Dear all,
I wanted to make my own pdf timestamp server. Therefore, I went ahead and did it in python. After receiving the initial has from adobe, I used ecdsa to sign it and append a timestamp. Then, I send the timestamp, the certificate and the digital signature to the adobe pdf client. However, this give me an error as shown in the image attached. Kindly advise.`
6
Replies
Actually, what exactly does the adobe client send for the timestamp? I am not sure I understand the hash completely.
This is what I see:
1. The first 24 bytes are same for all pdf. So I am guessing this is the algorithm identifier, and version etc.
2. The last 3 bytes are same too.
3. The remaining bytes in between are different hashes, even if I use the same pdf again.
So, what I did was I appended the timestamp to this different hash portion and sent it back to the adobe client. Then, I get the BER decoding error.
Is this the right way to proceed?
I guess you should start by studying RFC 3161 before implementing a timestamp server.
There you'll find exact specifications of the request and the response. In particular you'll see that not only the hash in the request may change but also a nonce value.
Also you'll see that the response does not append the timestamp to the hash but that the hash and the nonce are embedded in the signed part of the timestamptoken.
----
Concerning
How do I supply the response of the service to adobe reader for analysis?
You should create a tcpdump of the traffic between Adobe Reader and the timestamp server and provide that, making sure that only the related traffic is included.
Would you happen to know of any opensource Timestamp server codes available, or any code source at all available that could be provided so that I may take a look?
Unfortunately no. Googling around you may find some such projects but I don't know whether any good are among them.
I can only suggest working along the lines of the RFC 3161. It is pretty straight forward.
AdChoices