I need help - I can help - SetSignProcessTimestampURL with login and password

SetSignProcessTimestampURL with login and password

Printed From: Debenu Quick PDF Library - PDF SDK Community Forum
Category: For Users of the Library
Forum Name: I need help - I can help
Forum Description: Problems and solutions while programming with the Debenu Quick PDF Library and Debenu PDF Viewer SDK
URL: http://www.quickpdf.org/forum/forum_posts.asp?TID=3807
Printed Date: 07 May 25 at 5:40PM
Software Version: Web Wiz Forums 11.01 - http://www.webwizforums.com

Topic: SetSignProcessTimestampURL with login and password

Posted By: Rogerio
Subject: SetSignProcessTimestampURL with login and password
Date Posted: 22 Apr 20 at 7:48PM

Hello,

In version 17, the time stamp process (windows) was implemented, excellent, as was disclosed:

"On Windows, a new function (SetSignProcessTimestampURL) allows digital signatures to be counter-signed using a timestamp server. This grants the signature validation into the future past the expiry date of the signing identity certificate."

But I have not found a reference on how to use a time stamp server URL with login and password, which normally everyone uses.

Here is my test code (VB):

Dim QP As New DebenuPDFLibraryAX1711.PDFLibrary
Dim iDf12 As Long
Dim iDf13 As Long
Dim iDfopt As Long
        
    iDf1 = QP.NewSignProcessFromFile ("C:\TEMPS\Temp01\tt\doc2sign.pdf", "")
    
    If iDf1 <> 0 Then
        
        QP.SetSignProcessPFXFromFile iDf1, "C:\Users\roger\Documents\cert_file.pfx", "mypass"
        QP.SetSignProcessInfo iDf1, "Good reason", "My location", "My info"
        QP.SetSignProcessField iDf1, "Signature_field"
        QP.SetSignProcessFieldBounds iDf1, 100, 600, 209, 191
        QP.SetSignProcessFieldImageFromFile iDf1, "C:\TEMPS\Temp01\pdfsigner.png", 0
        
        QP.SetSignProcessFieldPage iDf1, 1
        QP.SetSignProcessTimestampURL iDf1, "https://cloud.tsserversample.com.br/time-stamp/tsp", iDfopt
        QP.EndSignProcessToFile iDf1, "C:\TEMPS\Temp01\tt\file_signed.pdf"
        QP.ReleaseSignProcess iDf1 '// Releases a signature process from memory

        iDf13 = QP.GetSignProcessResult(iDf1)
        
        Select Case iDf13
            Case 1
            Debug.Print "The file was signed successfully"
            Case 2
            Debug.Print "Input PDF not found"
            Case 3
            Debug.Print "Input PDF cannot be read"
            Case 4
            Debug.Print "Input PDF password incorrect"
            Case 5
            Debug.Print "certificate Not file"
            Case 6
            Debug.Print "certificate file Is invalid"
            Case 7
            Debug.Print "Incorrect certificate password"
            Case 8
            Debug.Print "Unknown certificate format"
            Case 9
            Debug.Print "No private key found in certificate file"
            Case 10
            Debug.Print "Could not write output file"
            Case 11
            Debug.Print "Could not apply signature"
            Case 12
            Debug.Print "The signature field name was blank"
            Case 13
            Debug.Print "The input file cannot be signed because the 'NeedAppearances' flag is set to true"
            Case 14
            Debug.Print "Certificate not found in store"
            Case 15
            Debug.Print "The input file cannot be signed due to an xref table issue"
            Case 16
            Debug.Print "Could not apply timestamp to signature"
            Case Else
            Debug.Print "Unknow:" & iDf13
        End Select
        
    End If

--------------------------

Returns code 16.

Another test I carried out, on the SetSignProcessTimestampURL line I put the login and password in the URL:

        QP.SetSignProcessTimestampURL iDf1, "https://mylogin:mypassword@cloud.tsserversample.com.br/time-stamp/tsp", iDfopt

Returns code 16.

Another test was with the URL that does not require login and password:

http://sha256timestamp.ws.symantec.com/sha256/timestamp

it worked, but this server does not require login password.

Does anyone know how to use time stamp servers with login and password?

Thanks.

Replies:

Posted By: LuProch
Date Posted: 25 Jun 20 at 3:19PM

Hello,

I have basically the same problem as Rogerio. I am currently testing Quick PDF Library version 17 on Windows to find out whether it can sign a PDF with timestamp, using time stamp authority URL, login and password. The new SetSignProcessTimestampURL function is not documented in the https://www.debenu.com/docs/pdf_library_reference/SecurityAndSignatures.php" rel="nofollow - Function groups , but I found it in "Foxit Quick PDF Library 17.11 Reference Guide.pdf", which comes with the installation. There it says:

Sets the URL of a timestamp server to use during signing. This will only work when using the default MS Crypto API on Windows. Timestamping is not currently supported when using OpenSSL or on non-Windows platforms.

Parameters:

- SignProcessID - A value returned by the NewSignProcessFromFile.

- TimestampURL - The URL, including protocol identifier, of a timestamp server. For example, "http://sha256timestamp.ws.symantec.com/sha256/timestamp".

- Options - Reserved for future use, should be set to zero.

When I try it with the example URL, it works fine. When I try it with my testing URL, which also requires login and password, then return value is 16 and the signature is broken.

So is there a way to use it with login and password, maybe in some combination with MS Crypto API? Can anyone provide sample code? Or does Quick PDF Library currently support timestamping with URL only and I have to wait for future versions for a function that accepts URL, login and password?

Thanks for any response.

Posted By: tfrost
Date Posted: 25 Jun 20 at 3:43PM

I suspect that the reason the API does not support login/password is that there are so many reputable timeserver services that do not require authentication. I have tested at least half a dozen such, but this was for executable programs, not large production volume of PDFs. I have also looked at some that have a subscription and so require a login, but usually this could be entered in the URI. Have you enquired of your chosen service whether they can support entering credentials as part of the connection string?

Posted By: LuProch
Date Posted: 26 Jun 20 at 9:46AM

I found some documentation and it says that the request has to be send to server with POST method. So no changes in URL, I guess.

Posted By: LuProch
Date Posted: 02 Jul 20 at 2:23PM

I have also tried to send username and password with URL like this:

url?username=myName&password=myPassword

Tried some variations, didn't work.

For now I continue testing timestamp with example URL (http://sha256timestamp.ws.symantec.com/sha256/timestamp) and combinations of timestamp with other options:

- electronic signature with PFX certificate / with USB token
- invisible / visible signature
- PDF protected by password

Works mostly fine, but there is one issue. Signature with PFX certificate + timestamp works fine. Signature with USB token + timestamp seems fine, no error code, but when I open the resulting PDF in Adobe Reader, the signature properties say "The signing time comes from the clock on the author's computer." instead of "The signature contains an embedded time stamp.".