized in that, the process that described digital signature value is write to described pdf document comprises:
With the pattern of appending, in described pdf document, add digital signature dictionary, described digital signature dictionary comprises: signature type, digital signature value; Described signature type value is for being different from arbitrarily the data of standard signature type;
In described pdf document, add cross-index table and end of file identifier.
3. pdf document digital signature method according to claim 2, is characterized in that, described user's private cipher key is stored in the hardware medium that meets national Password Management office standard.
4. pdf document digital signature method according to claim 3, is characterized in that, the full content of described data to be certified pdf document to be signed described in being; The length of the data length of described data to be certified pdf document to be signed described in being.
5. pdf document digital signature method according to claim 3, is characterized in that, the process of obtaining described data to be certified and data length comprises:
Obtain the UR3 dictionary of pdf document to be signed, and read the bytes range in this UR3 dictionary;
According to described bytes range, calculate the data length of described pdf document, and according to described data length, obtain the data to be certified of described pdf document.
6. according to the pdf document digital signature method described in claim 4 or 5, it is characterized in that, after obtaining described data to be certified and data length, also comprise step:
Judge whether to exist the set of predefined list authority; If so, obtain the data in the set of described list authority, and according to the set of described list authority, data to be certified and data length, build the original text of described digital signature;
After building the original text of described digital signature according to the set of described list authority, data to be certified and data length, in described digital signature dictionary, also comprise: the set of list authority.
7. a pdf document digital signature system, is characterized in that, comprising:
Data acquisition module, for obtaining the data to be certified of pdf document to be signed and the data length of these data to be certified;
Original text builds module, for build the original text of digital signature according to described data to be certified and data length;
Digital signature value computing module, for calculating digital signature value according to the original text of described digital signature, client public key certificate and user's private cipher key;
Digital signature is added module, for described digital signature value is write to described pdf document.
8. pdf document digital signature system according to claim 7, is characterized in that, described digital signature is added module and comprised:
Digital signature dictionary adds module, and for adding digital signature dictionary with the pattern of appending in described pdf document, described digital signature dictionary comprises: signature type, digital signature value; Described signature type value is for being different from arbitrarily the data of standard signature type;
End mark is added module, for add cross-index table and end of file identifier in described pdf document.
9. pdf document digital signature system according to claim 8, is characterized in that, described user's private cipher key is stored in the hardware medium that meets national Password Management office standard.
10. pdf document digital signature system according to claim 9, is characterized in that, the full content of described data to be certified pdf document to be signed described in being; The length of the data length of described data to be certified pdf document to be signed described in being.
11. pdf document digital signature systems according to claim 9, is characterized in that, described data acquisition module comprises:
UR3 dictionary obtains submodule, for obtaining the UR3 dictionary of pdf document to be signed, and reads the bytes range in this UR3 dictionary;
Data calculating sub module, for calculate the data length of described pdf document according to described bytes range, and obtains the data to be certified of described pdf document according to described data length.
12. according to the pdf document digital signature system described in claim 10 or 11, it is characterized in that, also comprises:
Judge module, for after obtaining described data to be certified and data length, judges whether to exist the set of predefined list authority;
List authority set acquisition module, in the situation that judgment result is that of described judge module is to obtain the data in the set of described list authority;
Described original text builds module also for after obtaining the data of described list authority set, builds the original text of described digital signature according to the set of described list authority, data to be certified and data length.
The verification method of 13. 1 kinds of pdf document digital signature, is characterized in that, comprises the following steps:
According to the hiding signature field of predefined signature type location pdf document, in this hiding signature field, obtain the data length of described pdf document;
According to described data length, obtain original text data area, and according to described original text data area, read the original text data of described pdf document;
According to the original text of described original text data and data length structure digital signature;
Obtain the digital signature value of described pdf document, and verify described digital signature value according to the original text of the client public key certificate in described digital signature value and described digital signature.
The verification method of 14. pdf document digital signature according to claim 13, is characterized in that, the process of obtaining the data length of described pdf document comprises:
In described hiding signature field, obtain the UR3 dictionary of described pdf document, and read the bytes range in this UR3 dictionary;
According to described bytes range, calculate the data length of described pdf document.
