CN103617403B - PDF file digital signature and verification method, system - Google Patents
PDF file digital signature and verification method, system Download PDFInfo
- Publication number
- CN103617403B CN103617403B CN201310608077.2A CN201310608077A CN103617403B CN 103617403 B CN103617403 B CN 103617403B CN 201310608077 A CN201310608077 A CN 201310608077A CN 103617403 B CN103617403 B CN 103617403B
- Authority
- CN
- China
- Prior art keywords
- digital signature
- data
- pdf document
- signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Document Processing Apparatus (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides a kind of PDF file digital signature and verification method, system, and described PDF file digital signature method comprises the following steps: obtain data to be certified and the data length of these data to be certified of pdf document to be signed;The original text of digital signature is built according to described data to be certified and data length;Original text, client public key certificate and user's private cipher key according to described digital signature calculate digital signature value;Described digital signature value is write described pdf document.The PDF file digital signature of the present invention and verification method, system, create the hiding signature that client can not identify, and these data hiding signature allow to be updated without destroying the effectiveness hiding signature by client.
Description
Technical field
The present invention relates to the technical field of digital signature and authentication service, particularly relate to a kind of pdf document number
Word endorsement method, a kind of PDF file digital signature system and the authentication of a kind of PDF file digital signature
Method, the checking system of a kind of PDF file digital signature.
Background technology
PDF is the english abbreviation of Portable Document (Portable Document Format), is that Adobe is public
Unique cross-platform file format of department's exploitation.This file format is unrelated with operating system platform, this meaning
No matter pdf document is at Windows, Unix or can be general in Mac OS operating system.This
One feature makes it and carries out electronic document distribution and the preferable document lattice of digitized Information Communication on internet
Formula.PDF file has become an industrial standard employed in every profession and trade Process of Information the most.
Current ecommerce, E-Government are applied the most universal, technology become most it addition, digital signature has become
A kind of electric endorsement method that ripe, operability is the strongest.It has employed normalized program and scientific
Method, for identifying the identity of subscriber and the accreditation to an electronic data content.Digital signature is at ISO
Defined in 7498-2 standard it is: some data being attached in data cell, or data cell is made
Cryptographic transformation, this data and conversion allow the recipient of data cell in order to confirm data cell source sum
According to the integrity of unit, and protect data, prevent from being forged by people (such as recipient).American Electronic
Digital signature has been made description below by signature standard FIPS186: utilize set of rule and a parameter logistic evidence
Calculate the result of gained, be able to confirm that identity and the integrity of data of signer by this result.
The feature of digital signature is that it represents the feature of file, file if it occur that change, digital signature
Value also will change.Digital signature has two kinds of effects: one is to can determine that information is strictly to be signed by sender
And issue, because other people cannot palm off the signature of sender;Two is that digital signature can determine that the complete of information
Whole property.Use digital signature technology based on public key cryptography, can confirm that the identity of e-file author,
And ensure the integrity in transmitting procedure, provide technical support for it as the authority of authentication.2005
On April 1, in rises, and People's Republic of China's stem Electronic Signature Law is formally implemented, and clear stipulaties is reliable
Electronic signature and handwritten signature or affix one's seal there is equal act of law.Relevant law & policy is for number
The identification of the act of law of word signature, is provided for legal basis.
ISO32000-1 provides the international standard of pdf document form, pdf document form is built-in digital label
The support of name.It is illustrated in figure 1 and utilizes public key cryptography to create showing of digital signature in pdf document
It is intended to, by the digital signature dictionary of embedding/SIG type in pdf document, wherein: Contents is PKCS#
Standard signatures value;ByteRange parameter indicates the scope (start offset address, data length) of original document;
Dictionary also comprises the public key certificate for signing, for verifying effective identity of user;Sign calculating numeral
During Ming, in addition it is also necessary to use user's private cipher key.
Owing to also needing to add cross-index table (xref), end of file section after digital signature dictionary
(trailer) element such as, thus be accordingly used in and calculate the plaintext data of digital signature and comprise two segmentations, digital signature
Then between two segmentations.As in figure 2 it is shown, for two segmentations indicating plaintext data, ByteRange
Comprise 2 groups of data, identify start offset address and the data length of two segmentations respectively.
