Comments (4)
Yes, if everything is done correctly, Acrobat should display "The signature includes an embedded timestamp".
And you're quite right that timestamp validation is important :)
from pyhanko.
That's an excellent question, and one that I should probably address more fully in the documentation.
The short answer is: yes, pyHanko supports embedding timestamps, and here's how to get that to work.
The slightly longer answer is that, as the diagnostic message in Acrobat implies, the point of embedding timestamps is to ask a trusted third party to tell you what time it is, instead of forcing the signature's validator to take your word for it. In order to do that, you basically need to tell pyHanko who to ask. There's no "default" way to get timestamp tokens, so unless you provide pyHanko with a TSA endpoint, it'll just put the time on your computer's clock into the signature container.
The way this works on the technical level is by sending a digest of the signature to a time stamping authority, who will reply with a signed, timestamped statement that certifies that the signature existed at that time. This token is then stapled to the signature. There are quite a few widely trusted timestamp authorities that provide their services to the public for free. You can find a list of those here (note: possibly some of these are no longer operational, I haven't tried them all). Alternatively, if you're working with government paperwork, chances are that your government PKI also supplies a TSA service.
EDIT: upon rereading your question, you seem to be asking why Acrobat is rejecting your timestamp token. That could be for any number of reasons, but you can probably figure out what the problem is by inspecting the signature properties (Acrobat provides pretty detailed reporting on trust validation if you know where to look). It could be that the TSA you used isn't trusted by Acrobat by default, but I don't know by heart whether that would generate the same status message.
I'll leave the answer up anyway for future reference :)
from pyhanko.
Hi, @MatthiasValvekens!
Thanks for the fast support :)
Hmmm, strictly speaking, my question is different. I don't think I was clear enough, sorry. To put it in other terms:
If all the assumptions made are true (correct encoding, correct implementation of the time stamp, TSA trusted according to Adobe etc), the output PDF from pyHanko would be “certifiable” (ie, Adobe would show the message that The signature includes an embedded timestamp)? Or, even so, with everything “right” according to pyHanko, Adobe would still show the message that signature date/time are from the clock on the signer’s computer?
More directly: are there any a priori known limitations between pyHanko's PDF output and Adobe's timestamp validation?
I know that for many this would be a silly, trivial validation - and that's why they don't even check it. But in my case it is essentially important. Hence the question.
from pyhanko.
I'll close this question now, feel free to reopen if you encounter related issues later.
from pyhanko.
Related Issues (20)
- Test fail if no timezone is set on system HOT 1
- Needs a requirements.txt file HOT 5
- TextStamp applied after signature invalidates the previous signature HOT 1
- PDFs where Root -> AcroForm is a broken reference (resolves to a NullObject) fails to parse HOT 2
- cli --no-strict-syntax missing HOT 2
- Signature faulty with rotate_with_page = False on rotated pages/pdfs HOT 1
- non-ascii(chinese) characters not disaplying correctly when generating default signature appearance HOT 1
- enhance document to provide concret example for specifying the page and coordinates of the signature field HOT 2
- can't install pyhanko because of uharfbuzz depending on cython HOT 8
- Validating signature with embedded timestamp fails on 0.19.0 HOT 1
- Cannot install using pip HOT 3
- Link signature certificate HOT 1
- Link to the documentation in description HOT 1
- stamp font and position is inverted for some PDFs. HOT 5
- [pyhanko-certvalidator] PEM certificate not getting extracted due to incorrect Content-Type header HOT 3
- [pyhanko-certvalidator] Ability to skip nonce validation in OCSP response HOT 3
- Expose encryption dictionary in PdfFileReader as instance variable HOT 9
- The Coordinates Not Set Properly HOT 3
- LICENSE.PyPDF2 missing from wheel distributions HOT 3
- Add digital signature is broken for PDF file larger than 100 000 000 bytes HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pyhanko.