數位簽章指南
簽章等級對照
| 等級 | 標準 | 套件需求 | 長期有效 |
| PAdES B-B | ETSI EN 319 142-1 | nextpdf/core | 否(依憑證有效期) |
| PAdES B-T | ETSI EN 319 142-1 | nextpdf/core | 部分 |
| PAdES B-LT | ETSI EN 319 142-1 | nextpdf/pro | 是(內嵌 OCSP/CRL) |
| PAdES B-LTA | ETSI EN 319 142-1 | nextpdf/pro | 是(含時間戳記存檔) |
| LTV + HSM | ETSI EN 319 102-1 | nextpdf/enterprise | 是(硬體安全模組) |
Core:PAdES B-B 基礎簽章
use NextPDF\Core\Security\PadesOrchestrator;
use NextPDF\Core\Security\SigningCertificate;
use NextPDF\Core\Security\ValueObjects\SignatureAppearance;
$certificate = SigningCertificate::fromPkcs12(
path: '/certs/signer.p12',
passphrase: $_ENV['CERT_PASSPHRASE'],
);
$orchestrator = PadesOrchestrator::create(certificate: $certificate);
$signed = $orchestrator->sign(
document: $document,
appearance: SignatureAppearance::invisible(),
reason: 'Document approval',
location: 'Taipei, Taiwan',
);
$signed->save('/output/signed.pdf');
Pro:PAdES B-LTA 長期有效簽章
use NextPDF\Pro\Signature\LtaOrchestrator;
use NextPDF\Pro\Signature\TimestampAuthority;
use NextPDF\Pro\Signature\RevocationEmbedder;
$tsa = TimestampAuthority::create(
url: 'https://tsa.example.com/timestamp',
policyOid: '1.3.6.1.4.1.13762.3',
);
$revocation = RevocationEmbedder::create()
->withOcspFallback(enabled: true)
->withCrlFallback(enabled: true);
$orchestrator = LtaOrchestrator::create(
certificate: $certificate,
tsa: $tsa,
revocation: $revocation,
);
$signed = $orchestrator->sign(document: $document);
Enterprise:HSM 硬體安全模組
use NextPDF\Enterprise\Signature\HsmOrchestrator;
use NextPDF\Enterprise\Signature\HsmConnection;
$hsm = HsmConnection::create(
pkcs11Library: '/usr/lib/libpkcs11.so',
slot: 0,
pin: $_ENV['HSM_PIN'],
);
$orchestrator = HsmOrchestrator::create(
hsm: $hsm,
tsa: $tsa,
revocation: $revocation,
);
多重簽章
簽章驗證
常見問題
延伸閱讀