Hi, i've read rfc 2560 (OCSP) and rfc 3161 (time-stamp) but they don't
describe clearly.
my understanding is that (in time order):
Signing:
1. Create a signed document.
2. Create time-stamp token and add it to the signature
3. Create ocsp and add it to the signture.
Verify:
1. Check the time-stamp in signature, get the time.
2. Check the ocsp against the time getting from time-stamp, get
the status of ocsp
3. Check the serial number of certificate in ocsp if it is same to
the serial number of certificate in signature (don not need to use CA public
key to verify user certificate)
4. Verify the signature using user certificate
Do i understand right? Thanks!
--
View this message in context:
http://itext-general.2136553.n4.nabble.com/Digital-Signature-with-OCSP-and-time-stamp-tp3275692p3275692.html
Sent from the iText - General mailing list archive at Nabble.com.
------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________
iText-questions mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/itext-questions
Many questions posted to this list can (and will) be answered with a reference
to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples:
http://itextpdf.com/themes/keywords.php
