CN106330462A - PDF signature method and system capable of supporting multiple algorithms - Google Patents

PDF signature method and system capable of supporting multiple algorithms Download PDF

Info

Publication number
CN106330462A
CN106330462A CN201610802221.XA CN201610802221A CN106330462A CN 106330462 A CN106330462 A CN 106330462A CN 201610802221 A CN201610802221 A CN 201610802221A CN 106330462 A CN106330462 A CN 106330462A
Authority
CN
China
Prior art keywords
message
digital signature
value
pdf
pki
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610802221.XA
Other languages
Chinese (zh)
Inventor
林志豪
刘义
赵敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
GUANGDONG ELECTRONIC CERTIFICATION AUTHORITY
Original Assignee
GUANGDONG ELECTRONIC CERTIFICATION AUTHORITY
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by GUANGDONG ELECTRONIC CERTIFICATION AUTHORITY filed Critical GUANGDONG ELECTRONIC CERTIFICATION AUTHORITY
Priority to CN201610802221.XA priority Critical patent/CN106330462A/en
Publication of CN106330462A publication Critical patent/CN106330462A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • H04L63/0823Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The invention discloses a PDF signature method and system capable of supporting multiple algorithms. The PDF signature method comprises operations of a sending terminal and operations of a receiving terminal. The operations of the sending terminal comprise the steps of acquiring a message, wherein the message is the content of a PDF document; calling Netca PKI (Public Key Infrastructure) Crypto security middleware, performing summarization and encryption on the acquired message, and generating a digital signature value; and storing the digital signature value into the original message, and sending the original message and the digital signature value to the receiving terminal. The operations of the receiving terminal comprise the steps of receiving the message and the digital signature value which are sent by the sending terminal; calling the Netca PKI Crypto security middleware to perform verification on the digital signature value; judging whether the digital signature is valid or not according to a verification result; and returning a judgment result of whether the digital signature is valid or not back to the sending terminal. The PDF signature method and system disclosed by the invention not only can perform signing by using an RSA certificate, but also can performing signing by using an SM2 certificate.