15. according to the verification method of the pdf document digital signature described in claim 13 or 14, it is characterized in that, after the hiding signature field of location pdf document, also comprises step:
Judge and in described hiding signature field, whether have the set of predefined list authority;
If so, obtain the data in the set of described list authority.
The verification method of 16. pdf document digital signature according to claim 15, it is characterized in that, after data in obtaining the set of described list authority, also comprise step: the original text that builds described digital signature according to the set of described list authority, original text data and data length.
The verification system of 17. 1 kinds of pdf document digital signature, is characterized in that, comprising:
Data length acquisition module for according to the hiding signature field of predefined signature type location pdf document, obtains the data length of described pdf document in this hiding signature field;
Original text data acquisition module, for obtaining original text data area according to described data length, and reads the original text data of described pdf document according to described original text data area;
Signature original text builds module, for build the original text of digital signature according to described original text data and data length;
Authentication module, for obtaining the digital signature value of described pdf document, and verifies described digital signature value according to the original text of the client public key certificate in described digital signature value and described digital signature.
The verification system of 18. pdf document digital signature according to claim 17, is characterized in that, described data length acquisition module comprises:
Bytes range is obtained submodule, for obtain the UR3 dictionary of described pdf document at described hiding signature field, and reads the bytes range in this UR3 dictionary;
Length computation submodule, for calculating the data length of described pdf document according to described bytes range.
19. according to the verification system of the pdf document digital signature described in claim 17 or 18, it is characterized in that, also comprises:
Judge module, after the hiding signature field in location pdf document, judges in described hiding signature field, whether there is the set of predefined list authority;
List authority set acquisition module, in the situation that judgment result is that of described judge module is to obtain the data in the set of described list authority.
The verification system of 20. pdf document digital signature according to claim 19, it is characterized in that, described signature original text builds module also for after obtaining the data of described list authority set, builds the original text of described digital signature according to the set of described list authority, original text data and data length.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310608077.2A CN103617403B (en) | 2013-11-25 | 2013-11-25 | PDF file digital signature and verification method, system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310608077.2A CN103617403B (en) | 2013-11-25 | 2013-11-25 | PDF file digital signature and verification method, system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103617403A true CN103617403A (en) | 2014-03-05 |
| CN103617403B CN103617403B (en) | 2016-09-28 |
Family
ID=50168106
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310608077.2A Active CN103617403B (en) | 2013-11-25 | 2013-11-25 | PDF file digital signature and verification method, system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103617403B (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105320900A (en) * | 2014-07-24 | 2016-02-10 | 方正国际软件(北京)有限公司 | PDF digital signature method and system and PDF digital signature verification method and system |
| CN105808775A (en) * | 2016-03-30 | 2016-07-27 | 北京奎牛科技有限公司 | Method and device for synchronizing layout file information into database |
| CN106067849A (en) * | 2016-05-24 | 2016-11-02 | 飞天诚信科技股份有限公司 | A kind of digital signature method being applicable to PDF document and device |
| CN106330462A (en) * | 2016-09-05 | 2017-01-11 | 广东省电子商务认证有限公司 | PDF signature method and system capable of supporting multiple algorithms |
| CN107977346A (en) * | 2017-11-23 | 2018-05-01 | 万兴科技股份有限公司 | A kind of PDF document edit methods and terminal device |
