class HexaPDF::DigitalSignature::Signing::TimestampHandler

Parent

This is a signing handler for adding a timestamp signature (a PDF2.0 feature) to a PDF document. It is registered under the :timestamp name.

The timestamp is provided by a timestamp authority and establishes the document contents at the time indicated in the timestamp. Timestamping a PDF document is usually done in context of long term validation but can also be done standalone.

Usage

It is necessary to provide at least the URL of the timestamp authority server (TSA) via tsa_url, everything else is optional and uses default values. The TSA server must not use authentication to be usable.

Example:

document.sign("output.pdf", handler: :timestamp, tsa_url: 'https://freetsa.org/tsr')

Attributes

contact_info[RW]

The contact information. If used, will be set on the signature dictionary.

location[RW]

The timestamping location. If used, will be set on the signature dictionary.

reason[RW]

The reason for timestamping. If used, will be set on the signature dictionary.

signature_size[W]

The size of the serialized signature that should be reserved.

If this attribute has not been set, an empty string will be signed using sign to determine the signature size. Note thtat this will contact the TSA server!

The size needs to be at least as big as the final signature, otherwise signing results in an error.

tsa_hash_algorithm[RW]

The hash algorithm to use for timestamping. Defaults to SHA512.

tsa_policy_id[RW]

The policy OID to use for timestamping. Defaults to nil.

tsa_url[RW]

The URL of the timestamp authority server.

This value is required.

Public Class Methods

new(**arguments)

Creates a new TimestampHandler with the given attributes.

Public Instance Methods

finalize_objects(_signature_field, signature)

Finalizes the signature field as well as the signature dictionary before writing.

sign(io, byte_range)

Returns the DER serialized OpenSSL::PKCS7 structure containing the timestamp token for the given IO byte ranges.

signature_size

The size of the serialized signature that should be reserved.

If this attribute has not been set, an empty string will be signed using sign to determine the signature size. Note thtat this will contact the TSA server!

The size needs to be at least as big as the final signature, otherwise signing results in an error.