打开已签名的 PDF 时出现“至少一个签名有问题”消息
"At least one signature has problems” message when signed PDF is opened
使用 iTextSharp 创建和签署 PDF 效果很好。但是当我在 Adobe Reader 或 Acrobat 中打开文档时,它显示
“At least one signature has problems”
注意:这与类似的已知问题不同:
"At least one signature is invalid"
这实际上表明证书无效。
在网上阅读了一些内容,特别是 Adobe forum, it seems that Adobe does not recognize the certificate as trusted. I have tried both self-signed certificate and an official verified and validated certificate we purchased from thawte,我们用于代码签名没有任何问题。
对于自签名证书,我几乎可以理解此警告,但对于从 thawte.
购买的官方和商业证书,则无法理解
所有 "solutions" 都建议用户可以手动将证书添加到所谓的受信任列表中。该过程在此处描述:
How to resolve “At least one signature has problems.” error in Adobe Reader?
对于特定 user/computer,问题将是 "solved",但如果您将 PDF 发送给其他客户,该消息会再次出现!
这似乎是一种非常不专业的行为。并且此警告只是误导性的,并且对于不知道他们是否可以信任已签名文档的简单最终客户来说更糟糕!
如何解决这个问题?
如果 Adobe 正在销售 特殊 PDF 证书,我们愿意栖息这样的证书!这是一个选项吗?
我到处搜索,但找不到合适的解决方案。
我使用的代码:
using System;
using System.IO;
using System.Text;
using System.Security.Cryptography.X509Certificates;
using iTextSharp.text;
using iTextSharp.text.pdf;
using iTextSharp.text.pdf.security;
namespace Test
{
class Program
{
static void Main(string[] args)
{
System.IO.Stream stream = new MemoryStream();
Document document = new Document();
document.SetPageSize(PageSize.A4);
PdfWriter writer = PdfWriter.GetInstance(document, stream);
writer.CloseStream = false;
document.Open();
document.Add(new Paragraph("Hello World"));
document.Close();
writer.Close();
string destPdfFileName = @"D:\out.pdf";
string pfxFileName = @"D:\cert.pfx";
string pfxPassword = "password";
var cert = new X509Certificate2(pfxFileName, pfxPassword);
stream.Position = 0;
Org.BouncyCastle.X509.X509CertificateParser cp = new Org.BouncyCastle.X509.X509CertificateParser();
Org.BouncyCastle.X509.X509Certificate[] chain = new Org.BouncyCastle.X509.X509Certificate[] { cp.ReadCertificate(cert.RawData) };
IExternalSignature externalSignature = new X509Certificate2Signature(cert, "SHA-1");
PdfReader pdfReader = new PdfReader(stream);
FileStream signedPdf = new FileStream(destPdfFileName, FileMode.Create); // the output pdf file
PdfStamper pdfStamper = PdfStamper.CreateSignature(pdfReader, signedPdf, '[=10=]');
PdfSignatureAppearance signatureAppearance = pdfStamper.SignatureAppearance;
signatureAppearance.Reason = "Reason";
signatureAppearance.Location = "Location";
signatureAppearance.SetVisibleSignature(new iTextSharp.text.Rectangle(20, 10, 170, 60), 1, "Signature");
MakeSignature.SignDetached(signatureAppearance, externalSignature, chain, null, null, null, 0, CryptoStandard.CMS);
Console.ReadKey();
}
}
}
只是添加到@mkl 回答:
来自 Adobe Approved Trust List:
How do I get an AATL-enabled signing credential?
Adobe does not sell these credentials but manages the program by which these credentials
are trusted. To purchase AATL-enabled certificates, contact one of the
members. Also check the list to see if your organization may already
be a part of the AATL.
What can be does to fix this issue?
If Adobe is selling a special certificate for PDF, we are willing to perches such certificate! is that an option?
I have searched all over, but could not find a proper solution.
默认情况下,Adobe Reader 信任来自 Adobe 自己的 AATL(Adobe 授权信任列表)和 EUTL(欧盟信任列表)的颁发者的证书。
详情阅读Adobe Trust Services:
Adobe facilitates trusted and secure exchange of electronic documents and information by means of trust services that enable individuals, governments and enterprises around the world to run their businesses safely based on principles of Security, Availability, Authenticity, Integrity, Confidentiality, and Privacy.
