I'm trying to get a Time Stamping token from a server, and apply this token to a PDF file that will be signed later.
I'm asking if someone has already works with a similar concept using java
I have some information about the TimeStamping Authority (TSA) such as:
- Policy : 1.2.504.1.1.1.1.1.3.1.1
- Format : RFC 3161
- Algorithm : SHA1 associated with RSA with 2048 bits.
- UTC timezone
How to get the certified date and put it in the PDF file?
your question can be decoupled in two sub-questions:
how to generate a signature according to a Time-stamp protocol (TSP) describe in RFC 3161
how to integrate the signature to a PDF file?
Sub-question 1: To solve the first question, you need two stakeholders: a TSP client and a TSP server. A client must sent a request to a server (like every client-server communication) and the server send back a response to the client. Like you already mentioned a TSA (Time Stamping Authority) has the responsibility to handle the request. The challenge is to be able to send a request to TSA server. I call it challenge because the construction of the request according to TSP is complex. Each client request must be formatted as TimeStampReq (see RFC 3161 section 2.4.1) and TSP extends also a standard called Cryptographic Message Syntax (CMS), which is describe in RFC 5652. To help you at this stage you can use one cryptographical library such as BouncyCastle or Eldos, which implement CMS and/or TSP specifications in Java and/or C#.
The BouncyCastle is my favorite i have already use it. It will make the following task for you out of the box:
Sub-question 2: this step is not necessary to assure the integrity of the document or the Time-Stamp itself. You can store a created Time-Stamp and signed PDF/Document separately. I'm not a PDF expert. But i know that it's possible to embedded a digital signature into it. I'm not able to tell you which format of digital signature(s) is/are supported by which version of PDF and how to integrate it into a PDF.