Can't timestamp using a TSA server

Report · May 14, 2025

Hello,

I have been trying to timestamp a document using a tsa but can't due to this error SigValue is 729 bytes than exepected.

Here are some details about the TSA Responder Certificate:

It's using a key length of 3072 RSA

The private keys are generated in a hardware security module

Has someone experieced this issue before?

The issue at hand is the way Adobe parses the responses because on the server side, i can see that a timestamping token was generated.

Report · May 14, 2025

on the server side, i can see that a timestamping token was generated.

Can you share an example timestamp as generated on that server?

Report · May 14, 2025

Hello here is an example of a file that i was able to sign on another tool.

Report · May 15, 2025

The timestamp embedded in that PDF looks ok.

BUT it has a size of nearly 7000 bytes. Probably this is larger than Acrobat expects timestamps to be. And as Acrobat has to reserve space for embedding the timestamp before requesting it, a larger than expected time stamp results in a timestamping error.

According to the Preference Reference for Acrobat and Acrobat Reader section "Security", subsection "TimestampServer: Default", entry "iSize" (last entry) it should be possible to change this expected timestamp size by adding/changing a registry entry (if you're using Windows, that is).

The full path for the iSize value should be something like

HKEY_CURRENT_USER\Software\Adobe\(product name)\(version)\Security\cASPKI\cAdobe_TSPProvider

with (product name) and (version) matching your setup.

A value of 7000 decimally should currently suffice for the timestamps you receive.

Report · May 15, 2025

Hello Mikel,

Thank you !

I have looked into this issue multiple times and couldn't get this work.

Is it possible to confirm if i should add a key/String or binary and set it to iSize = 7000

Report · May 15, 2025

Hello i was able to get it work. Thanks a lot. You're a life saver!

Is it possible to help with this error too?

I have reconfigured the server to only accept requests that are using a TLS authentication. Is it possible to give the registry values i need to add?

Report · May 15, 2025

Hello i was able to get it work.

Great! 👍

Is it possible to help with this error too?
I have reconfigured the server to only accept requests that are using a TLS authentication. Is it possible to give the registry values i need to add?

Unfortunately I have no idea. I didn't find any configuration item for setting a client certificate, only user/password, so I assume certificate based authentication is not an official feature of Adobe Acrobat timestamp retrieval. Actually, I'm not really aware of certificate based timestamp retrieval authentication in any software. But I haven't really looked for that in the first place, so it's possible I simply missed it.

Report · May 15, 2025

Hello Mikel,

Thanks you for the response! I will try to look into it.

Can't timestamp using a TSA server

1 Correct answer