pkcs7 with timestamp

Question

I am looking at it for a day now, and I am still baffled. I want to add digital signature to a PDF with timestamp from a TSA (TimeStamp Authority).

I am okay with sending the request to a TSA and receiving a binary response, but how do I append that timestamp to my pkcs7 digital signature.

I am using PHP with TCPDF and the openssl_pkcs7_sign() function. Do I need to to add the timestamp as an extra certificate? Thanks!

Hi, i'm stuck with the same issue. Did u manage to solve it on your own ? — parser_failed, Jan 08 '13 at 09:39
Hi! Unfortunately the only thing I found out was that it is not yet possible (or it is significantly hard to do) in PHP, so better to use BouncyCastle with Java, and tie it together with PHP. — dande, Jan 13 '13 at 19:31

score 0 · Answer 1 · answered Oct 26 '17 at 17:15

I have created a simple library project called phpcmstimestamper precisely for this purpose, and you can use it like this:

<?php
$originalCmsAsPem = "-----BEGIN CMS-----
MIIFiAYJKoZIhvcNAQcCoIIFeTCCBXUCAQExDTALBglghkgBZQMEAgEwHQYJKoZI
...
1lUaWopfF7uZf5LXZt2Ru5UPr+51ULJRcEeUTA==
-----END CMS-----";
$updatedCms = CmsTimestamper::addTimestampToCms($originalCmsAsPem, "http://tsa.starfieldtech.com");

You can get more details and a fully working example at https://github.com/hablutzel1/phpcmstimestamper.

score -2 · Answer 2 · answered Mar 13 '17 at 19:28

-2

With PHP is not possible, afraid. I would do it in a C++ server side pkcs#7 builder.

answered Mar 13 '17 at 19:28

Michael Chourdakis

10,345
3
42
78

Your answer may be right, but it would be better if you included a code sample and explanation to show the OP *how* to solve the problem. – Ian Oct 26 '17 at 17:57
He has not asked for it, but here is the C++ solution: https://www.codeproject.com/Articles/1114232/Cplusplus-MIME-A-simple-single-header-parser-an – Michael Chourdakis Oct 27 '17 at 19:14

pkcs7 with timestamp

2 Answers2