I have been given a task to apply a secure RFC 3161 timestamping functionality to our Laravel PDF builder. So we have the PDF - we need a timestamp, but it is somewhat open ended as to how we make sure the file itself is valid.
Many desktop products like Adobe Acrobat and Xolido can generate a timestamped PDF using a user specified TSA, which is different from the raw PDF. However, I need this exact functionality on a Laravel server - how does this happen? Where does the timestamp go inside the PDF and what does Adobe Acrobat do to the PDF itself?
There are many libraries for taking a file and calculating the timestamp cryptographically using something like freetsa.org or other TSA servers.
Once I hash the file and send it to the server, I obtain a response and a timestamp - but how do I store this information in the PDF? Is it stored in the metadata of a PDF, like the author, keywords, or meta section?