It addition, pdf document form also supports the pattern that adds, update content can be increased in existing document,
And add cross-index table (xref) and the end of file identifier (EOF) of renewal.This characteristic can be very
Support that well many people sign continuously, in this case, it is allowed to create multiple revision versions of pdf document
(Revision).As it is shown on figure 3, whenever adding a new digital signature, already present revision version will
Become the content of first segmentation of newly created digital signature original text to be signed.Such structure, it is allowed to use
Person can extract certain revision version, thus all digital signature added after being discarded in this version.
In PDF standard, also defining the digital signature of referred to as UR3, this dictionary is that sightless numeral is signed
Name, wherein have recorded the document function authority that the document is specified by document creator, including to document table territory
It is filled with, adds the definition of the authorities such as annotation.The LiveCycle external member that Adobe company provides provides
Reader Extensions assembly, uses certain digital certificate that Adobe company issues to sign UR3 dictionary.
Only through the pdf document of signature, by Adobe Reader client identification, and can hold in client
The operation of row number signature.
The digital certificate used due to LiveCycle is signed and issued by Adobe company, and UR3 digital signature can be tested
Card PDF list is signed by LiveCycle, but is detrimental to distinguish the service offer disposing LiveCycle external member
The identity of business;Meanwhile, the digital certificate that Adobe company signs and issues is PKCS#12 digital certificate, does not meets
The hard certificate (referring to private key digital certificate in hardware medium) of Password Management office of country related specifications.
Therefore, for security consideration, it is desirable to provide the method that PDF list is carried out strong authentication, and want
Form Authentication is asked to use sightless hiding digital signature.In order to PDF list is carried out strong authentication, and implant
The list authorization message defined by service provider, needs be complete the list base of Reader Extended Permission
Adding another one digital signature on plinth, the public key certificate that this digital signature is used is issued by service provider,
Or by third party CA(Certificate Authority, Certificate Authority) mechanism is that service provider issues.
By verifying that this digital signature verifies that list is signed by certain service provider, and obtain customizing form power
Limit information.
In traditional method adding sightless hiding digital signature in list, by amendment ISO
The digital signature format of 32000-1 standard definition, as repaiied the type (/Type) in digital signature dictionary
Change, hide, to reach to construct, the purpose signed.But when user adds new digital signature, due to Adobe
Reader client can not identify this hiding digital signature, and client will destroy the data hiding signature, from
And make to hide signature and lost efficacy.
Summary of the invention
Adding for the digital signature method that above-mentioned employing is traditional and hide the problem that signature lost efficacy, the present invention provides
A kind of PDF file digital signature and verification method, system.
A kind of PDF file digital signature method, comprises the following steps:
Obtain data to be certified and the data length of these data to be certified of pdf document to be signed;
The original text of digital signature is built according to described data to be certified and data length;
Original text, client public key certificate and user's private cipher key according to described digital signature calculate digital signature
Value;
Described digital signature value is write described pdf document.
A kind of PDF file digital signature system, including:
Data acquisition module, for obtaining data to be certified and this data to be certified of pdf document to be signed
Data length;
Original text builds module, for building the original text of digital signature according to described data to be certified and data length;
Digital signature value computing module, for according to the original text of described digital signature, client public key certificate and
User's private cipher key calculates digital signature value;
Digital signature adds module, for described digital signature value is write described pdf document.
The verification method of a kind of PDF file digital signature, comprises the following steps:
According to the hiding signature field of predefined signature type location pdf document, in this hiding signature field
Obtain the data length of described pdf document;
Obtain plaintext data scope according to described data length, and read according to described plaintext data scope described
The plaintext data of pdf document;
The original text of digital signature is built according to described plaintext data and data length;
Obtain the digital signature value of described pdf document, and demonstrate,prove according to the client public key in described digital signature value
The original text of book and described digital signature verifies described digital signature value.
A kind of checking system of PDF file digital signature, including:
Data length acquisition module, for the hiding label according to predefined signature type location pdf document
Name domain, obtains the data length of described pdf document in this hiding signature field;
Plaintext data acquisition module, for obtaining plaintext data scope according to described data length, and according to institute
State plaintext data scope and read the plaintext data of described pdf document;
Signature original text builds module, for building the former of digital signature according to described plaintext data and data length
Literary composition;
Authentication module, for obtaining the digital signature value of described pdf document, and according to described digital signature value
In client public key certificate and described digital signature original text verify described digital signature value.
