Dosyalar · 86796f127b15fd33374f2a18344dc944b7b8314d · LibreOffice / core

tdf#84881: Try to fix "The signature includes an embedded timestamp but ... · 86796f12

Tor Lillqvist Şub 25, 2015 yazdı

... it could not be verified"

I got some insight reading this question and reply on stackoverflow:
http://stackoverflow.com/questions/18761993/steps-to-include-timestamp-in-pdf-signature

I had been doing the timestamping wrong in the same way: I had timestamped the
hash of the PDF document, not of the signature. That is wrong. If you think
hard, it is obvious: It is the (rest of the) signature that needs an
authenticated timestamp, not the PDF document contents. After all, if the
document contents is timestamped, but not the signature, that doesn't prevent
tampering with the signature after the timestamping. When you timestamp the
signature, that proves the date of the signature. (And the signature proves
the authenticity of the document contents.)

So I had to re-engineer the code a bit. I create two originally identical NSS
CMS messages with signatures, encode one signature into DER, take the hash of
the signature, get a timestamp from the TSA for that hash. Then I add that
timestamp to the other CMS message as an unsigned attribute of its signature,
sign it, encode it, convert to hex, and store it the document.

(I first tried to use just one CMS message, but NSS stopped with an assertion
when I tried to encode the signature of the same message a second time, after
adding the timestamp attribute to the signature. Go figure.)

(I did verify the the encoded signatures, taken from what should be identical
but separate CMS messages, was in fact identical. So I am fairly sure the idea
described above is sound.)

But, it doesn't help. Adobe Reader still complains "The signature includes an
embedded timestamp but it could not be verified".

