Sign PDF with plain JavaScript

问题:

With WebCrypto API evolving and being supported by Chrome and Firefox, I would like to use it for digitally signing a PDF document. There is not much of literature around, but I found some examples [1] and a library called PKI.js [2]. In the examples, the signing process is described, but in the end, a signature is returned. I would expect my Base64 PDF file returned again in a signed Base64 string, but sadly, this is not what happens. PKI.js too, to my knowledge, does not provide a way to sign my Base64 PDF.

Is there a way to sign a PDF with JavaScript and the WebCrypto API only? The private key can be entered in a <textarea> or, even better, stored in the certificate settings of the browser.

Base64 PDF (from REST API) → Sign with JS & certificate → Signed Base64 PDF (send to REST)

• [1] https://github.com/diafygi/webcrypto-examples
• [2] https://pkijs.org/

回答1:

It is technically possible to do this, in-fact it is one of the scenarios we had in mind when we made PKIjs (which is why there is this sample) - https://pkijs.org/examples/PDFexample.html

That said to do signing requires working with the PDF structure itself, which either requires a custom parser or modifications to an existing one (pdfjs for example).

Long story short, signing a PDF in browser will take a lot of work, it is something we are working on though.

回答2:

There is PDFSign.js, a library that can sign a PDF file in the browser. It uses forge though for the signature. If PKI.js supports detached pkcs7 signatures, then it should be easy to replace forge.

文章来源: Sign PDF with plain JavaScript