Using CryptSignMessage to insert timestamp into PDF
- From: "idly" <alain.serrano@xxxxxxxxx>
- Date: 22 Aug 2006 05:29:46 -0700
Hello!
I am signing PDF files using a PKCS#7 signature created with
CryptSignMessage from Microsoft CryptoAPI. It works. But I'd like to
add a timestamp (from a TSA server) to my signature.
The PDF reference and RFC 3161 say I must add it as an "unauthenticated
attribute" (although someone told me it should be "authenticated"),
with the Object ID "1.2.840.113549.1.9.16.2.14".
My questions :
.. can anyone confirm if it should be an "authenticated" or
"unauthenticated" attribute?
.. what is the data that I must insert into this attribute? I tried
inserting the data returned by the time server (the "TimeStampResp"),
and I also tried to insert the "TimeStampToken", that I retrieve from
the "TimeStampResp" by removing the first bytes (corresponding to the
"PKIStatusInfo")... Nothing seems to work. This data returned by the
time server is already ASN1 DER-encoded. I don't need to "CryptEncode"
it... do I? (If I do, what is the structure type I should use?)
.. if I did right, then, what is wrong? Maybe the hash that I send to
the time server? It is the hash of the byte range of the PDF file, the
same hash as for the signature, right? (Because I want to certify the
PDF file was created before this date, not the signature)...
I think I am close to the solution, but it still doesn't work, it's
frustrating!
Thanks for your help!
Alain.
.
- Follow-Ups:
- Re: Using CryptSignMessage to insert timestamp into PDF
- From: Mitch Gallant
- Re: Using CryptSignMessage to insert timestamp into PDF
- Prev by Date: RE: Is fix for 818173 present in win-xp sp2?
- Next by Date: RE: WinXP -> W2K3 Share Access
- Previous by thread: RE: WinXP -> W2K3 Share Access
- Next by thread: Re: Using CryptSignMessage to insert timestamp into PDF
- Index(es):
Relevant Pages
|
