PDF版式文档-数字签名分析

签名值的对象格式:
21 0 obj
<</ByteRange[ 0 60202 65080 4917] /Contents<30........000000>/Filter/Adobe.PPKLite/M(D:20141005145612+08'00')/Name(CSP_test11)/Prop_Build<</App<</Name/Reader/OS[/Win]/R 720903/REx(11.0.7)/TrustedMode true>>/Filter<</Date(May  8 2014 13:48:44)/Name/Adobe.PPKLite/R 131104>>/PubSec<</Date(May  8 2014 13:48:44)/NonEFontNoWarn true/R 131105>>>>/SubFilter/adbe.pkcs7.detached/Type/Sig>>
endobj
为什么Contents里面会有这么多0,因为需要先预算出ByteRange,所以先预多一点签名值数据,不够就补0
对Contents<>里面的数据进行分析,可知签名格式分
adbe.pkcs7.detached(P7不带内容)
adbe.pkcs7.sha1(P7带内容。先对PDF数据做SHA1,再把SHA1数据作为P7内容,相当于做了2次摘要)
adbe.x509.rsa_sha1(数字证书+P1签名)
ETSI.CAdES.detached(CAdES不带内容)
adbe.pkcs7.detached
31 0 obj
<</ByteRange[0 462898 466962 516] /Contents<>/Type/Sig/Filter/Adobe.PPKLite/SubFilter/adbe.pkcs7.detached>>
endobj

adbe.x509.rsa_sha1签名:多了个/Cert对象
21 0 obj
<</ByteRange[ 0 63435 63715 4925]/Cert[(0......?)]/Contents<0......>/Filter/Adobe.PPKLite/M(D:20141106102436+08'00')/Name(......)/Prop_Build<</App<</Name/Reader/OS[/Win]/R 720905/REx(11.0.9)/TrustedMode true>>/Filter<</Date(Sep 12 2014 09:43:12)/Name/Adobe.PPKLite/R 131104>>/PubSec<</Date(Sep 12 2014 09:43:12)/NonEFontNoWarn true/R 131105>>>>/SubFilter/adbe.x509.rsa_sha1/Type/Sig>>
endobj
时间戳:
16 0 obj
<</ByteRange[ 0 1476 13782 4877]/Contents<3082072e....0000>/Filter/Adobe.PPKLite/Prop_Build<</App<</Name/Reader/OS[/Win]/R 720903/REx(11.0.7)/TrustedMode true>>/Filter<</Date(May  8 2014 13:48:44)/Name/Adobe.PPKLite/R 131104>>/PubSec<</Date(May  8 2014 13:48:44)/NonEFontNoWarn true/R 131105>>>>/SubFilter/ETSI.RFC3161/Type/DocTimeStamp/V 0>>
endobj
文档分析:
/Type/XRef/Root->/Type/Catalog/AcroForm<<>>->/Fields->/Type/Annot/FT/Sig /V->/Type/Sig
签名的外观:
/FT/Sig/AP<<>>->/N->......->/Type/XObject/Subtype/Image

留下评论

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据