By above scheme it can be seen that the PDF file digital signature of the present invention and verification method, system,
Build the original text of digital signature according to data to be certified and data length, then calculate digital signature value and write
Enter pdf document.Invention creates the hiding signature that Adobe Reader client can not identify, it is provided that
The privacy of list mandate;And the data hiding signature in the present invention allow to be updated by client, only
Wanting the data of each node in signature field not change, the sequence of each node changes or whole label
When name domain position in pdf document changes, the effectiveness hiding signature can't be destroyed, thus full
Pdf document is added the demand hiding signature by foot on the market, and the safety for pdf document provides effectively
Ensure.
Accompanying drawing explanation
Fig. 1 is to utilize public key cryptography to create the schematic diagram of digital signature in pdf document;
Fig. 2 is digital signature schematic diagram between two segmentations;
Fig. 3 is to possess the pdf document schematic diagram that many people sign continuously;
Fig. 4 is the schematic flow sheet of a kind of PDF file digital signature method in the embodiment of the present invention one;
Fig. 5 is the schematic flow sheet of a kind of PDF file digital signature method in the embodiment of the present invention two;
Fig. 6 is the structural representation of a kind of PDF file digital signature system in the embodiment of the present invention three;
Fig. 7 is the flow process signal of the verification method of a kind of PDF file digital signature in the embodiment of the present invention four
Figure;
Fig. 8 is the structural representation of the checking system of a kind of PDF file digital signature in the embodiment of the present invention five
Figure.
Detailed description of the invention
Below in conjunction with the accompanying drawings and specific embodiment, technical scheme is further described.
Embodiment one
Shown in Figure 4, a kind of PDF file digital signature method, comprise the following steps:
Step S101, obtains data to be certified (Array) and this number to be certified of pdf document to be signed
According to data length (Length).
As a preferable embodiment, data to be certified acquired in the present invention can be described to be signed
The full content of pdf document;The data length of acquired data to be certified can be described to be signed
The length of pdf document.
Step S102, builds digital signature according to described data Array to be certified and data length Length
Original text (Text);Specifically can be such that Text=Length | | Array;Wherein | | symbology beading process;
Length is 32 bit integer values.
Step S103, according to original text, client public key certificate and user's private cipher key meter of described digital signature
Calculate digital signature value.Specifically can be such that Contents=SIGN (Text, PublicCerts, PrivateKey),
In formula, Contents is digital signature value, and Text is the original text of digital signature, and PublicCerts is client public key
Certificate, PrivateKey is user's private cipher key;Here the digital signature that PKCS#7 standard defines can be used
Algorithm calculates.
Step S104, writes described pdf document by described digital signature value.
As a preferable embodiment, the above-mentioned process that digital signature value writes described pdf document is concrete
Can include the following:
Step S1041, adds digital signature dictionary, described numeral with additional pattern in described pdf document
Signature dictionary includes: signature type (Type), digital signature value (Contents) etc.;Need explanation
It is that, in the embodiment of the present invention, described signature type value is for being arbitrarily different from Standard signatures type (/SIG)
Data;
Step S1042, adds cross-index table (xref) and the end of file of necessity in described pdf document
Identifier (EOF), completes the digital signing operations of pdf document.
As a preferable embodiment, described user's private cipher key can be stored in meeting country's password pipe
Private cipher key in the hardware medium of reason office specification, the most i.e. can realize recognizing PDF list by force
The purpose of card.
As a preferable embodiment, after obtaining data to be certified and data length, it is also possible to include
Following steps: judge whether predefined list authority set (Usage);The most i.e. exist pre-
The list authority set first defined, then obtain the data in described list authority set Usage;If it is not, i.e.
There is not predefined list authority set, then can be according to original flow process (i.e. entering step S102)
Operate.
It addition, as a preferable embodiment, draw at predefined list authority set in above-mentioned judgement
In the case of conjunction, and after getting the data in list authority set, it is also possible to comprise the steps:
The original text of described digital signature is built according to described list authority set, data to be certified and data length.
I.e. when building the original text of digital signature, use and operate as follows: Text=[Usage] | | Length | | Array;Its
In, | | symbology beading process;Length is 32 bit integer values;Usage data are optional, if being not required to
List authority set to be added, then these data are empty.And according to described list authority set, to be certified
After data and data length build the original text of described digital signature, add in digital signature dictionary accordingly
List authority set (if need not add list authority set, then without Usage node).
It addition, the digital signature dictionary added in step S1041 can also include: data length
(Length), this Length information is value accessed in preceding step S101.
Embodiment two
Added in pdf document by above-described embodiment one and hide signature, any PDF original text can be authenticated.
