0

I successfully reach the PAdES level B-B, B-T, B-LT in the itext using the below code.

// st is PdfStamper
var adobeLtvEnabling = new AdobeLtvEnabling(st);
adobeLtvEnabling.enable(ocsp, crl);

Unable to get level B-LTA using itext.

The @mki original comment.

As mentioned, AdobeLtvEnabling ignores time stamps; signature time stamps to be more exact. To process them, too, you need to extend the loop in enable to not only walk the certificate path of pdfPKCS7.getSigningCertificate() but also of the signing certificate of pdfPKCS7.getTimeStampToken() if applicable. Of course, it is possible that in your case this is not necessary: if the TSA certificate immediately is on the Trusted Lists (and not merely an ancestor in its certificate path), then no extra validation information is required. This is the case for some but not for all TSAs.

The @mki suggested extending the loop and using Java pdfPKCS7.getTimeStampToken() in the post https://stackoverflow.com/questions/71351592/itext-pades-baseline-lt-lta

I found pdfPKCS7.TimeStampToken() in C# but no idea about how to use it and where to use it to get the B-LTA levels.

I am looking ready to use code which is works with the Itext 5.5.13.2 and C# and get the B-LTA levels.

Is anyone has already done it? Please share the code.

Thanks in advance.

Ram
  • 131
  • 8
  • `AdobeLtvEnabling` is designed to make Adobe Acrobat happy, not for PAdES baseline profiles. But if you successfully reached B-LT, all you need for LTA is adding a document timestamp. have you tried that? – mkl Dec 13 '22 at 09:15
  • @mkl Yes, the pdf document added a timestamp successfully. Screenshot: [https://ibb.co/K9FVp3q](https://ibb.co/K9FVp3q) but still showing **B-LT** . Any suggestion? – Ram Dec 13 '22 at 09:49
  • Please share the PDF in question for analysis. – mkl Dec 13 '22 at 10:09
  • @mkl Check the self-signed pdf file [Get The File](https://drive.google.com/file/d/1V_XksM7LOl4BSxGadt9pY64k0IsRMcli/view?usp=share_link) – Ram Dec 13 '22 at 15:23
  • Your file does not have a document time stamp at all, merely a signature time stamp. When you have a B-LT signed PDF, it should suffice to add a document time stamp to make it B-LTA to it. (You shouldn't work with self-signed certificates in this context, though, as they are not representative, in particular as far as validation information are concerned. – mkl Dec 13 '22 at 18:12
  • @mki, Thanks for sharing the interesting fact that the **Document sign stamp** and **Signature sign stamp** both are different. Please suggest any post, link, or share working code the correct way to **pdf signing with a document timestamping with signature LTV enables and apply the PAdES levels like B-B, B-T, B-LT, B-LTA using the Itext 5.5.13.2 using the C#**. Thanks in advance. – Ram Dec 14 '22 at 05:09
  • I'm not aware of an article dedicated to creating PAdES baseline signatures with iText 5. For applying a document timestamp you can use the `LtvTimestamp` class. – mkl Dec 14 '22 at 15:52
  • @mkl Now signed pdf smart card issued by valid CA. For LTV enabling I took help from many of your old posts. Can you please check the signed pdf once again and confirm that **pdf signing with a timestamping with signature LTV enables and apply the PAdES levels B-LTA** or still missing something? Adobe showing pdf signed, LTV enabled and timestamping. [Get the file](https://drive.google.com/file/d/1DARJTR-WGirbtBGYOm5T-M9kWsJm_PH0/view?usp=sharing) . Adobe screenshot [Get file](https://drive.google.com/file/d/1D35YVIV62jCgKk15uYQwqsf9YZTmKlPI/view?usp=sharing). Your opinion is very important. – Ram Dec 15 '22 at 15:33
  • To tell whether it's PAdES baseline LTA I'd need to know which certificates you trust as trust anchors. Without that I cannot tell whether there really are sufficient revocation information embedded here. At first glance, though, it looks ok, there don't seem to be conceptual issues. – mkl Dec 15 '22 at 20:15

0 Answers0