What are Timestamped Digital Signatures?

When creating a digital signature, it is possible to simply use the computer’s date and time. But this may not be valid in a lot of legal environments.

Time-stamp servers, also called Time Stamp Authorities (TSA), can provide a legal timestamp and there is a protocol to access the servers and get the timestamp back.  Many security standards (in Europe for instance) require this added level of security to encrypt administrative and legal documents.  Timestamps are essentially encapsulated in another certificate signed by the authority which contains both the customer’s and the time-stamp server’s signatures.

Support for Timestamped Digital Signature in Qoppa’s PDF library products

The Bouncy Castle libraries, which Qoppa’s products rely on for encryption, do support this protocol and so we added support this in our libraries as well in version 2013R1.

Starting version 2013R1, it is possible to apply and verify digital signatures with a time-stamp authenticated by a trusted, independent authority using the following Qoppa’s java PDF library products:

  • jPDFSecure, jPDFProcess (Java PDF Libraries): Apply and verify PDF digital signatures with time-stamp.
  • jPDFNotesjPDFEditor (Java PDF Visual Components): Apply and verify visually PDF digital signatures with time-stamp.
  • jPDFViewer (Java PDF Visual Component): Verify visually PDF digital signatures with time-stamp.

To apply a digital signature with a timestamp, it is as simple as setting up the parameters for the timestamp server in the new TimeStampServer class and then pass on this class to the SigningInformation class used for signing:

SigningInformation.setTimestampServer(TimestampServer server)

Validation of a timestamped digital signatures is automatic and does not require any additional call in the libraries or components.

Timestamp Servers available for testing

In our testing, we setup a free testing account with DigiStamp.

http://tsatest1.digistamp.com/tsa (user and password required)

DigiStamp offers digital timestamps starting at 0.40 cents a stamp with volume and non-profit discounts. You can setup access to test servers here.

We also found other test TSA’s (no username/password needed for these):
http://timestamp.globalsign.com/scripts/timestamp.dll 
http://tsa.starfieldtech.com
 http://tsa.safelayer.com:8093/
http://ca.signfiles.com/tsa/get.aspx 
http://services.globaltrustfinder.com/adss/tsa

Download Sample Java Program to Add a Timestamped Digital Signature to a PDF