Adobe Authorized Trust List (AATL)
The Adobe Approved Trust List (AATL) is the largest Trust Service for electronic documents in the world allowing millions of users to create digital signatures that are trusted whenever the signed document is opened in the ubiquitous Adobe Acrobat or Acrobat Reader software. Over 6 billion electronic and digital signature transactions are processed through Adobe Document Cloud solutions every year.
Acrobat and Acrobat Reader have been programmed to reach out to an online service run by Adobe to periodically download a list of trusted digital certificates from leading Trust Service Providers.
Digital signatures created with a Digital ID that has been issued under any of the trustworthy certificates published in the AATL will appear as trusted in Acrobat and Acrobat Reader. This enormously simplifies the validation of these signatures without requiring any specialized software or custom configuration.
Visit the Adobe Authorized Trust List web page to know more about the AATL program and view the list of partners that provide trusted AATL Digital IDs.
Adobe European Union Trust List (EUTL)
EU Trusted lists are essential elements in building trust among electronic market operators by allowing users to determine the qualified status and the status history of trust service providers and their services.
The Adobe European Union Trust List (EUTL) is a reduced version of the combined trusted lists from all EU Member States and EEA countries which includes the information specified in Article 1 of European Commission Implementing Decision (EU) 2015/1505.
Some Member States may include in their trusted lists information on non-qualified trust service providers, but these services are excluded from the Adobe EUTL. Some Member States may also include in their trusted lists information on nationally defined trust services of other types than those defined under Article 3(16) of EU Regulation n. 2014/910. As these services are not qualified according to EU Regulation n. 2014/910, they are excluded as well from the Adobe EUTL.
Acrobat and Acrobat Reader have been programmed to reach out to an online service run by Adobe to periodically download the list of trusted digital certificates from EU Qualified Trust Service Providers that meet the requirements specified in Article 1 of the Implementing Decision (EU) 2015/1505.
Digital signatures created with a Digital ID that has been issued under any of the trustworthy certificates published in the EUTL will appear as trusted in Acrobat and Acrobat Reader. This enormously simplifies the validation of these signatures without requiring any specialized software or custom configuration.
Visit Adobe’s European Union Trust List (EUTL) web page to know more about the EUTL program and view a list of providers that issue EUTL trusted services.
使用 iTextSharp 创建和签署 PDF 效果很好。但是当我在 Adobe Reader 或 Acrobat 中打开文档时,它显示
“At least one signature has problems”
注意:这与类似的已知问题不同:
"At least one signature is invalid"
这实际上表明证书无效。
在网上阅读了一些内容,特别是 Adobe forum, it seems that Adobe does not recognize the certificate as trusted. I have tried both self-signed certificate and an official verified and validated certificate we purchased from thawte,我们用于代码签名没有任何问题。
对于自签名证书,我几乎可以理解此警告,但对于从 thawte.
购买的官方和商业证书,则无法理解所有 "solutions" 都建议用户可以手动将证书添加到所谓的受信任列表中。该过程在此处描述:
How to resolve “At least one signature has problems.” error in Adobe Reader?
对于特定 user/computer,问题将是 "solved",但如果您将 PDF 发送给其他客户,该消息会再次出现!
这似乎是一种非常不专业的行为。并且此警告只是误导性的,并且对于不知道他们是否可以信任已签名文档的简单最终客户来说更糟糕!
如何解决这个问题?
如果 Adobe 正在销售 特殊 PDF 证书,我们愿意栖息这样的证书!这是一个选项吗?
