3

We are trying to embed Timestamp signature as a unsigned attribute in CMS format but after stamping signature in PDF, PDF viewer giving the signature includes an embeded timestamp but it is invalid message.

Adobe PDF Message

enter image description here

We have used internal TSA service (self sigined) TSA and bouncy castle API for crypto and signing operations. But don't know what is happening with timestamp. Could anyone know what is wrong I am doing.

hello_signed.pdf Also added Java code base and signed pdf sample for reference.

Any help would be appreciated.

Nikhil Wankhade
  • 177
  • 13
  • *"Could anyone know what is wrong I am doing."* - You neither share the PDF nor your code. So how should we know what you're doing, let alone what you're doing wrong? – mkl Jul 23 '20 at 12:45
  • Actually all resources are restricted at my office and my code base is at office machine will try to share you some content soon – Nikhil Wankhade Jul 23 '20 at 17:24
  • @mkl please find google link sample pdf in which I am getting above mentioned message [link] https://drive.google.com/drive/folders/1HArRJs5XmwyPaXG-DqZ_6aijcG4MEcXI?usp=sharing – Nikhil Wankhade Jul 24 '20 at 05:50
  • I'll try to find some time to look into this next week. – mkl Jul 24 '20 at 14:57

3 Answers3

4

There is an issue in the TSTInfo structure, its tsa member is

C = IN,S = MH,L = NSDL,O = NSDL,OU = NSDL,CN = NSDL,E = nsdl@nsdl.co.in

but your TSA certificate has the inverse subject

E = nsdl@nsdl.co.in,CN = NSDL,OU = NSDL,O = NSDL,L = NSDL,S = MH,C = IN

According to RFC 3161, the purpose of the tsa field is to give a hint in identifying the name of the TSA. If present, it MUST correspond to one of the subject names included in the certificate that is to be used to verify the token.

Thus, an attentive validator cannot use the certificate you supplied for verifying the time stamp.

I don't know whether that's the only issue but it's definitively a show-stopper.

mkl
  • 90,588
  • 15
  • 125
  • 265
2

This means Acrobat cannot find the certificate used to create the timestamp. Looking at the ASN.1 decode for your PDF signature CMS, it looks like you haven't requested the Timestamp Authority's certificate in the request (search for timeStampToken to take you to the appropriate section of the CMS). In Bouncy Castle this is achieved by calling SetCertReq(true) on the TimeStampRequestGenerator instance as follows:

        TimeStampRequestGenerator reqGenerator = new TimeStampRequestGenerator();
        // Request the server to also include the signing certificate:
        reqGenerator.SetCertReq(true);

When this is set the Timestamping Authority will include the certificate, or more usually the timestamping certificate and its chain, as signed attribute(s) in the SignedCms of the actual timestamp.

To confirm that the certificate is included in the response you can write the timestamping authority's response to a text file as a hex string and decode it using this website https://lapo.it/asn1js/.

Peter G
  • 147
  • 1
  • 10
  • As I had written own TSA client and Server for the purpose of POC which is shared in above google link. And this `reqGenerator.SetCertReq(true);` I already made this while generating TSA request but the issue persist there – Nikhil Wankhade Jul 25 '20 at 05:35
  • 1
    Okay you're right the certificate is there but there's not much to it! Acrobat is saying that there don't seem to be any policy extensions on your certificate. You can send a timestamp request to http://freetsa.org and compare the certificates in the response you get from there to the one you're generating. Basically I would be inclined to copy policy extensions and any other extensions from a known functioning timestamp certificate. Also see https://tools.ietf.org/html/rfc3628#section-4.4. – Peter G Jul 25 '20 at 10:10
1

AS per TSA RFC 3161, The purpose of the tsa field is to give a hint in identifying the name of the TSA. If present, it MUST correspond to one of the subject names included in the certificate that is to be used to verify the token. However, the actual identification of the entity that signed the response will always occur through the use of the certificate identifier (ESSCertID Attribute) inside a SigningCertificate attribute which is part of the signerInfo (See Section 5 of [ESS]).

TSA RFC

for this issue TSA needs to construct tsa GeneralName attribute in a following way. Made below changes in source. Construct tsa with TSA certificate SubjectDN

Not Working
GeneralName gn = new GeneralName(GeneralName.directoryName, new X500Name(cacert.getSubjectX500Principal().getName()));

Working Code
X500Name iss = X500Name.getInstance(cacert.getSubjectX500Principal().getEncoded()); GeneralName gn = new GeneralName(GeneralName.directoryName, iss); tkg.setTSA(gn);

Community
  • 1
  • 1
Nikhil Wankhade
  • 177
  • 13