I want to use timestamp for my signature xml, pdf. I have read some document about timestamp, but I don't understand how to create or add a timestamp signature on a client. (I don't talk about how to create timestamp on server).
I want to know how to create a timestamp signature on client: client receives timestamp from TSA Server, client attaches timestamp to data. Then client signs data+timestamp to create a timestamp signature OR client signs data => creates signature then receive timestamp and attach timestamp to signature => create timestamp signature.
What's the correct way create timestamp signature in 2 those ways? Can you help me answer it And What's way Your product using? Can you give me some document for this issuer?
Both orders of making a time stamp and a signature can make sense
Signature with content time stamp: You first time stamp the document, then you add the time stamp to the attributes to sign, and finally you sign the document and those attributes.
Using this construct you can prove that
Signature with signature time stamp: You first sign the document, then you time stamp the actual signature value, and finally you add this time stamp to the unsigned attributes of the signature.
Using this construct you can prove that
Which of these options you use, depends on what you want to be able to prove later. The second option, the signature with signature time stamp, is used more often.
Actually even the combined construct, a signature with both a content time stamp and a signature time stamp, makes sense. It in particular allows you to prove that the signature has been created between the time of the content time stamp and the time of the signature time stamp. If these entities have been created in short order, you can pinpoint the provable signing time very precisely.