我到处搜索,但找不到合适的解决方案。
我使用的代码:
using System;
using System.IO;
using System.Text;
using System.Security.Cryptography.X509Certificates;
using iTextSharp.text;
using iTextSharp.text.pdf;
using iTextSharp.text.pdf.security;
namespace Test
{
class Program
{
static void Main(string[] args)
{
System.IO.Stream stream = new MemoryStream();
Document document = new Document();
document.SetPageSize(PageSize.A4);
PdfWriter writer = PdfWriter.GetInstance(document, stream);
writer.CloseStream = false;
document.Open();
document.Add(new Paragraph("Hello World"));
document.Close();
writer.Close();
string destPdfFileName = @"D:\out.pdf";
string pfxFileName = @"D:\cert.pfx";
string pfxPassword = "password";
var cert = new X509Certificate2(pfxFileName, pfxPassword);
stream.Position = 0;
Org.BouncyCastle.X509.X509CertificateParser cp = new Org.BouncyCastle.X509.X509CertificateParser();
Org.BouncyCastle.X509.X509Certificate[] chain = new Org.BouncyCastle.X509.X509Certificate[] { cp.ReadCertificate(cert.RawData) };
IExternalSignature externalSignature = new X509Certificate2Signature(cert, "SHA-1");
PdfReader pdfReader = new PdfReader(stream);
FileStream signedPdf = new FileStream(destPdfFileName, FileMode.Create); // the output pdf file
PdfStamper pdfStamper = PdfStamper.CreateSignature(pdfReader, signedPdf, '[=10=]');
PdfSignatureAppearance signatureAppearance = pdfStamper.SignatureAppearance;
signatureAppearance.Reason = "Reason";
signatureAppearance.Location = "Location";
signatureAppearance.SetVisibleSignature(new iTextSharp.text.Rectangle(20, 10, 170, 60), 1, "Signature");
MakeSignature.SignDetached(signatureAppearance, externalSignature, chain, null, null, null, 0, CryptoStandard.CMS);
Console.ReadKey();
}
}
}
只是添加到@mkl 回答: 来自 Adobe Approved Trust List:
How do I get an AATL-enabled signing credential?
Adobe does not sell these credentials but manages the program by which these credentials are trusted. To purchase AATL-enabled certificates, contact one of the members. Also check the list to see if your organization may already be a part of the AATL.
What can be does to fix this issue?
If Adobe is selling a special certificate for PDF, we are willing to perches such certificate! is that an option?
I have searched all over, but could not find a proper solution.
默认情况下,Adobe Reader 信任来自 Adobe 自己的 AATL(Adobe 授权信任列表)和 EUTL(欧盟信任列表)的颁发者的证书。
详情阅读Adobe Trust Services:
Adobe facilitates trusted and secure exchange of electronic documents and information by means of trust services that enable individuals, governments and enterprises around the world to run their businesses safely based on principles of Security, Availability, Authenticity, Integrity, Confidentiality, and Privacy.
Adobe Authorized Trust List (AATL)
The Adobe Approved Trust List (AATL) is the largest Trust Service for electronic documents in the world allowing millions of users to create digital signatures that are trusted whenever the signed document is opened in the ubiquitous Adobe Acrobat or Acrobat Reader software. Over 6 billion electronic and digital signature transactions are processed through Adobe Document Cloud solutions every year.
Acrobat and Acrobat Reader have been programmed to reach out to an online service run by Adobe to periodically download a list of trusted digital certificates from leading Trust Service Providers.
Digital signatures created with a Digital ID that has been issued under any of the trustworthy certificates published in the AATL will appear as trusted in Acrobat and Acrobat Reader. This enormously simplifies the validation of these signatures without requiring any specialized software or custom configuration.
Visit the Adobe Authorized Trust List web page to know more about the AATL program and view the list of partners that provide trusted AATL Digital IDs.
Adobe European Union Trust List (EUTL)
EU Trusted lists are essential elements in building trust among electronic market operators by allowing users to determine the qualified status and the status history of trust service providers and their services.
The Adobe European Union Trust List (EUTL) is a reduced version of the combined trusted lists from all EU Member States and EEA countries which includes the information specified in Article 1 of European Commission Implementing Decision (EU) 2015/1505.
Some Member States may include in their trusted lists information on non-qualified trust service providers, but these services are excluded from the Adobe EUTL. Some Member States may also include in their trusted lists information on nationally defined trust services of other types than those defined under Article 3(16) of EU Regulation n. 2014/910. As these services are not qualified according to EU Regulation n. 2014/910, they are excluded as well from the Adobe EUTL.
Acrobat and Acrobat Reader have been programmed to reach out to an online service run by Adobe to periodically download the list of trusted digital certificates from EU Qualified Trust Service Providers that meet the requirements specified in Article 1 of the Implementing Decision (EU) 2015/1505.
Digital signatures created with a Digital ID that has been issued under any of the trustworthy certificates published in the EUTL will appear as trusted in Acrobat and Acrobat Reader. This enormously simplifies the validation of these signatures without requiring any specialized software or custom configuration.
Visit Adobe’s European Union Trust List (EUTL) web page to know more about the EUTL program and view a list of providers that issue EUTL trusted services.