Description

A kind of PDF endorsement method supporting many algorithms and system
Technical field
The present invention relates to a kind of PDF endorsement method, a kind of PDF endorsement method supporting many algorithms, belong to PDF and sign Name plug-in unit field.
Background technology
Along with popularizing of Internet, it is more and more that people carry out communication by the Internet, is carried out by network accordingly Commercial activity i.e. ecommerce have also been obtained and develops widely.Ecommerce is that Chinese Enterprise opens up domestic and international market, utilization Good domestic and international various resources provide a good opportunity very rare.It is competing that ecommerce really embodies equality for enterprise Strive, high efficiency, low cost, high-quality advantage, enterprise can be allowed to grasp the commercial chances in the fierce market competition, show one's talent.Send out Reach country using ecommerce as the growth emphasis of 21 century national economy, the relevant department of China the most carries forward vigorously Chinese Enterprise ecommerce.Some Internet safety are caused the most accordingly however as developing rapidly of ecommerce Problem, these problems sum up just to be had: confidentiality, integrity, authentication and authorization and anti-repudiation.In order to solve these The safety problem of Internet, countries in the world have carried out years of researches to it, have preliminarily formed the Internet of complete set Security solution, the PKI technology being widely adopted the most at present.
PKI (Public Key Infrastructure, PKIX) is to provide public key encryption and digital signature clothes The system of business or platform, it is therefore an objective to management key and certificate.By third-party trusted authorities--authentication center CA (Certificate Authority), the PKI of user and other identification informations of user (such as title, e-mail, identity card Number etc.) bundle, Internet is verified the identity of user.At present, general way is to use based on PKI structure In conjunction with digital certificate, by digital information to be transmitted is encrypted, it is ensured that the confidentiality of information transmission, integrity, signature Ensure verity and the non-repudiation of identity.
At present, Adobe company supports RSA certificate with regard to built-in one in Adobe Reader and Adobe Acrobat The signature plug-in unit of default security, the digest algorithm that it is supported have SHA1, SHA256, SHA384, SHA512, SHA224 and RIPEMD160, but do not support the SM3 digest algorithm that SM2 algorithm used.
SM2 algorithm is the one in elliptic curve encryption algorithm (ECC), under same key length, calculates compared to RSA Method, SM2 algorithm security is higher, and memory space is less, and signature speed is faster.The signature plug-in unit that Adobe carries is the most permissible RSA certificate is used to sign, it is impossible to use SM2 certificate to sign.In recent years, government is in order to ensure the information of country self Safety, avoids being limited by its people, and country carries out and encourages industry-by-industry to apply domestic algorithm SM2 algorithm, in current the Internet In application, the signature of pdf document is quite varied, so often meeting with the problem that pdf document cannot be signed by SM2 certificate.
Summary of the invention
The invention aims to solve the defect of above-mentioned prior art, it is provided that a kind of PDF supporting many algorithms signs Name method, the method is possible not only to use RSA certificate to sign, and SM2 certificate can be used to sign, solves existing There is Adobe Reader (or Adobe Acrobat) that SM2 algorithm can not be identified, cause using SM2 certificate to carry out signing Problem.
Another object of the present invention is to provide a kind of PDF signature system supporting many algorithms.
The purpose of the present invention can reach by adopting the following technical scheme that:
A kind of PDF endorsement method supporting many algorithms, described method includes the operation of transmitting terminal, the operation of described transmitting terminal Including:
Obtain message;Wherein, described message is the content of PDF document;
Call Netca PKI Crypto Security Middleware, the message obtained is made a summary and encrypted, produce numeral and sign Name value;
Digital signature value is saved in former message, and former message and digital signature value are sent jointly to receiving terminal.
Further, described acquisition message, particularly as follows:
According to the signing certificate selected, receive signing certificate and signature card by the output parameter of call back function CallBack Book chain, by the input parameter acquiring message of call back function CallBack;Wherein, described signing certificate includes the privately owned close of correspondence Key and relevant information;
Described digital signature value is saved in former message, and sends jointly to former message and digital signature value receive End, particularly as follows:
By the output parameter of call back function CallBack, digital signature value is saved in former message, by former message sum Word signature value sends jointly to receiving terminal.
Further, described in call Netca PKI Crypto Security Middleware, to obtain message make a summary and add Close, specifically include:
Call Netca PKI Crypto Security Middleware, message is calculated a fixing figure place by hashing algorithm Message digest value;
Call Netca PKI Crypto Security Middleware, use private cipher key that the digest value of message is encrypted, produce Raw digital signature value.
Further, described method also includes that the operation of receiving terminal, the operation of described receiving terminal include:
The message of receiving end/sending end transmission and digital signature value;
Call Netca PKI Crypto Security Middleware, digital signature value is verified;
Judge that digital signature is the most effective according to the result;
The most effective for digital signature judged result is returned to transmitting terminal.
Further, described in call Netca PKI Crypto Security Middleware, digital signature value is verified, specifically Including:
Open PDF document, and after clicking on the digital signature in PDF document, trigger the relevant readjustment of checking digital signature Function;
By realizing the call back function of DigSig layer, obtain and triggered the signature field pair that the digital signature of proof procedure is corresponding As, utilize summary scope and the digital signature extracting message be associated dictionary attribute list of this signature field object Value;
Call Netca PKI Crypto Security Middleware, use hashing algorithm to calculate the digest value of message;
Call Netca PKI Crypto Security Middleware, use the public keys of transmitting terminal that digital signature value is solved Close, after being deciphered digest value;
The message digest value of the digest value after deciphering with calculating being compared, the comparative result obtained is checking knot Really;
Described judge that digital signature is whether effective according to the result, particularly as follows:
According to the result, if the digest value after Xie Mi is equal with the message digest value of calculating, then digital signature is effective, no Then, digital signature is invalid.
Another object of the present invention can reach by adopting the following technical scheme that:
A kind of PDF signature system supporting many algorithms, described system includes transmitting terminal and receiving terminal, described transmitting terminal bag Include:
Acquisition module, is used for obtaining message;Wherein, described message is the content of PDF document;
Signature blocks, is used for calling Netca PKI Crypto Security Middleware, and the message obtained is made a summary and added Close, produce digital signature value;
Sending module, for digital signature value being saved in former message, and rises former message and digital signature value one Give receiving terminal.
Further, described acquisition module, particularly as follows:
For according to the signing certificate selected, receiving signing certificate and label by the output parameter of call back function CallBack Name certificate chain, by the input parameter acquiring message of call back function CallBack;Wherein, described signing certificate includes the private of correspondence There are key and relevant information;
Described sending module, particularly as follows:
For digital signature value being saved in former message by the output parameter of call back function CallBack, by former message Receiving terminal is sent jointly to digital signature value.
Further, described signature blocks, specifically include:
First computing unit, is used for calling Netca PKI Crypto Security Middleware, message is pressed hashing algorithm and calculates Obtain the message digest value of a fixing figure place;
Ciphering unit, is used for calling Netca PKI Crypto Security Middleware, uses the private cipher key summary to message Value is encrypted, and produces digital signature value.
Further, described receiving terminal includes:
Receiver module, the message sent for receiving end/sending end and digital signature value;
Authentication module, is used for calling Netca PKI Crypto Security Middleware, verifies digital signature value;
According to the result, judge module, for judging that digital signature is the most effective;
Return module, for the most effective for digital signature judged result is returned to transmitting terminal.
Further, described authentication module, specifically include:
Trigger element, for opening PDF document, and after clicking on the digital signature in PDF document, triggers checking numeral and signs The relevant call back function of name;
Extraction unit, for the call back function by realizing DigSig layer, obtains the digital signature having triggered proof procedure Corresponding signature field object, utilizes the summary model extracting message be associated dictionary attribute list of this signature field object Enclose and digital signature value;
Second computing unit, is used for calling Netca PKI Crypto Security Middleware, uses hashing algorithm to calculate message Digest value;
Decryption unit, is used for calling Netca PKI Crypto Security Middleware, uses the public keys logarithm of transmitting terminal Word signature value is decrypted, the digest value after being deciphered;
Comparing unit, compares the message digest value of the digest value after deciphering with calculating, and the comparative result obtained is i.e. For the result;
Described judge module, particularly as follows:
For according to the result, if the digest value after Xie Mi is equal with the message digest value of calculating, then digital signature has Effect, otherwise, digital signature is invalid.
The present invention has a following beneficial effect relative to prior art:
1, the present invention calls Netca PKI Crypto Security Middleware, owing to this middleware provides when the stage of signature The interface of SM2 signature algorithm so that the certificate of SM2 can be used in pdf document to sign, simultaneously can also be compatible Use RSA certificate to sign, solve the default security plug-in unit None-identified SM2 certificate of existing Adobe, thus cannot make The problem carrying out signing with SM2 certificate.
2, the present invention have employed the mode (DigSig layer) of another kind of bottom and realizes when Qualify Phase, and this realization side The semantic bottom of PDF is more touched, it is necessary to combine PDF syntax gauge and PDF document for the plug-in unit that formula hinge structure realizes Structure goes to extract digital signature value, just can call the checking of Netca PKI Crypto Security Middleware and use SM2 algorithm signature PDF document.
3, the present invention can support SM2 algorithm and RSA Algorithm, wherein SM2 algorithm safer than RSA Algorithm, quick, can Lean on, support the significant of SM2 algorithm, owing to nowadays National Commerce market is the most incremental to the demand of electronic signature, remove The convenience of electronic signature, its safety, reliability must be protected, and the most most of clients all urgent needss can prop up Hold the electronic signature product of SM2 certificate signature, and support that SM2 algorithm just can solve such needs of problems.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing In having technology to describe, the required accompanying drawing used is briefly described, it should be apparent that, the accompanying drawing in describing below is the present invention A part of embodiment, to those skilled in the art, on the premise of not paying creative work, it is also possible to root Other accompanying drawing is obtained according to these accompanying drawings.
Fig. 1 is the PDF endorsement method realization figure of the embodiment of the present invention 1.
The overview flow chart of the Adobe PDF signature plug-in component operation that Fig. 2 is developed by the embodiment of the present invention 1.
Fig. 3 is the PDF signature system structured flowchart of the embodiment of the present invention 2.
Fig. 4 is the signature blocks structured flowchart in the PDF signature system of the embodiment of the present invention 2.
Fig. 5 is the authentication module structured flowchart in the PDF signature system of the embodiment of the present invention 2.
Detailed description of the invention
For making the purpose of the embodiment of the present invention, technical scheme and advantage clearer, below in conjunction with the embodiment of the present invention In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is A part of embodiment of the present invention rather than whole embodiments, based on the embodiment in the present invention, ordinary skill people The every other embodiment that member is obtained under not making creative work premise, broadly falls into the scope of protection of the invention.
Embodiment 1:
The present embodiment employs two big technology digital signature technology and Acrobat developing plug technology.