Change-Id: I4e4cd0443005e82f597586942badc7145ef64160

86796f12

Adı	Son kayıt (commit)	Son güncelleme
.git-hooks		Loading commit data...
UnoControls		Loading commit data...
accessibility		Loading commit data...
android		Loading commit data...
animations		Loading commit data...
apple_remote		Loading commit data...
avmedia		Loading commit data...
basctl		Loading commit data...
basebmp		Loading commit data...
basegfx		Loading commit data...
basic		Loading commit data...
bean		Loading commit data...
bin		Loading commit data...
binaryurp		Loading commit data...
bridges		Loading commit data...
canvas		Loading commit data...
chart2		Loading commit data...
clew		Loading commit data...
cli_ure		Loading commit data...
codemaker		Loading commit data...
comphelper		Loading commit data...
compilerplugins		Loading commit data...
config_host		Loading commit data...
configmgr		Loading commit data...
connectivity		Loading commit data...
cppcanvas		Loading commit data...
cppu		Loading commit data...
cppuhelper		Loading commit data...
cpputools		Loading commit data...
cui		Loading commit data...
dbaccess		Loading commit data...
desktop		Loading commit data...
dictionaries @ e68d0668
distro-configs		Loading commit data...
drawinglayer		Loading commit data...
dtrans		Loading commit data...
editeng		Loading commit data...
embeddedobj		Loading commit data...
embedserv		Loading commit data...
eventattacher		Loading commit data...
extensions		Loading commit data...
external		Loading commit data...
extras		Loading commit data...
filter		Loading commit data...
forms		Loading commit data...
formula		Loading commit data...
fpicker		Loading commit data...
framework		Loading commit data...
helpcompiler		Loading commit data...
helpcontent2 @ 649cf890
hwpfilter		Loading commit data...
i18nlangtag		Loading commit data...
i18npool		Loading commit data...
i18nutil		Loading commit data...
icon-themes		Loading commit data...
idl		Loading commit data...
idlc		Loading commit data...
include		Loading commit data...
instsetoo_native		Loading commit data...
io		Loading commit data...
ios		Loading commit data...
javaunohelper		Loading commit data...
jurt		Loading commit data...
jvmaccess		Loading commit data...
jvmfwk		Loading commit data...
l10ntools		Loading commit data...
librelogo		Loading commit data...
libreofficekit		Loading commit data...
lingucomponent		Loading commit data...
linguistic		Loading commit data...
lotuswordpro		Loading commit data...
m4		Loading commit data...
mysqlc		Loading commit data...
nlpsolver		Loading commit data...
o3tl		Loading commit data...
odk		Loading commit data...
offapi		Loading commit data...
officecfg		Loading commit data...
oovbaapi		Loading commit data...
oox		Loading commit data...
opencl		Loading commit data...
osx		Loading commit data...
package		Loading commit data...
postprocess		Loading commit data...
pyuno		Loading commit data...
qadevOOo		Loading commit data...
readlicense_oo		Loading commit data...
registry		Loading commit data...
remotebridges		Loading commit data...
reportbuilder		Loading commit data...
reportdesign		Loading commit data...
ridljar		Loading commit data...
rsc		Loading commit data...
sal		Loading commit data...
salhelper		Loading commit data...
sax		Loading commit data...
sc		Loading commit data...
scaddins		Loading commit data...
sccomp		Loading commit data...
scp2		Loading commit data...
scripting		Loading commit data...
sd		Loading commit data...
sdext		Loading commit data...
setup_native		Loading commit data...
sfx2		Loading commit data...
shell		Loading commit data...
slideshow		Loading commit data...
smoketest		Loading commit data...
solenv		Loading commit data...
soltools		Loading commit data...
sot		Loading commit data...
starmath		Loading commit data...
stoc		Loading commit data...
store		Loading commit data...
svgio		Loading commit data...
svl		Loading commit data...
svtools		Loading commit data...
svx		Loading commit data...
sw		Loading commit data...
swext		Loading commit data...
sysui		Loading commit data...
test		Loading commit data...
testtools		Loading commit data...
toolkit		Loading commit data...
tools		Loading commit data...
translations @ add7a7e0
tubes		Loading commit data...
ucb		Loading commit data...
ucbhelper		Loading commit data...
udkapi		Loading commit data...
unodevtools		Loading commit data...
unoidl		Loading commit data...
unoil		Loading commit data...
unotest		Loading commit data...
unotools		Loading commit data...
unoxml		Loading commit data...
ure		Loading commit data...
uui		Loading commit data...
vbahelper		Loading commit data...
vcl		Loading commit data...
winaccessibility		Loading commit data...
wizards		Loading commit data...
writerfilter		Loading commit data...
writerperfect		Loading commit data...
xmerge		Loading commit data...
xmlhelp		Loading commit data...
xmloff		Loading commit data...
xmlreader		Loading commit data...
xmlscript		Loading commit data...
xmlsecurity		Loading commit data...
.gitattributes		Loading commit data...
.gitignore		Loading commit data...
.gitmodules		Loading commit data...
.gitreview		Loading commit data...
COPYING		Loading commit data...
COPYING.LGPL		Loading commit data...
COPYING.MPL		Loading commit data...
Library_merged.mk		Loading commit data...
Library_urelibs.mk		Loading commit data...
Makefile.fetch		Loading commit data...
Makefile.gbuild		Loading commit data...
Makefile.in		Loading commit data...
README.Android		Loading commit data...
README.Code		Loading commit data...
README.Solaris		Loading commit data...
README.cross		Loading commit data...
Repository.mk		Loading commit data...
RepositoryExternal.mk		Loading commit data...
RepositoryFixes.mk		Loading commit data...
RepositoryModule_build.mk		Loading commit data...
RepositoryModule_host.mk		Loading commit data...
TEMPLATE.SOURCECODE.HEADER		Loading commit data...
autogen.sh		Loading commit data...
config.guess		Loading commit data...
config.sub		Loading commit data...
config_host.mk.in		Loading commit data...
configure.ac		Loading commit data...
download.lst		Loading commit data...
g		Loading commit data...
install-sh		Loading commit data...
leak-suppress.txt		Loading commit data...
lo.xcent.in		Loading commit data...
logerrit		Loading commit data...
unusedcode.README		Loading commit data...
unusedcode.easy		Loading commit data...
unusedcode.exclude		Loading commit data...