The method that the data that the hiding signature only certification UR3 of a kind of interpolation binds are provided in the present embodiment.See figure
Shown in 5, a kind of PDF file digital signature method, comprise the following steps:
Step S201, obtains the UR3 dictionary of pdf document to be signed, and reads in this UR3 dictionary
Bytes range (ByteRange), subsequently into step S202.
Step S202, calculates the data length of described pdf document according to described bytes range ByteRange,
And the data to be certified of described pdf document are obtained according to described data length.Concrete, due to UR3's
ByteRange form is that { Offset1, Length1, Offset2, Length2} then can calculate data long accordingly
Degree Length=Offset2+Length2;And from the beginning of offset address 0, read the data of Length byte
Array(data the most to be certified), these data are the form datas of band UR3 signature.
Step S203, builds digital signature according to described data Array to be certified and data length Length
Original text (Text);Specifically can be such that Text=Length | | Array;Wherein | | symbology beading process;
Length is 32 bit integer values.
Step S204, according to original text, client public key certificate and user's private cipher key meter of described digital signature
Calculate digital signature value.Specifically can be such that Contents=SIGN (Text, PublicCerts, PrivateKey),
In formula, Contents is digital signature value, and Text is the original text of digital signature, and PublicCerts is client public key
Certificate, PrivateKey is user's private cipher key;Here the digital signature that PKCS#7 standard defines can be used
Algorithm calculates.
Step S205, adds digital signature dictionary with additional pattern in described pdf document, and described numeral is signed
Name dictionary includes: signature type (Type), digital signature value (Contents) etc.;It should be noted that
In the embodiment of the present invention, described signature type value is the data being arbitrarily different from Standard signatures type (/SIG).
Step S206, adds cross-index table (xref) and the end of file of necessity in described pdf document
Identifier (EOF), completes the digital signing operations of pdf document.
Other technical characteristic in the present embodiment is identical with embodiment one, and it will not go into details herein.
Embodiment three
Corresponding with above-described embodiment one, embodiment two, the present invention also provides for a kind of PDF file digital signature
System, as shown in Figure 6, including:
Data acquisition module 101, for obtaining data to be certified and the data length of pdf document to be signed;
Original text builds module 102, for building the former of digital signature according to described data to be certified and data length
Literary composition;
Digital signature value computing module 103, for according to the original text of described digital signature, client public key certificate with
And user's private cipher key calculates digital signature value;
Digital signature adds module 104, for described digital signature value is write described pdf document.
As a preferable embodiment, described digital signature interpolation module 104 may include that
Digital signature dictionary adds module, for adding digital signature in described pdf document with additional pattern
Dictionary, described digital signature dictionary includes: signature type, digital signature value;Described signature type value
For being arbitrarily different from the data of Standard signatures type;
End mark adds module, for adding cross-index table and end of file mark in described pdf document
Know symbol.
As a preferable embodiment, described user's private cipher key can be stored in and meet country's Password Management
In the hardware medium of office's specification, to realize PDF list is carried out the purpose of strong authentication.
As a preferable embodiment, data to be certified acquired in the present invention can be described to be signed
The full content of pdf document;The data length of acquired data to be certified can be described to be signed
The length of pdf document.
As a preferable embodiment, described data acquisition module 101 may include that
UR3 dictionary obtains submodule, and for obtaining the UR3 dictionary of pdf document to be signed, and reading should
Bytes range in UR3 dictionary;
Data calculating sub module, for calculating the data length of described pdf document according to described bytes range,
And the data to be certified of described pdf document are obtained according to described data length.
As a preferable embodiment, the PDF file digital signature system in the present embodiment can also include:
Judge module, after the data to be certified and data length of the pdf document to be signed in acquisition,
Judge whether predefined list authority set;
List authority set acquisition module, in the case of the judged result at described judge module is for being,
Obtain the data in described list authority set.
As a preferable embodiment, described original text builds module and can be also used for obtaining described list power
After data in limit set, build according to described list authority set, data to be certified and data length
The original text of described digital signature.
Other technical characteristic of a kind of PDF file digital signature system in the present embodiment and above-described embodiment
One, embodiment two is identical, and it will not go into details herein.
Embodiment four
Corresponding with the PDF file digital signature method in embodiment one, the present invention also provides for a kind of PDF literary composition
The verification method of part digital signature, as it is shown in fig. 7, comprises following steps:
Step S301, according to the hiding signature field of predefined signature type Type location pdf document,
The data length Length of described pdf document is obtained in this hiding signature field;It should be noted that this joint
Point data is 32 bit integer values.