Digital signature technology employs the digital signature technology under PKI system, and the feature of digital signature is: 1) receiving terminal is used Family can confirm that the identity of transmitting terminal user;2) anyone can not forge;3) if transmitting terminal user denies what he was signed Information, can solve dispute by arbitration.Digital signature is used to substitute daily handwritten signature and occur, at computer network Communication era, uses cryptography to realize digital signature technology;Most widely used in digital signature technology is RSA Algorithm, RSA Algorithm is a kind of rivest, shamir, adelman, is widely used in open key encryption and e-business, it be 1977 by Ron Proposing together with Rivest, Adi Shamir with Leonard Adleman, RSA is exactly the beginning letter one of their three people's surnames Play composition, and at the present embodiment in order to tackle the information security become more and more important, the present situation declined in the face of RSA safety, domestic Need more safe and reliable SM2 algorithm to substitute RSA, and apply in various security service and application as early as possible, this reality The emphasis executing example uses SM2 algorithm to substitute RSA Algorithm (can essentially support two kinds of algorithms) exactly, and SM2 algorithm is country Password Management office, in the ellipse curve public key cipher algorithm of December in 2010 issue on the 17th, compares RSA, and it is the more advanced peace of one Full algorithm, is used to replace RSA Algorithm in China's commercial cipher system, but for digital signature technology, these is two years old The usage planting algorithm is the same.
Present embodiments providing a kind of PDF endorsement method, the method needs to utilize Acrobat developing plug technology, passes through Develop Adobe PDF signature plug-in unit to realize, must be to the related specifications of Acrobat plug-in unit with open in order to realize this plug-in unit Send out interface and have certain understanding, by reading Acrobat SDK (Software Development Kit, SDK Bag, be the set of the application softwaries such as software kit, software frame, hardware platform, operating system) document, it is known that plug-in unit with Adobe Reader (or Adobe Acrobat) mutual it is crucial that call back function (CallBack), call back function is to pass through letter The function that number pointer calls, when particular event or condition occur, the opposing party the function called, for this event or condition As response, this is one group of function interface defined by Adobe, then realize these call back functions in plug-in unit.
The PDF endorsement method of the many algorithms of support of the present embodiment is as it is shown in figure 1, include signature process and the reception of transmitting terminal The proof procedure of end.
The signature process of described transmitting terminal comprises the following steps:
S1, acquisition message;
Transmitting terminal software uses Adobe Reader (or Adobe Acrobat), first Adobe PDF signature plug-in unit to eject One certificate selection dialog box selects signing certificate (signing certificate includes corresponding private cipher key and relevant information), Yong Huxuan After selecting signing certificate, transmitting terminal receives signing certificate and signing certificate chain by the output parameter of call back function CallBack, so Afterwards by thing message crucial in the input parameter acquiring digital signature of call back function CallBack, i.e. PDF document Content;
S2, to obtain message make a summary and encrypt, produce digital signature value;
Netca PKI Crypto Security Middleware is a PKI exploitation of e-business certification company limited of Guangdong Province Storehouse, it is a C language storehouse, and main offer certificate correlation function, including basic cryptographic calculation, certificate and management thereof, numeral Envelope, SignedData, timestamp and six parts of S/MIME.It is used here the Hash operational capability of middleware, can be by Message is calculated the message digest value of a fixing figure place by hashing algorithm, then uses the private cipher key digest value to message It is encrypted, produces digital signature value;Wherein, described hashing algorithm uses hash algorithm, and described message digest value is mathematically Ensureing, as long as changing any one position of message, the digest value recalculated will be different from original value, this ensure that and disappear Can not changing of breath;
S3, digital signature value is saved in former message, and former message and digital signature value are sent jointly to receiving terminal;
By the output parameter of call back function CallBack, digital signature value is saved in former message, by former message sum Word signature value sends jointly to receiving terminal.
The proof procedure of described receiving terminal comprises the following steps:
The message of S1 ', receiving end/sending end transmission and digital signature value;
S2 ', digital signature value is verified;
After user opens document, click on the digital signature in PDF document, trigger the relevant readjustment letter of checking digital signature Number;By realizing the call back function of DigSig layer, can obtain and trigger the signature field pair that the digital signature of proof procedure is corresponding As, and this object has a dictionary attribute list record being associated in PDF data, utilizes this dictionary attribute list can be from In extract the relevant important information of checking, date of such as signing, the summary scope of message (original text), digital signature Value Data Can 12.8 chapters in PDF1.7 specification document Deng, the sign flag in PDF corresponding to these information and concrete meaning Joint finds, and the dictionary that then needing to call Acrobat SDK during realizing provides extracts function, from specifying dictionary object Data needed for extraction also carry out resolving.After the data required when getting checking signature, utilize Netca PKI The cryptographic calculation ability of Crypto Security Middleware, uses hashing algorithm to calculate the digest value of message (original text), and uses transmission Digital signature value is decrypted by the public keys of end, the digest value after being deciphered, by the digest value after deciphering and calculating Message digest value compares, and the comparative result obtained is the result;
S3 ', judge that digital signature is the most effective according to the result;
According to the result, if the digest value after Xie Mi is equal with the message digest value of calculating, then digital signature is effective, no Then, digital signature is invalid;
S4 ', digital signature whether effective judged result is returned to transmitting terminal.
The overview flow chart of the Adobe PDF signature plug-in component operation that the present embodiment is developed is as in figure 2 it is shown, install Adobe After PDF signature plug-in unit, carry out the initialization of plug-in unit, then select signing certificate, carry out signing, verifying, finally close Adobe Plug-in unit can be automatically unloaded during Reader (or Adobe Acrobat).
The Adobe PDF signature plug-in unit that the present embodiment is developed and prior art (Adobe default security signature plug-in unit) Embodiment, both use with realize on the most different, Adobe default security sign plug-in unit do not support SM2 certificate, First cause be this plug-in unit be to obtain certificate from Microsoft's personal certificate storehouse of system, and SM2 certificate is not supported in Microsoft Certificate storehouse, because of This cannot filter out effective SM2 certificate;Another one reason is that this plug-in unit is accomplished that PubSec layer (Adobe default security Property signature plug-in unit realization layer), by this layer realize plug-in unit checking the signature stage can first go verify signature algorithm, but by In Adobe Reader (or Adobe Acrobat) None-identified SM2 algorithm, that step at checking signature can failure.For First point, the present embodiment uses the Netca PKI Crypto Security Middleware of e-business certification company limited of Guangdong Province to go to obtain Take personal certificate, owing to Netca PKI Crypto Security Middleware provides the interface of SM2 signature algorithm, it is ensured that be capable of identify that And get the certificate of effective SM2 Yu RSA;For the most a bit, the present embodiment realizes DigSig layer by Qualify Phase (the bottom layer realization layer of Adobe PDF signature plug-in unit), signed data (digital signature value) can be extracted and be used can Identify that the Netca PKI Crypto middleware of SM2 certificate verifies to reach the purpose of checking signature.
Embodiment 2:
As it is shown on figure 3, present embodiments provide a kind of PDF signature system, this system includes transmitting terminal and receiving terminal.
Described transmitting terminal includes acquisition module, signature blocks and sending module, and the concrete function of modules is as follows:
Described acquisition module, is used for obtaining message;Wherein, described message is the content of PDF document;This acquisition module, tool Body is:
For according to the signing certificate selected, receiving signing certificate and label by the output parameter of call back function CallBack Name certificate chain, by the input parameter acquiring message of call back function CallBack;Wherein, described signing certificate includes the private of correspondence There are key and relevant information.
Described signature blocks, is used for calling Netca PKI Crypto Security Middleware, makes a summary the message obtained And encryption, produce digital signature value;This signature blocks as shown in Figure 4, specifically includes:
First computing unit, is used for calling Netca PKI Crypto Security Middleware, message is pressed hashing algorithm and calculates Obtain the message digest value of a fixing figure place;
Ciphering unit, is used for calling Netca PKI Crypto Security Middleware, uses the private cipher key summary to message Value is encrypted, and produces digital signature value;
Described sending module, for being saved in digital signature value in former message, and by former message and digital signature value one Rise and be sent to receiving terminal.
Described receiving terminal includes receiver module, authentication module, judge module and return module, the concrete function of modules As follows:
Described receiver module, the message sent for receiving end/sending end and digital signature value;
Described authentication module, is used for calling Netca PKI Crypto Security Middleware, verifies digital signature value; This authentication module is as it is shown in figure 5, specifically include:
Trigger element, for opening PDF document, and after clicking on the digital signature in PDF document, triggers checking numeral and signs The relevant call back function of name;
Extraction unit, for the call back function by realizing DigSig layer, obtains the digital signature having triggered proof procedure Corresponding signature field object, utilizes the summary model extracting message be associated dictionary attribute list of this signature field object Enclose and digital signature value;
Second computing unit, is used for calling Netca PKI Crypto Security Middleware, uses hashing algorithm to calculate message Digest value;
Decryption unit, is used for calling Netca PKI Crypto Security Middleware, uses the public keys logarithm of transmitting terminal Word signature value is decrypted, the digest value after being deciphered;
Comparing unit, compares the message digest value of the digest value after deciphering with calculating, and the comparative result obtained is i.e. For the result;
According to the result, described judge module, for judging that digital signature is the most effective;This judge module, particularly as follows:
For according to the result, if the digest value after Xie Mi is equal with the message digest value of calculating, then digital signature has Effect, otherwise, digital signature is invalid;
Described return module, for returning to transmitting terminal by the most effective for digital signature judged result.
Embodiment 3:
The PDF endorsement method of the present embodiment is realized by Broker (go-between), utilizes interprocess communication (Inter- Process Communication, is called for short IPC) mode realize, this scheme directly uses that Acrobat SDK XI's is newly added A set of DLL realizes, and the logic of all signatures and checking is sent to broker process and processes.Due to plug-in code quilt Adobe Reader (or Adobe Acrobat) is considered unsafe code, it is therefore desirable to go to process by broker process The logic of these codes, is sent to broker has gone relating to system-level operation in plug-in code.Due to above-mentioned Broker DLL can be only applied to up-to-date Adobe Reader (or Adobe Acrobat) XI.Prior art is adopted Be universal method (the being suitable for each version Adobe Reader/Acrobat) white list that provides of another kind of Adobe, logical Cross in the upper mode adding white list item of whitelist file (txt file), make these objects added carry out system-level behaviour From shielding when making.
At this it should be noted that the system that above-described embodiment provides only is illustrated with the division of above-mentioned each functional module Illustrate, in actual applications, can as desired above-mentioned functions distribution be completed by different functional modules, will internal junction Structure is divided into different functional modules, to complete all or part of function described above.
One of ordinary skill in the art will appreciate that all or part of step realizing in the various embodiments described above method is can Completing instructing relevant hardware by program, corresponding program can be stored in a computer read/write memory medium In, described storage medium, such as ROM/RAM, disk or CD etc..
In sum, the present invention is possible not only to use RSA certificate to sign, and SM2 certificate can be used to sign Name, solves existing Adobe Reader (or Adobe Acrobat) and can not identify SM2 algorithm, cause using SM2 certificate The problem carrying out signing.
The above, patent preferred embodiment the most of the present invention, but the protection domain of patent of the present invention is not limited to This, any those familiar with the art is in the scope disclosed in patent of the present invention, according to the skill of patent of the present invention Art scheme and patent of invention thereof conceive equivalent or change in addition, broadly fall into the protection domain of patent of the present invention.

Claims (10)

1. the PDF endorsement method supporting many algorithms, it is characterised in that: described method includes the operation of transmitting terminal, described The operation of sending end includes:
Obtain message;Wherein, described message is the content of PDF document;
Call Netca PKI Crypto Security Middleware, the message obtained is made a summary and encrypted, produce digital signature value;
Digital signature value is saved in former message, and former message and digital signature value are sent jointly to receiving terminal.
A kind of PDF endorsement method supporting many algorithms the most according to claim 1, it is characterised in that: described acquisition message, Particularly as follows:
According to the signing certificate selected, receive signing certificate and signing certificate by the output parameter of call back function CallBack Chain, by the input parameter acquiring message of call back function CallBack;Wherein, described signing certificate includes the private cipher key of correspondence And relevant information;
Described digital signature value is saved in former message, and former message and digital signature value are sent jointly to receiving terminal, tool Body is:
By the output parameter of call back function CallBack, digital signature value is saved in former message, former message and numeral are signed Name value sends jointly to receiving terminal.
A kind of PDF endorsement method supporting many algorithms the most according to claim 1, it is characterised in that call Netca described in: PKI Crypto Security Middleware, makes a summary to the message obtained and encrypts, specifically including:
Call Netca PKI Crypto Security Middleware, message is calculated by hashing algorithm the message of a fixing figure place Digest value;
Call Netca PKI Crypto Security Middleware, use private cipher key that the digest value of message is encrypted, produce number Word signature value.
4. according to a kind of PDF endorsement method supporting many algorithms described in any one of claim 1-3, it is characterised in that: described Method also includes that the operation of receiving terminal, the operation of described receiving terminal include:
The message of receiving end/sending end transmission and digital signature value;
Call Netca PKI Crypto Security Middleware, digital signature value is verified;
Judge that digital signature is the most effective according to the result;
The most effective for digital signature judged result is returned to transmitting terminal.
A kind of PDF endorsement method supporting many algorithms the most according to claim 4, it is characterised in that call Netca described in: PKI Crypto Security Middleware, verifies digital signature value, specifically includes:
Open PDF document, and after clicking on the digital signature in PDF document, trigger the relevant call back function of checking digital signature;
By realizing the call back function of DigSig layer, obtain and triggered the signature field object that the digital signature of proof procedure is corresponding, Utilize summary scope and the digital signature value extracting message be associated dictionary attribute list of this signature field object;
Call Netca PKI Crypto Security Middleware, use hashing algorithm to calculate the digest value of message;
Call Netca PKI Crypto Security Middleware, use the public keys of transmitting terminal that digital signature value is decrypted, Digest value after being deciphered;
The message digest value of the digest value after deciphering with calculating being compared, the comparative result obtained is the result;
Described judge that digital signature is whether effective according to the result, particularly as follows:
According to the result, if the digest value after Xie Mi is equal with the message digest value of calculating, then digital signature is effective, otherwise, Digital signature is invalid.
6. the PDF signature system supporting many algorithms, it is characterised in that: described system includes transmitting terminal and receiving terminal, described Transmitting terminal includes:
Acquisition module, is used for obtaining message;Wherein, described message is the content of PDF document;
Signature blocks, is used for calling Netca PKI Crypto Security Middleware, and the message obtained is made a summary and encrypted, and produces Raw digital signature value;
Sending module, for digital signature value being saved in former message, and sends jointly to former message and digital signature value Receiving terminal.
A kind of PDF signature system supporting many algorithms the most according to claim 6, it is characterised in that: described acquisition module, Particularly as follows:
For according to the signing certificate selected, receiving signing certificate and signature card by the output parameter of call back function CallBack Book chain, by the input parameter acquiring message of call back function CallBack;Wherein, described signing certificate includes the privately owned close of correspondence Key and relevant information;
Described sending module, particularly as follows:
For digital signature value being saved in former message by the output parameter of call back function CallBack, by former message sum Word signature value sends jointly to receiving terminal.
A kind of PDF signature system supporting many algorithms the most according to claim 6, it is characterised in that: described signature blocks, Specifically include:
First computing unit, is used for calling Netca PKI Crypto Security Middleware, message is calculated by hashing algorithm The message digest value of one fixing figure place;
Ciphering unit, is used for calling Netca PKI Crypto Security Middleware, uses private cipher key to enter the digest value of message Row encryption, produces digital signature value.
9. according to a kind of PDF signature system supporting many algorithms described in any one of claim 6-8, it is characterised in that: described Receiving terminal includes:
Receiver module, the message sent for receiving end/sending end and digital signature value;
Authentication module, is used for calling Netca PKI Crypto Security Middleware, verifies digital signature value;
According to the result, judge module, for judging that digital signature is the most effective;
Return module, for the most effective for digital signature judged result is returned to transmitting terminal.
A kind of PDF signature system supporting many algorithms the most according to claim 9, it is characterised in that: described checking mould Block, specifically includes:
Trigger element, for opening PDF document, and after clicking on the digital signature in PDF document, triggers checking digital signature Relevant call back function;
Extraction unit, for the call back function by realizing DigSig layer, obtains the digital signature correspondence having triggered proof procedure Signature field object, utilize extract be associated dictionary attribute list of this signature field object message summary scope and Digital signature value;
Second computing unit, is used for calling Netca PKI Crypto Security Middleware, uses hashing algorithm to calculate plucking of message It is worth;
Decryption unit, is used for calling Netca PKI Crypto Security Middleware, uses the public keys of transmitting terminal to numeral label Name value is decrypted, the digest value after being deciphered;
Comparing unit, compares the message digest value of the digest value after deciphering with calculating, and the comparative result obtained is to be tested Card result;
Described judge module, particularly as follows:
For according to the result, if the digest value after Xie Mi is equal with the message digest value of calculating, then digital signature is effective, no Then, digital signature is invalid.
CN201610802221.XA 2016-09-05 2016-09-05 PDF signature method and system capable of supporting multiple algorithms Pending CN106330462A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610802221.XA CN106330462A (en) 2016-09-05 2016-09-05 PDF signature method and system capable of supporting multiple algorithms