| CN109558113A (en) * | 2018-11-28 | 2019-04-02 | 偶忆科技(深圳)有限公司 | A kind of representation method of data field, device and electronic equipment |
| CN109672536A (en) * | 2018-12-24 | 2019-04-23 | 航天信息股份有限公司 | A kind of batch PDF file digital signature method and system |
| CN110532811A (en) * | 2019-08-30 | 2019-12-03 | 杭州天谷信息科技有限公司 | A kind of PDF signature method and PDF sealing system |
| CN111539001A (en) * | 2020-04-17 | 2020-08-14 | 福建福昕软件开发股份有限公司 | Method and system for simplifying PDF document electronic signature based on enterprise user |
| CN113541973A (en) * | 2021-09-17 | 2021-10-22 | 杭州天谷信息科技有限公司 | Electronic signature packaging method |
| CN115481445A (en) * | 2022-08-16 | 2022-12-16 | 北京矩阵分解科技有限公司 | Portable document format file signature checking method, device, equipment and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1808482A (en) * | 2006-02-09 | 2006-07-26 | 北京北大方正电子有限公司 | Visual electronic signature and verification method |
| US20070171464A1 (en) * | 2006-01-24 | 2007-07-26 | Fuji Xerox Co., Ltd. | Electronic Document Printing System, Printing Controller, Printing Control Method, And Computer-Readable Medium |
| CN101136046A (en) * | 2006-08-28 | 2008-03-05 | 鸿富锦精密工业(深圳)有限公司 | Electric signing verification system and method thereof |
| US20080091954A1 (en) * | 2006-10-17 | 2008-04-17 | Morris Daniel R | Method and system for facilitating printed page authentication, unique code generation and content integrity verification of documents |
| CN101241569A (en) * | 2008-03-07 | 2008-08-13 | 北京华大恒泰科技有限责任公司 | Electronic signature method and device and system |
| CN101702150A (en) * | 2009-12-02 | 2010-05-05 | 江西金格网络科技有限责任公司 | Method for protecting, verifying and repealing content of PDF document page |
| CN102609665A (en) * | 2012-01-19 | 2012-07-25 | 福建三元达软件有限公司 | Method and device for signing user program and method and device for verifying signature of user program |
-
2013
- 2013-11-25 CN CN201310608077.2A patent/CN103617403B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070171464A1 (en) * | 2006-01-24 | 2007-07-26 | Fuji Xerox Co., Ltd. | Electronic Document Printing System, Printing Controller, Printing Control Method, And Computer-Readable Medium |
| CN1808482A (en) * | 2006-02-09 | 2006-07-26 | 北京北大方正电子有限公司 | Visual electronic signature and verification method |
| CN101136046A (en) * | 2006-08-28 | 2008-03-05 | 鸿富锦精密工业(深圳)有限公司 | Electric signing verification system and method thereof |
| US20080091954A1 (en) * | 2006-10-17 | 2008-04-17 | Morris Daniel R | Method and system for facilitating printed page authentication, unique code generation and content integrity verification of documents |
| CN101241569A (en) * | 2008-03-07 | 2008-08-13 | 北京华大恒泰科技有限责任公司 | Electronic signature method and device and system |
| CN101702150A (en) * | 2009-12-02 | 2010-05-05 | 江西金格网络科技有限责任公司 | Method for protecting, verifying and repealing content of PDF document page |
| CN102609665A (en) * | 2012-01-19 | 2012-07-25 | 福建三元达软件有限公司 | Method and device for signing user program and method and device for verifying signature of user program |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105320900B (en) * | 2014-07-24 | 2019-08-23 | 方正国际软件(北京)有限公司 | PDF digital signature method and system and PDF digital signature authentication method and system |
| CN105320900A (en) * | 2014-07-24 | 2016-02-10 | 方正国际软件(北京)有限公司 | PDF digital signature method and system and PDF digital signature verification method and system |
| CN105808775A (en) * | 2016-03-30 | 2016-07-27 | 北京奎牛科技有限公司 | Method and device for synchronizing layout file information into database |
| CN106067849A (en) * | 2016-05-24 | 2016-11-02 | 飞天诚信科技股份有限公司 | A kind of digital signature method being applicable to PDF document and device |
| CN106067849B (en) * | 2016-05-24 | 2020-02-21 | 飞天诚信科技股份有限公司 | Digital signature method and device suitable for PDF document |
| CN106330462A (en) * | 2016-09-05 | 2017-01-11 | 广东省电子商务认证有限公司 | PDF signature method and system capable of supporting multiple algorithms |
| CN107977346A (en) * | 2017-11-23 | 2018-05-01 | 万兴科技股份有限公司 | A kind of PDF document edit methods and terminal device |
| CN107977346B (en) * | 2017-11-23 | 2021-06-15 | 深圳市亿图软件有限公司 | PDF document editing method and terminal equipment |
| CN109558113A (en) * | 2018-11-28 | 2019-04-02 | 偶忆科技(深圳)有限公司 | A kind of representation method of data field, device and electronic equipment |
| CN109558113B (en) * | 2018-11-28 | 2021-07-30 | 偶忆科技(深圳)有限公司 | Data field representation method and device and electronic equipment |