Step S302, obtains plaintext data scope Range=[0, Length], and root according to described data length
The plaintext data Array of described pdf document is read according to described plaintext data scope;
Step S303, builds the former of digital signature according to described plaintext data Array and data length Length
Literary composition Text;Specifically can be such that Text=Length | | Array;Wherein | | symbology beading process;Length
It is 32 bit integer values.
Step S304, obtains digital signature value Contents of described pdf document, and signs according to described numeral
Whether client public key certificate and the original text Text of described digital signature in name value verify described digital signature value
Effectively;If checking digital signature is effective, then this list obtains certification.
As a preferable embodiment, after the hiding signature field of location pdf document, it is also possible to include
Following steps: judge whether there is predefined list authority set Usage in described hiding signature field;If
It is i.e. to there is predefined list authority set, then obtains the number in described list authority set Usage
According to;If it is not, the most there is not predefined list authority set, then can directly perform follow-up operation.
It addition, as a preferable embodiment, draw at predefined list authority set in above-mentioned judgement
In the case of conjunction, and after getting the data in list authority set, it is also possible to comprise the steps:
The original text of described digital signature is built according to described list authority set, plaintext data and data length.I.e.
When building the original text of digital signature, use and operate as follows: Text=[Usage] | | Length | | Array;Wherein,
| | symbology beading process;Usage data are optional, if need not add list authority set, then and this number
According to for empty.
As a preferable embodiment, in the pdf document of some digital signature defining UR3, can
To obtain the data length of described pdf document in the following way: obtain institute in described hiding signature field
State the UR3 dictionary of pdf document, and read bytes range ByteRange in this UR3 dictionary;ByteRange
Form be that { Offset1, Length1, Offset2, Length2} then can calculate described pdf document accordingly
Data length is Length=Offset2+Length2.
Embodiment five
Corresponding with the verification method of a kind of PDF file digital signature in embodiment four, the present invention also provides for
A kind of checking system of PDF file digital signature, as shown in Figure 8, including:
Data length acquisition module 301, for positioning the hidden of pdf document according to predefined signature type
Hide signature field, this hiding signature field obtains the data length of described pdf document;
Plaintext data acquisition module 302, is used for according to described data length acquisition plaintext data scope, and according to
Described plaintext data scope reads the plaintext data of described pdf document;
Signature original text builds module 303, for building digital signature according to described plaintext data and data length
Original text;
Authentication module 304, for obtaining the digital signature value of described pdf document, and signs according to described numeral
Client public key certificate and the original text of described digital signature in name value verify described digital signature value.
As a preferable embodiment, described data length acquisition module may include that
Bytes range obtains submodule, for obtaining the UR3 of described pdf document in described hiding signature field
Dictionary, and read the bytes range in this UR3 dictionary;
Length computation submodule, for calculating the data length of described pdf document according to described bytes range.
As a preferable embodiment, the checking system of described PDF file digital signature can also include:
Judge module, after the hiding signature field in location pdf document, it is judged that described hiding signature field
In whether there is predefined list authority set;
List authority set acquisition module, in the case of the judged result at described judge module is for being,
Obtain the data in described list authority set.
As a preferable embodiment, described signature original text builds module and can be also used for obtaining described table
After data in single authority set, carry out structure according to described list authority set, plaintext data and data length
Build the original text of described digital signature.
Other technical characteristic of the checking system of a kind of PDF file digital signature in the present embodiment and embodiment
The verification method of a kind of PDF file digital signature in four is identical, and it will not go into details herein.
By the scheme of above several embodiments it can be seen that the PDF file digital signature of the present invention and testing
Card method, system, build the original text of digital signature, then calculate according to data to be certified and data length
Digital signature value also writes pdf document.Invention creates that Adobe Reader client can not identify is hidden
Hide signature, it is provided that the privacy of list mandate;And the data hiding signature in the present invention allow by client
End updates, as long as the data of each node do not change in signature field, the sequence of each node becomes
When change or whole signature field position in pdf document change, can't destroy and hide signature
Effectiveness, thus meet and on the market pdf document is added the demand hiding signature, for the peace of pdf document
Full property provides effective guarantee.
Embodiment described above only have expressed the several embodiments of the present invention, and it describes more concrete and detailed,
But therefore can not be interpreted as the restriction to the scope of the claims of the present invention.It should be pointed out that, for this area
Those of ordinary skill for, without departing from the inventive concept of the premise, it is also possible to make some deformation and
Improving, these broadly fall into protection scope of the present invention.Therefore, the protection domain of patent of the present invention should be with appended
Claim is as the criterion.
