使用 PHP 数字签名的 PDF
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/21096261/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Digital signed PDF with PHP
提问by ayeo
I'm trying to digitaly sign PDF document with PHP. I have bought certificate (not using self-signed). What I've got is CER and PEM file. I've tried to generate signed PDF using TCPDF library but with no success. The perfect solution would be to just add signature to existing document (pdf). Any advice?
我正在尝试使用 PHP 对 PDF 文档进行数字签名。我已经购买了证书(不使用自签名)。我得到的是 CER 和 PEM 文件。我尝试使用 TCPDF 库生成签名的 PDF,但没有成功。完美的解决方案是将签名添加到现有文档 (pdf)。有什么建议吗?
采纳答案by Braunson
You may want to check out this thread Digitally signing a PDF, using PHP, Zend, and openssl
您可能想查看此线程使用 PHP、Zend 和 openssl 对 PDF 进行数字签名
The author posted his solution under the first answer to the question.
作者在问题的第一个答案下发布了他的解决方案。
Alternatively there is this http://www.kryptokoder.com/signwithext.html
回答by Ricard Espinàs Llovet
Is this pdf digital signed correctly? PHP/TCPDF
This question will fix your problem if you want to create a pdf and just sign it. My problem also comes when I try to sign an existing pdf. I don't know how to use/import an existing pdf with the TCPDF library.
如果您想创建 pdf 并签名,此问题将解决您的问题。当我尝试签署现有的 pdf 时,我的问题也出现了。我不知道如何使用/导入带有 TCPDF 库的现有 pdf。
回答by Bharat Vasant
Let me add a fresh perspective to this age old problem faced by many developers, so that it would be useful to some body landing to this question in search for solution.
让我为许多开发人员面临的这个古老的问题添加一个新的视角,以便某些机构登陆这个问题以寻找解决方案。
PEM or PFX or P12 files stores private key and are no more considered secure. Some countries does not allow creation of PFX files and Digital Certificate is being issued directly on Cryptographic device like USB token or Smartcard, where private key is generated inside this hardware and never leaves it. The data (or say hash to be signed) is sent inside this hardware for signing. Thus presence of this hardware where signing takes place (say client's browser) is required.
PEM 或 PFX 或 P12 文件存储私钥,不再被认为是安全的。某些国家/地区不允许创建 PFX 文件,并且数字证书直接在 USB 令牌或智能卡等加密设备上颁发,其中私钥在此硬件内部生成并且永远不会离开它。数据(或说要签名的散列)在此硬件内发送以进行签名。因此,签名发生的硬件(比如客户端的浏览器)的存在是必需的。
Please refer to my answer https://stackoverflow.com/a/55676351/9659885to check how it's possible to get hash signed from the cryptographic device on client's Browser.
请参阅我的回答https://stackoverflow.com/a/55676351/9659885以检查如何从客户端浏览器上的加密设备获取哈希签名。
For Signing in PHP; PDF Signing library is easily available in Java. Use Javabridge to access Java service running on tomcat by proxying it from Apache.
用于登录 PHP;PDF 签名库在 Java 中很容易获得。使用 Javabridge 通过从 Apache 代理来访问在 tomcat 上运行的 Java 服务。