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610802221.XA CN106330462A (en) 2016-09-05 2016-09-05 PDF signature method and system capable of supporting multiple algorithms

Publications (1)

Publication Number Publication Date
CN106330462A true CN106330462A (en) 2017-01-11

Family

ID=57787484

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610802221.XA Pending CN106330462A (en) 2016-09-05 2016-09-05 PDF signature method and system capable of supporting multiple algorithms

Country Status (1)

Country Link
CN (1) CN106330462A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107017995A (en) * 2017-04-21 2017-08-04 广东信鉴信息科技有限公司 Mixing signature and sign test method, apparatus and system
CN107171808A (en) * 2017-06-14 2017-09-15 北京市档案局 A kind of verification method and device of electronic record authenticity
CN107947939A (en) * 2017-11-21 2018-04-20 杭州尚尚签网络科技有限公司 Support the PDF endorsement methods and system of SM3 cryptographic Hash algorithm and SM2 Digital Signature Algorithms
CN107947938A (en) * 2017-11-21 2018-04-20 杭州尚尚签网络科技有限公司 SM3 algorithms and the verification method and system of SM2 algorithm digital signature are used for PDF
CN108989055A (en) * 2018-08-31 2018-12-11 密信技术(深圳)有限公司 The signature and encryption method, device and storage medium of compatible files in different types
WO2020042217A1 (en) * 2018-08-31 2020-03-05 密信技术(深圳)有限公司 Method and apparatus for signing and/or encrypting browser file, browser, and medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101311950A (en) * 2007-05-25 2008-11-26 北京书生国际信息技术有限公司 Electronic stamp realization method and device
CN101702150A (en) * 2009-12-02 2010-05-05 江西金格网络科技有限责任公司 Method for protecting, verifying and repealing content of PDF document page
CN103490892A (en) * 2013-08-28 2014-01-01 广东数字证书认证中心有限公司 Digital signing method and system, application server and cloud cipher server
CN103617403A (en) * 2013-11-25 2014-03-05 广东数字证书认证中心有限公司 PDF file digital signature and verification method and system
US20140164765A1 (en) * 2011-05-13 2014-06-12 Telefonica, S.A. Procedure for a multiple digital signature