Claims (18)
1. a PDF file digital signature method, it is characterised in that comprise the following steps:
Obtain data to be certified and the data length of these data to be certified of pdf document to be signed;
The original text of digital signature is built according to described data to be certified and data length;
Original text, client public key certificate and user's private cipher key according to described digital signature calculate digital signature
Value;
In described pdf document, add digital signature dictionary with additional pattern, described digital signature dictionary wraps
Include: signature type, digital signature value;Described signature type value is arbitrarily to be different from Standard signatures type
Data;
Cross-index table and end of file identifier is added in described pdf document.
PDF file digital signature method the most according to claim 1, it is characterised in that described user
Private cipher key is stored in the hardware medium meeting Password Management office of country specification.
PDF file digital signature method the most according to claim 2, it is characterised in that described in wait to recognize
Card data are the full content of described pdf document to be signed;The data length of described data to be certified is institute
State the length of pdf document to be signed.
PDF file digital signature method the most according to claim 2, it is characterised in that obtain described
The process of data to be certified and data length includes:
Obtain the UR3 dictionary of pdf document to be signed, and read the bytes range in this UR3 dictionary;
Calculate the data length of described pdf document according to described bytes range, and obtain according to described data length
Take the data to be certified of described pdf document.
5. according to the PDF file digital signature method described in claim 3 or 4, it is characterised in that obtaining
After taking described data to be certified and data length, further comprise the steps of:
Judge whether predefined list authority set;The most then obtain described list authority set
In data, and build described numeral according to described list authority set, data to be certified and data length
The original text of signature;
The former of described digital signature is being built according to described list authority set, data to be certified and data length
After literary composition, described digital signature dictionary also includes: list authority set.
6. a PDF file digital signature system, it is characterised in that including:
Data acquisition module, for obtaining data to be certified and this data to be certified of pdf document to be signed
Data length;
Original text builds module, for building the original text of digital signature according to described data to be certified and data length;
Digital signature value computing module, for according to the original text of described digital signature, client public key certificate and
User's private cipher key calculates digital signature value;
Digital signature dictionary adds module, for adding digital signature in described pdf document with additional pattern
Dictionary, described digital signature dictionary includes: signature type, digital signature value;Described signature type value
For being arbitrarily different from the data of Standard signatures type;
End mark adds module, for adding cross-index table and end of file mark in described pdf document
Know symbol.
PDF file digital signature system the most according to claim 6, it is characterised in that described user
Private cipher key is stored in the hardware medium meeting Password Management office of country specification.
PDF file digital signature system the most according to claim 7, it is characterised in that described in wait to recognize
Card data are the full content of described pdf document to be signed;The data length of described data to be certified is institute
State the length of pdf document to be signed.
PDF file digital signature system the most according to claim 7, it is characterised in that described data
Acquisition module includes:
UR3 dictionary obtains submodule, and for obtaining the UR3 dictionary of pdf document to be signed, and reading should
Bytes range in UR3 dictionary;
Data calculating sub module, for calculating the data length of described pdf document according to described bytes range,
And the data to be certified of described pdf document are obtained according to described data length.
PDF file digital signature system the most according to claim 8 or claim 9, it is characterised in that also
Including:
Judge module, for after obtaining described data to be certified and data length, it may be judged whether exist pre-
The list authority set first defined;
List authority set acquisition module, in the case of the judged result at described judge module is for being,
Obtain the data in described list authority set;
After described original text builds the data that module is additionally operable in obtaining described list authority set, according to institute
State list authority set, data to be certified and data length to build the original text of described digital signature.
The verification method of 11. 1 kinds of PDF file digital signature, it is characterised in that comprise the following steps:
According to the hiding signature field of predefined signature type location pdf document, in this hiding signature field
Obtain the data length of described pdf document;
Obtain plaintext data scope according to described data length, and read according to described plaintext data scope described
The plaintext data of pdf document;
The original text of digital signature is built according to described plaintext data and data length;
Obtain the digital signature value of described pdf document, and demonstrate,prove according to the client public key in described digital signature value
The original text of book and described digital signature verifies described digital signature value.
The verification method of 12. PDF file digital signature according to claim 11, it is characterised in that
The process of the data length obtaining described pdf document includes:
In described hiding signature field, obtain the UR3 dictionary of described pdf document, and read this UR3 dictionary
In bytes range;
The data length of described pdf document is calculated according to described bytes range.
