SetSignProcessDocTimeStamp
Security and Signatures
Description
Switches a sign process into PAdES Document Time-stamp mode as defined in ETSI EN 319 142-1 v1.2.1 clause 5.4.3. The resulting Signature Dictionary uses /Type /DocTimeStamp and /SubFilter /ETSI.RFC3161, and omits the /M, /Reason, /Location, /ContactInfo and /Name keys that the specification disallows for a time-stamp-only signature.
Passthrough is enabled automatically because the TimeStampToken (RFC 3161 updated by RFC 5816) in /Contents is supplied by an external Time-Stamp Authority rather than built in-process. Pass 0 for SignatureLength to use the default 8192-byte Contents reservation, or specify an explicit value sized to your expected TSA response (typical responses are 2-6 KB DER).
After calling EndSignProcessTo*, retrieve the ByteRange with GetSignProcessByteRange, compute the SHA-256 message imprint of the covered bytes, send it to the TSA, then patch the returned TimeStampToken (hex-encoded, padded to the reserved Contents size) into the output stream.
Syntax
Delphi
function TPDFlib.SetSignProcessDocTimeStamp(SignProcessID, SignatureLength: Integer): Integer;Parameters
| SignProcessID | Value returned by one of the NewSignProcessFrom* functions. |
|---|---|
| SignatureLength | Reserved size in bytes for the TimeStampToken payload in /Contents. Pass 0 to accept the 8192-byte default. |