| CN109672536A (en) * | 2018-12-24 | 2019-04-23 | 航天信息股份有限公司 | A kind of batch PDF file digital signature method and system |
| CN109672536B (en) * | 2018-12-24 | 2023-04-25 | 航天信息股份有限公司 | Digital signature method and system for batch PDF files |
| CN110532811A (en) * | 2019-08-30 | 2019-12-03 | 杭州天谷信息科技有限公司 | A kind of PDF signature method and PDF sealing system |
| CN110532811B (en) * | 2019-08-30 | 2021-06-18 | 杭州天谷信息科技有限公司 | PDF (Portable document Format) signature method and PDF signature system |
| CN111539001A (en) * | 2020-04-17 | 2020-08-14 | 福建福昕软件开发股份有限公司 | Method and system for simplifying PDF document electronic signature based on enterprise user |
| CN111539001B (en) * | 2020-04-17 | 2022-06-28 | 福建福昕软件开发股份有限公司 | Method and system for simplifying PDF document electronic signature based on enterprise user |
| CN113541973B (en) * | 2021-09-17 | 2021-12-21 | 杭州天谷信息科技有限公司 | Electronic signature packaging method |
| CN113541973A (en) * | 2021-09-17 | 2021-10-22 | 杭州天谷信息科技有限公司 | Electronic signature packaging method |
| CN115481445A (en) * | 2022-08-16 | 2022-12-16 | 北京矩阵分解科技有限公司 | Portable document format file signature checking method, device, equipment and storage medium |
| CN115481445B (en) * | 2022-08-16 | 2023-08-18 | 北京矩阵分解科技有限公司 | Signature verification method, device and equipment for portable document format file and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103617403B (en) | 2016-09-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103617403A (en) | PDF file digital signature and verification method and system | |
| TWI735691B (en) | Data key protection method, device and system | |
| CN111092737B (en) | Digital certificate management method and device and block link points | |
| Kaptchuk et al. | Giving state to the stateless: Augmenting trustworthy computation with ledgers | |
| CN103605950B (en) | Method and system for hiding signature in credible two-dimensional code | |
| KR20150077446A (en) | Method for signing electronic documents with an analog-digital signature with additional verification | |
| CN109687965A (en) | The real name identification method of subscriber identity information in a kind of protection network | |
| CN102467585A (en) | Electronic signature, verification and revocation method of DWG document | |
| CN109146524A (en) | A kind of agricultural product using block chain technology are traced to the source information security solution | |
| CN102035846A (en) | Social network user identity authentication method based on relation statement | |
| CN110677259B (en) | Full-link real-time notarization system and method for electronic contract | |
| CN102033764A (en) | COS (Class of Service) firmware upgrading method of TF (T-Flash) card | |
| CN107533613B (en) | Storage medium product, cloud printing system and PDF file access method | |
| CN104408379B (en) | A kind of multistage endorsement method of the electronic document based on workflow | |
| WO2017066995A1 (en) | Method and device for preventing unauthorized access to server | |
| CN105554018A (en) | Network real name verification method | |
| CN103117862A (en) | Method for using X.509 digital certificate of openssl for verifying Java certificate | |
| CN110233733B (en) | Block chain intelligent contract-oriented universal construction method for non-separable digital signature | |
| CN105405003A (en) | Electronic stamp realization method having area protection function and electronic stamp verification method | |
| CN103051618A (en) | Terminal authentication equipment and network authentication method | |
| CN104579673B (en) | Interactive authentication method between RFID card and card reader | |
| WO2021082996A1 (en) | File management method | |
| CN101355428B (en) | Method for protecting data integrity using increment checkout | |
| CN105743655A (en) | Implementation method of SM2 signature verification through separate hash calculation and signature verification calculation | |
| CN101777980A (en) | Method for protection of digital certificate extension information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 528200 science and technology road, Nanhai Software Science Park, Nanhai Town, Nanhai District, Foshan, Guangdong Applicant after: Age of security Polytron Technologies Inc Address before: 528200 science and technology road, Nanhai Software Science Park, Nanhai Town, Nanhai District, Foshan, Guangdong Applicant before: Guangdong Certificate Authority Center Co., Ltd. |
|
| COR | Change of bibliographic data | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |