Can I enable LTV into PDF just added timestamp

Hi Ryoichi Fukushima,

Kindly please share the below requested information to check the issue on our end. It will helpful for us to provide a solution.

• Simple sample with replication steps
• Input document, certificate with password,
• Output document (both scenarios)
• Product version.
  
  

Regards,

Gowthamraj K

Hi  Gowthamraj,

Ok, I'll attach sample of this issue bellow.

In scenario1, you have to install "test.pfx" into the trusted root certification authorities certificate store.

If you don't install it, "This is a sample_signed.pdf" has no "Signature is LTV enabled." indicate.

Product and version is  Syncfusion.Pdf.WinForms Ver.20.1.0.55.

Thank you,

Fukushima, Ryoichi

//Creates a certificate instance from PFX file with private key
PdfCertificate pdfCert = new PdfCertificate(@"test.pfx", "test");

//Scenario 1 : Timestamp with signing and enabling LTV
MakeTimestamp( "This is a sample.pdf", "This is a sample_signed.pdf", pdfCert );

//Scenario 2 : Timestamp and enabling LTV
MakeTimestamp( "This is a sample.pdf", "This is a sample_timestamped.pdf" );

void MakeTimestamp(string org, string dest, PdfCertificate pdfCert = null)
{
    //Loads the PDF document with signature field
    PdfLoadedDocument document = new PdfLoadedDocument(org);

    //Gets the page
    PdfLoadedPage page = document.Pages[0] as PdfLoadedPage;

    //Creates a digital signature
    if( pdfCert != null )
    {
        PdfSignature signature = new PdfSignature(document, page, pdfCert, "Signature");
    }
    else
    {
    	PdfSignature signature = new PdfSignature(page, "Timestamp");
    }

    //Enable LTV on Signature
    signature.EnableLtv = true;

    //Adds time stamp by using the server URI and credentials
    signature.TimeStampServer = new TimeStampServer(new Uri("http://timestamp.digicert.com"));

    //Saves and closes the document
    document.Save(dest);
    document.Close(true);
}



I forgot to mention that I checked the generated PDFs with Adobe Acrobat Pro DC 32bit Ver. 2022.001.20117.

Hi Ryoichi Fukushima,

We have tried to reproduce the reported issue with the provided details in our end, but it is working properly. Both the signed pdf and the timestamp added document has LTV enabled. We have attached the comparison table for the output pdf document generated in our end with the output document provided by you. Please find the details below:

Regards,

Irfana J.

Hi Irfana,

Your "Timestamp added with signed document" falls under the Scenario 1 I mentioned. I think it's fine, too.

My Scenario 2 is adding Timestamp and enabling LTV WITHOUT a signing.

Your library is able to add timestamp without a signing. It's also fine, excluding about LTV.

In scenario 2, although I set PdfSignature.EnableLtv is true, the saved PDF is disable LTV.

I think that's a problem. Because I think "a document timestamp signature" is a signing too, so It's having expire date.

And if LTV is disabled, I wouldn't the file no longer be verifiable once the document timestamp signature expires, would I?

If I have misunderstood something, please point it out.

Thank you,

Ryoichi.

Scenario 1 (Timestamp added with signed document) It's fine.
Scenario 2 (Timestamp added WITHOUT a signing document) It isn't my wanted output.

Hi Ryoichi Fukushima,

On further analyzing the code snippet and the details provided by you, we understand that you are trying to enable LTV without singing a document with certificate file. It is not possible to enable LTV without singing a document with certificate file. We request you to try signing the document with a certificate file. Please try this in your end and let us know if it satisfies your requirement.

Please refer the below links for more information: 

https://help.syncfusion.com/file-formats/pdf/working-with-digitalsignature#enable-long-term-validation-ltv-pdf-signature

Please let us know if you need any further assistance in this.

Regards,

Irfana J.

Hi  Irfana, 

Thanks a lot for inspecting my code.
Unfortunately, I understood not to be able to add timestamp with enabling LTV without a signing by a cert file.

The following page on Stackoverflow has a similar request and an sample implementation in iTextsharp.

https://stackoverflow.com/questions/52331403/i-want-to-sign-a-pdf-document-with-itextsharp-and-return-ltv-pdf-enabled-file/52447274

I tried that code and got the result I wanted.
So I attached a PDF file with timestamp only and the result for your reference.

I would be really happy if you could implement it in the next version of your library that I love.

Thank you so much, Irfana-san and Gowthamraj-san.
I hope to have a nice weekend.

Best regards,
Ryoichi

Hi Ryoichi Fukushima,

Thank you for sharing the details. We will check this provided solution from this article on our end and we will update the further information on June 15^th 2022.

Regards,

Irfana J.

Hi  Irfana-san, 

Really!

I'm so happy that you all are even considering it.

I look forward to the next update.

Thank you,

Ryoichi.

Hi Ryoichi Fukushima,

Thank you for your patience,

We have prepared the sample for your requirement by creating Long Term Validation (LTV) externally from timestamp certificates with help of Bouncy Castle. Please try the below sample on your end and let us know whether it satisfies your actual requirement. 

Sample: https://www.syncfusion.com/downloads/support/directtrac/general/ze/ConsoleApp-1638963260.zip

Please refer to the below UG documentation about create LTV externally,

https://help.syncfusion.com/file-formats/pdf/working-with-digitalsignature#create-long-term-validation-ltv-when-signing-pdf-documents-externally

Regards,

Gowthamraj K

Hi  Gowthamraj-san,

It is soooo amazing!!

This is exactly the solution I was looking for.

In the TimeStamp function, what you set for byte[] data and Authorization header is dummy text, right?

I think I probably understand what you are doing with that sample.

This code will allow me to move forward with my project.

I really appreciate you all's help so far.

Thank you, thank you very much, I can't thank you enough.

Ryoichi.

Hi Ryoichi,

Regards,

Irfana J.