trusted-timestamp

问题 is it possible to timestamp PDF document offline using iText or any other component? I've googled standard solution utilizing iText and TSAClient class but it requires TSA as online service. We have certificate from TSA (including private key) whose purpose is to create timestamp signatures but I can't find any technical way how to do it with iText. Thanks for any guidance. Richmond 回答1: I've googled standard solution utilizing iText and TSAClient class but it requires TSA as online service.

问题 I try to send a SOAP message in an XML file to a webservice and than grab the binary output and decode it. Endpoint uses HTTPS protocol, so I used TrustManager in my code to avoid PKIX problems. You can see my code here: import javax.net.ssl.*; import java.io.*; import java.net.HttpURLConnection; import java.net.URL; import java.net.URLConnection; import java.security.cert.X509Certificate; public class Main{ public static void sendSoapRequest() throws Exception { String SOAPUrl = "URL HERE";

问题 I have an issue creating a valid CMS signature with Bouncy Castle using a trusted timestamp. The signature creation works well (I want to include the signature to a PDF file), the signature is valid. But after I include a trusted timestamp to the signature's unsigned attribute table, the signature still stays valid, but the Reader reports that The signature includes an embedded timestamp but it is invalid . This leads me to believe, that the hash I timestamp is not the correct one, but I

问题 If I set a timestamp with signing, what happens? What if I don't set? Is it essential? Why is it recommended? 回答1: Timestamping is used to specify time when the digital signature is made. This is needed to properly validate the signature. If signature timestamp is present, the application which validates (verifies) the signature, will check whether the certificates involved into signature validation were valid at the moment of signing. If there's no timestamp for the signature, certificate

问题 I am trying to implement a timestamp request as seen here: http://bouncy-castle.1462172.n4.nabble.com/Timestamp-request-and-response-td1558231.html In j2se it works fine, but on android I get an IllegalAccessError. Logcat output : FATAL EXCEPTION: main java.lang.IllegalAccessError: tried to access method org.bouncycastle.asn1.DERBoolean.<init>:(Z)V from class org.bouncycastle.tsp.TimeStampRequestGenerator at org.bouncycastle.tsp.TimeStampRequestGenerator.setCertReq(Unknown Source) at org.ats

问题 I don't understand at the moment how countersignings work. I'm thinking about is it possible to manipulate a file and resign it with the orginal key including a faked countersign? I'm using e.g.: signtool.exe sign /f "mycert.pfx" /t "http://timestamp.verisign.com/scripts/timstamp.dll" /v "MyApp.exe" So will I get a signed application with a contersign. But how does that work? Does the "timestamp" server simple sign the current timestamp? If I understand right that would be allow a replay

问题 We signed our Java Web Start app with a code signing certificate from CA (Thawte). The signature is timestamped (we pass the -tca https://timestamp.geotrust.com/tsa argument to the jarsigner tool) to be valid after the certificate expires. At present, when the certificate is valid, the app works perfect. But when we try to change the local time forward to simulate expiration of the certificate then the app won't start. We get following exception: java.security.cert.CertificateException: java

问题 [ edit : I've written a blogpost that explains everything in detail: look here] Hi! I'm desperately trying to build a service for trusted timestamps based on rfc3161. I've decided to use the free trusted timestamp service at zeitstempel.dfn.de . My question is how i shall contact this service in order to receive a valid response. Regarding the request format, the RFC tells: TimeStampReq ::= SEQUENCE { version INTEGER { v1(1) }, messageImprint MessageImprint, --a hash algorithm OID and the

问题 I'm trying to implement tsa server on python using twisted. Currently I'm using openssl binary to generate response, but this seems ugly to me, that's why I'm trying to figure out how to make response token with m2crypto. Thanks in advance for help! Maris. EDITED: how to achieve with m2crypto?: openssl ts -reply -section tsa_config1 -queryfile query.tsq -out response.tsr 回答1: M2Crypto does not yet wrap those pieces of openssl, so you can't use M2Crypto for what you are using the openssl

问题 I have just got my code signing certificate from StartSSL and am trying to sign our installer. The signing process goes well and I get an installer exe that Windows no longer complains about being from unknown publisher. This is great! However I tried to make sure that the timestamping also works as advertised so I moved my PC date to 2012, after my code signing certificate expiration date. This supposedly should not make any difference but when I run the same installer exe I now get the same