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101311950A (en) * 2007-05-25 2008-11-26 北京书生国际信息技术有限公司 Electronic stamp realization method and device
CN101702150A (en) * 2009-12-02 2010-05-05 江西金格网络科技有限责任公司 Method for protecting, verifying and repealing content of PDF document page
US20140164765A1 (en) * 2011-05-13 2014-06-12 Telefonica, S.A. Procedure for a multiple digital signature
CN103490892A (en) * 2013-08-28 2014-01-01 广东数字证书认证中心有限公司 Digital signing method and system, application server and cloud cipher server
CN103617403A (en) * 2013-11-25 2014-03-05 广东数字证书认证中心有限公司 PDF file digital signature and verification method and system

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107017995A (en) * 2017-04-21 2017-08-04 广东信鉴信息科技有限公司 Mixing signature and sign test method, apparatus and system
CN107017995B (en) * 2017-04-21 2019-06-07 广东信鉴信息科技有限公司 Mixing signature and sign test method, apparatus and system
CN107171808A (en) * 2017-06-14 2017-09-15 北京市档案局 A kind of verification method and device of electronic record authenticity
CN107171808B (en) * 2017-06-14 2018-07-20 北京市档案局 A kind of verification method and device of electronic record authenticity
CN107947939A (en) * 2017-11-21 2018-04-20 杭州尚尚签网络科技有限公司 Support the PDF endorsement methods and system of SM3 cryptographic Hash algorithm and SM2 Digital Signature Algorithms
CN107947938A (en) * 2017-11-21 2018-04-20 杭州尚尚签网络科技有限公司 SM3 algorithms and the verification method and system of SM2 algorithm digital signature are used for PDF
CN108989055A (en) * 2018-08-31 2018-12-11 密信技术(深圳)有限公司 The signature and encryption method, device and storage medium of compatible files in different types
WO2020042217A1 (en) * 2018-08-31 2020-03-05 密信技术(深圳)有限公司 Method and apparatus for signing and/or encrypting browser file, browser, and medium

Similar Documents

Publication Publication Date Title
CN106330462A (en) PDF signature method and system capable of supporting multiple algorithms
US8631507B2 (en) Method of using signatures for measurement in a trusted computing environment
WO2017039775A2 (en) Making cryptographic claims about stored data using an anchoring system
US20090006860A1 (en) Generating multiple seals for electronic data
US9614681B2 (en) Private electronic signature service for electronic documents
US11258611B2 (en) Trusted data verification
CN104008351B (en) Window application completeness check system, method and device
CN106341493A (en) Entity rights oriented digitalized electronic contract signing method
WO2018145127A1 (en) Electronic identification verification methods and systems with storage of certification records to a side chain
US20090006842A1 (en) Sealing Electronic Data Associated With Multiple Electronic Documents
CN110879903A (en) Evidence storage method, evidence verification method, evidence storage device, evidence verification device, evidence storage equipment and evidence verification medium
US20090003588A1 (en) Counter Sealing Archives of Electronic Seals
US20190342278A1 (en) Password security
CN109995776B (en) Internet data verification method and system
Kotla et al. Pasture: Secure offline data access using commodity trusted hardware
CN103326856A (en) Cloud storage data responsibility confirmation structure and method based on two-way digital signature
CN105827582A (en) Communication encryption method, device and system
EP3133791B1 (en) Double authentication system for electronically signed documents
CN113452526A (en) Electronic document storage and verification method and corresponding device
CN103259665A (en) Method and system of electronic signature
US20090006258A1 (en) Registration Process
CN114117388A (en) Device registration method, device registration apparatus, electronic device, and storage medium
CN106230599A (en) A kind of trusted timestamp system based on cloud computing and implementation method
CN110569672A (en) efficient credible electronic signature system and method based on mobile equipment
Crook Get the full e-signature picture to avoid falling foul of the law

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170111

RJ01 Rejection of invention patent application after publication