Extend Signature Handling with Timestamp Support #3
Conversation
src/foundation/src/PDFsharp/src/PdfSharp/Pdf.Signatures/DefaultSigner.cs
Outdated
Show resolved
Hide resolved
| if (timestampToken != null) | ||
| { | ||
| AsnEncodedData timestampTokenAsnEncodedData = new AsnEncodedData(new Oid("1.2.840.113549.1.9.16.2.14"), timestampToken); | ||
| signer.UnsignedAttributes.Add(new CryptographicAttributeObject(new Oid("1.2.840.113549.1.9.16.2.14"), new AsnEncodedDataCollection(timestampTokenAsnEncodedData))); |
There was a problem hiding this comment.
I read from https://datatracker.ietf.org/doc/html/rfc3126#section-3.12.4 that timestamp must be a signed attribute, but you put it in unsigned attributes. Is it an error or is there a reason?
There was a problem hiding this comment.
You are right, this need to be fixed.
The document you have referenced is obsoleted by RFC 5126 (CMS Advanced Electronic Signatures - CAdES), and Section 5.11.4 states that "The content-time-stamp attribute shall be a signed attribute".
The PAdES standard references CAdES in regards of timestamp attributes (Sections 5.2.2 and 5.3.3 of this document).
It says that signatures can optionally include timestamps, which are recomended.
src/foundation/src/PDFsharp/src/PdfSharp/Pdf.Signatures/PdfSignatureHandler.cs
Outdated
Show resolved
Hide resolved
|
Hi @quecot Thank you for your contribution, it's an interesting feature that we would be interested in as well. I've done an initial code review and left some remarks. I have additional questions though:
|
|
Thank you for reviewing my contribution and for your feedback, @julienrffr. I will take into account the comments in the code review and update you on that soon. Regarding your questions, my goal is to integrate timestamping into PDF signatures, utilizing a Time Stamp Authority (TSA). While I am not entirely familiar with all the nuances of PDF signature standards, I am eager to develop a solution that adheres to established protocols, potentially aligning with PAdES requirements. For generating the timestamp, I have implemented a custom TimestampService that leverages the BouncyCastle.Cryptography library along with HTTP requests to interact with a TSA. You can find the code and an example of its use in this gist. I am more than willing to adapt and integrate this code into the project if it aligns with the project's goals and standards. |
|
OK nice, PADES is a goal of ours too. We could consider embedding the code from the TimestampService as well, as it uses the same lib (BouncyCastle) that is already used in this branch. It would have to be netstandard2.0 compatible though (I did not check). What is the data 'dataToTimestamp' that is passed to this service exactly? |
|
As I said, I'm very new to C# and .NET so I don't know the answer to the netstandard2.0 compatibility question. This could be improved in the TimestampService or be left for users to decide. As reference, the hash is obtained like this: var digest = new Org.BouncyCastle.Crypto.Digests.Sha256Digest();
byte[] hash = new byte[digest.GetDigestSize()];
digest.BlockUpdate(dataToTimestamp, 0, dataToTimestamp.Length);
digest.DoFinal(hash, 0); |
We should dig the PADES specs to know what is the data to timestamp. Let me know if you find some answers for this. |
|
By the way, please set branch https://github.com/KDS/PDFsharp/tree/signature-feature as the target for this PR. |
|
Hello, as per your last question about
This ensures the document's hash remains consistent before and after the signature is added. This approach aligns with your suggestion that the data to timestamp is essentially the document minus the reserved space for the signature. |
@quecot please rebase your branch on KDS:signature-feature
|
|
Hi @julienrffr, I'm not very experienced with rebasing and merge conflict resolving. I've tried to perform the rebase, but found many conflicts that need manual resolving and I don't want to mess anything up as I don't fully know the project. Could you lend me a hand? Thanks |
|
@quecot
|
quecot
force-pushed
the
signature-timestamping
branch
from
2164c05 to
ab35a86
Compare
|
@julienrffr |
|
Hi @quecot, |
|
I've made some reading and it appears tha tthe timestamp should actually be:
Space needed to host this timestamp token should be taken into account when we reserve some space in the PDF. This is already done because the timestamp is added to the signature in the GetSignedCms method. Interesting reads to accomplish this: Free TSA to test: Note for steps beyond: in order to achieve PADES compliant signing, we will also be missing the /Certs element in the DSS dictionary. |
|
Hi @quecot I've made some more tries, and thanks to this article I was able to implement a working timestamp feature for the DefaultSigner. Just pass the TSA uri as a 2nd parameter to DefaultSigner, and it will retrieve and attach the timestamp to the signature. Note: it seems that TSA http response content varies randomly between calls. I used "https://freetsa.org/tsr" (free TSA) for my tests, and response varies 1 byte from a call to another. It has to be fixed. |
|
Hi, @julienrffr I tried the code in the From Adobe Reader, I can see the signature is valid and includes the timestamp: Also the TSA certificate is embedded, too: However, when I run the signed PDF through this service, the signature fails validation, which does not happen with documents signed with iText7 with timestamp or with PDFsharp-extended without the timestamp.
I don't fully know how the validation is performed in this website, but maybe this is something we can look into! As per your request of PM communication and document sharing you can email me at [email protected], if that works for you. Thanks for the shown interest and the hard work! |
|
Hi again, I found this other service that provides a detailed report on signed documents, which I'm sure will be useful for our purposes: |
|
Hi @quecot |
Fixed with last commit 8a90349 |
Hi @julienrffr, I tried with both freetsa and globalsign. I believe the issue is not with the TSA certificate. It's fair if a warning appears if the TSA certificate is not trusted by my computer. My concern is that validation tools like the ones I shared show more issues with the signature integrity in their reports. |
|
@quecot |
|
Sure thing, please provide an email address or email me at [email protected] |
This PR introduces timestamp support in PDFSharp-extended's signature handling.
Key Changes:
GetSignedCmsmethod inDefaultSignerandBouncySigner(TODO) to support timestamp tokens.PdfSignatureHandlerto process signatures with optional timestamp tokens.ISignerinterface to accommodate the new method signature.Benefits:
These enhancements enable the creation of verifiably timestamped signatures in PDF documents, meeting requirements for document integrity and authenticity in sensitive use cases.
Motivation:
Identified the need for timestamped signatures in a project and implemented this feature to fill the gap, hoping to contribute a valuable addition to the PDFSharp community.
I'm new to C# and open-source contributions and look forward to feedback and suggestions to refine this feature.
Thank you.