13. according to the verification method of the PDF file digital signature described in claim 11 or 12, its feature
It is, after the hiding signature field of location pdf document, further comprises the steps of:
Judge whether described hiding signature field exists predefined list authority set;
The most then obtain the data in described list authority set.
The verification method of 14. PDF file digital signature according to claim 13, it is characterised in that
After obtaining the data in described list authority set, further comprise the steps of: according to described list authority set,
Plaintext data and data length build the original text of described digital signature.
The checking system of 15. 1 kinds of PDF file digital signature, it is characterised in that including:
Data length acquisition module, for the hiding label according to predefined signature type location pdf document
Name domain, obtains the data length of described pdf document in this hiding signature field;
Plaintext data acquisition module, for obtaining plaintext data scope according to described data length, and according to institute
State plaintext data scope and read the plaintext data of described pdf document;
Signature original text builds module, for building the former of digital signature according to described plaintext data and data length
Literary composition;
Authentication module, for obtaining the digital signature value of described pdf document, and according to described digital signature value
In client public key certificate and described digital signature original text verify described digital signature value.
The checking system of 16. PDF file digital signature according to claim 15, it is characterised in that
Described data length acquisition module includes:
Bytes range obtains submodule, for obtaining the UR3 of described pdf document in described hiding signature field
Dictionary, and read the bytes range in this UR3 dictionary;
Length computation submodule, for calculating the data length of described pdf document according to described bytes range.
17. according to the checking system of the PDF file digital signature described in claim 15 or 16, its feature
It is, also includes:
Judge module, after the hiding signature field in location pdf document, it is judged that described hiding signature field
In whether there is predefined list authority set;
List authority set acquisition module, in the case of the judged result at described judge module is for being,
Obtain the data in described list authority set.
The checking system of 18. PDF file digital signature according to claim 17, it is characterised in that
After described signature original text builds the data that module is additionally operable in obtaining described list authority set, according to institute
State list authority set, plaintext data and data length to build the original text of described digital signature.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310608077.2A CN103617403B (en) | 2013-11-25 | 2013-11-25 | PDF file digital signature and verification method, system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310608077.2A CN103617403B (en) | 2013-11-25 | 2013-11-25 | PDF file digital signature and verification method, system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103617403A CN103617403A (en) | 2014-03-05 |
| CN103617403B true CN103617403B (en) | 2016-09-28 |
Family
ID=50168106
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310608077.2A Active CN103617403B (en) | 2013-11-25 | 2013-11-25 | PDF file digital signature and verification method, system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103617403B (en) |
Families Citing this family (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105320900B (en) * | 2014-07-24 | 2019-08-23 | 方正国际软件(北京)有限公司 | PDF digital signature method and system and PDF digital signature authentication method and system |
| CN105808775A (en) * | 2016-03-30 | 2016-07-27 | 北京奎牛科技有限公司 | Method and device for synchronizing layout file information into database |
| CN106067849B (en) * | 2016-05-24 | 2020-02-21 | 飞天诚信科技股份有限公司 | Digital signature method and device suitable for PDF document |
| CN106330462A (en) * | 2016-09-05 | 2017-01-11 | 广东省电子商务认证有限公司 | PDF signature method and system capable of supporting multiple algorithms |
| CN107977346B (en) * | 2017-11-23 | 2021-06-15 | 深圳市亿图软件有限公司 | PDF document editing method and terminal equipment |
| CN109558113B (en) * | 2018-11-28 | 2021-07-30 | 偶忆科技(深圳)有限公司 | Data field representation method and device and electronic equipment |
| CN109672536B (en) * | 2018-12-24 | 2023-04-25 | 航天信息股份有限公司 | Digital signature method and system for batch PDF files |
| CN110532811B (en) * | 2019-08-30 | 2021-06-18 | 杭州天谷信息科技有限公司 | PDF (Portable document Format) signature method and PDF signature system |
| CN111539001B (en) * | 2020-04-17 | 2022-06-28 | 福建福昕软件开发股份有限公司 | Method and system for simplifying PDF document electronic signature based on enterprise user |
| CN113541973B (en) * | 2021-09-17 | 2021-12-21 | 杭州天谷信息科技有限公司 | Electronic signature packaging method |
