所以我已经设置了ItextSharp,并且我已经让签名过程在某种程度上工作,嵌入图像和字体工作正常但我在签署文档时遇到以下验证错误(不认证),"字符串长度超过65535字节。"这导致我的文件不符合PDF / A-1a标准。我已经检查了代码,似乎问题出现在ITextSharp(5.5.6)的MakeSignature.SignDetached方法中,是否会出现这种情况?
签名文档,错误:https://drive.google.com/file/d/0B9RyqgJoa6W8Q1ZySkhjUS1iTmM/view?usp=sharing
private void SignDocumentSigningBlock(Certificate certificate, SigningInformation information, SigningBlock block, PdfSignatureAppearance appearance, PdfStamper stamper, byte[] signatureImage)
{
X509Certificate2 x509Certificate = new X509Certificate2(certificate.Bytes, certificate.Password, X509KeyStorageFlags.Exportable);
appearance.SetVisibleSignature(block.Name);
SignDocumentSigningBlockWithImage(signatureImage, appearance);
SignDocumentSigningBlockWithText(appearance, x509Certificate);
using (RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)x509Certificate.PrivateKey)
{
IExternalSignature externalSignature = new PrivateKeySignature(DotNetUtilities.GetRsaKeyPair(rsa).Private, _settingManager["DocumentSigningEncryptionHashAlgorithm"]);
MakeSignature.SignDetached(appearance, externalSignature, SignDocumentSigningBlockBuildChain(x509Certificate), null, null, new TSAClientBouncyCastle(_settingManager["DocumentSigningTimestampingServiceAddress"]), Int32.Parse(_settingManager["DocumentSigningEstimatedTimestampSize"]), CryptoStandard.CMS);
}
}
任何建议或帮助将不胜感激。 亲切的问候
更新
我已签署文件,将估计的尺寸减少到20400,但在进行合规性检查时,我仍然会收到相同的警告。 链接到新文档: https://drive.google.com/file/d/0B9RyqgJoa6W8UkpGODhLWHl5bTQ/view?usp=sharing
答案 0 :(得分:1)
您的MakeSignature.SignDetached
来电
MakeSignature.SignDetached(appearance, externalSignature, SignDocumentSigningBlockBuildChain(x509Certificate), null, null, new TSAClientBouncyCastle(_settingManager["DocumentSigningTimestampingServiceAddress"]), Int32.Parse(_settingManager["DocumentSigningEstimatedTimestampSize"]), CryptoStandard.CMS);
明确要求iTextSharp为
预留空间Int32.Parse(_settingManager["DocumentSigningEstimatedTimestampSize"])
嵌入签名的许多字节。
因此,请减少_settingManager["DocumentSigningEstimatedTimestampSize"]
值。
值0
要求iTextSharp进行粗略估算。这样的估计可能会超出某些限制,因此不应在您的情况下使用。
顺便说一下,名称DocumentSigningEstimatedTimestampSize
在这里会产生误导。
PS :如果您在签名中嵌入其他材料(如CRL,OCSP响应或时间戳),则预期的签名大小会增加。对于PDF / A-1a一致性,请尽可能少地将这些附加信息放入签名中。