Search code examples
pdfdigital-signaturetrusted-timestamp

VRI for Signature TimeStamp

I've got a doubt about how to create the VRI entry for a timestamp that's inside a PAdES signature.

Let's suppose there is a pdf document with a Signature and this signature has an embed timestamp.

Example:

\Sig
[...]
\Contents <1234567890ABCDEF[...]>
[...]
Type \DSS
\VRI <<
     \Hash1 object1
     \Hash2 object2
>>
[...]

Hash1 is easy to calculate: It's the whole signature hash, including the timestamp ( 1234567890ABCDEF[...] )

But Hash2... What should I use to calculate it? In the ETSI document, it's written like this (PAdES LTV Profile - Part 4 - V1.1.2 page 12):

For a Time-stamp's signature it is the bytes of the Time-stamp itself since the Time-stamp token is a signed data object

But I must say that didn't help a lot. Is it the timeStampToken? Only the content? What is "The time-stamp itself"?

Does anyone know any document that clarifies this? Reference implementation

Solution

  • The definition you quote

    For a Time-stamp's signature it is the bytes of the Time-stamp itself since the Time-stamp token is a signed data object

    is from the ETSI TS which first defined pades LTV structures.

    This TS meanwhile has been superseded by the ETSI EN 319 142-1 where the definition was reformulated as:

    For document signatures or document time-stamp signatures the bytes that are hashed shall be those of the complete hexadecimal string in the entry with the key Contents of the associated Signature Dictionary containing the signature's DER-encoded binary data object (e.g. PKCS#7, CMS or CAdES objects).

    Thus, for document time stamps simply proceed just like for regular signatures.

    By the way, the same norm specifies:

    The VRI dictionary should not be used. The inclusion of VRI dictionary entries is optional. All validation material referenced in VRI entries is also referenced in DSS entries

    So you might not need these entries at all.

    I just realised that you supposed

    there is a pdf document with a Signature and this signature has an embed timestamp.

    An embedded timestamp admittedly is not subject to the quote above. But indeed the time stamp token is a ContentInfo object wrapping a SignedData object, just like a regular CMS signature container. Thus, the time stamp token is the object to hash.