| CN115481445B (en) * | 2022-08-16 | 2023-08-18 | 北京矩阵分解科技有限公司 | Signature verification method, device and equipment for portable document format file and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1808482A (en) * | 2006-02-09 | 2006-07-26 | 北京北大方正电子有限公司 | Visual electronic signature and verification method |
| CN101136046A (en) * | 2006-08-28 | 2008-03-05 | 鸿富锦精密工业(深圳)有限公司 | Electric signing verification system and method thereof |
| CN101241569A (en) * | 2008-03-07 | 2008-08-13 | 北京华大恒泰科技有限责任公司 | Electronic signature method and device and system |
| CN101702150A (en) * | 2009-12-02 | 2010-05-05 | 江西金格网络科技有限责任公司 | Method for protecting, verifying and repealing content of PDF document page |
| CN102609665A (en) * | 2012-01-19 | 2012-07-25 | 福建三元达软件有限公司 | Method and device for signing user program and method and device for verifying signature of user program |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4752521B2 (en) * | 2006-01-24 | 2011-08-17 | 富士ゼロックス株式会社 | Electronic document printing system and printing control apparatus |
| US20080091954A1 (en) * | 2006-10-17 | 2008-04-17 | Morris Daniel R | Method and system for facilitating printed page authentication, unique code generation and content integrity verification of documents |
-
2013
- 2013-11-25 CN CN201310608077.2A patent/CN103617403B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1808482A (en) * | 2006-02-09 | 2006-07-26 | 北京北大方正电子有限公司 | Visual electronic signature and verification method |
| CN101136046A (en) * | 2006-08-28 | 2008-03-05 | 鸿富锦精密工业(深圳)有限公司 | Electric signing verification system and method thereof |
| CN101241569A (en) * | 2008-03-07 | 2008-08-13 | 北京华大恒泰科技有限责任公司 | Electronic signature method and device and system |
| CN101702150A (en) * | 2009-12-02 | 2010-05-05 | 江西金格网络科技有限责任公司 | Method for protecting, verifying and repealing content of PDF document page |
| CN102609665A (en) * | 2012-01-19 | 2012-07-25 | 福建三元达软件有限公司 | Method and device for signing user program and method and device for verifying signature of user program |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103617403A (en) | 2014-03-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103617403B (en) | PDF file digital signature and verification method, system | |
| CN108667608B (en) | Method, device and system for protecting data key | |
| US8621203B2 (en) | Method and apparatus for authenticating a mobile device | |
| CN108924147B (en) | Communication terminal digital certificate issuing method, server and communication terminal | |
| CN101631022B (en) | Signing method and system thereof | |
| CN107844946A (en) | A kind of method, apparatus and server of electronic contract signature | |
| CN103559526A (en) | Method and system for generation and verification of two-dimensional code | |
| Jones et al. | Cbor web token (cwt) | |
| CN104636444B (en) | A kind of encryption and decryption method and device of database | |
| CN105099705B (en) | A kind of safety communicating method and its system based on usb protocol | |
| CN105635070B (en) | Anti-counterfeiting method and system for digital file | |
| CN107301343A (en) | Secure data processing method, device and electronic equipment | |
| CN105320535A (en) | Checking method of installation package, client side, server and system | |
| CN102467585A (en) | Electronic signature, verification and revocation method of DWG document | |
| KR20140108749A (en) | Apparatus for generating privacy-protecting document authentication information and method of privacy-protecting document authentication using the same | |
| WO2017066995A1 (en) | Method and device for preventing unauthorized access to server | |
| CN103117862B (en) | By the method for the X.509 digital certificate authentication Java certificate of openssl | |
| CN102033764A (en) | COS (Class of Service) firmware upgrading method of TF (T-Flash) card | |
| CN104408379B (en) | A kind of multistage endorsement method of the electronic document based on workflow | |
| CN107194237A (en) | Method, device, computer equipment and the storage medium of application security certification | |
| CN108768975A (en) | Support the data integrity verification method of key updating and third party's secret protection | |
| CN107665314A (en) | The trusted processes method and device signed on the electronic document | |
| KR102585404B1 (en) | Data security apparatus | |
| JP2010114725A (en) | Evidence preservation apparatus, method of preserving evidence, and program | |
| Tiwari et al. | India’s “Aadhaar” Biometric ID: Structure, Security, and Vulnerabilities |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 528200 science and technology road, Nanhai Software Science Park, Nanhai Town, Nanhai District, Foshan, Guangdong Applicant after: Age of security Polytron Technologies Inc Address before: 528200 science and technology road, Nanhai Software Science Park, Nanhai Town, Nanhai District, Foshan, Guangdong Applicant before: Guangdong Certificate Authority Center Co., Ltd. |
|
| COR | Change of bibliographic data | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |