Add an embedded timestamp from a Timestamp Authority (TSA) to a signature field already signed with a certificate

Product: @pdftron/pdfnet-node

Product Version: 9.2.0-1

Please give a brief summary of your issue:
Add an embedded timestamp from a Timestamp Authority (TSA) to a signature field

Please describe your issue and provide steps to reproduce it:
I’d like to add an embedded timestamp from a Timestamp Authority instead of having the mention “signing time is from the clock on the signer’s computer” in Adobe Reader.

I already followed the examples provided by pdftron, the issue is that all the examples are focused on a newly created signature field. In my case I have a signature field signed with our certificate (using signOnNextSave). I want this signature field to also contains the timestamp token provided by the Timestamp Authority so the mention “The signature includes an embedded timestamp” would appear on the signature field.

Please provide a link to a minimal sample where the issue is reproducible:
Here is the whole code signing my document: sign-pdf-with-timestamp.ts · GitHub
The timestamp-related code is on lines 85 to 97.

My main issue is that I can’t apply both signOnNextSave and timeStampOnNextSave on the same signature field, I have the error : “Message: Signature already cryptographically signed. If you want to re-sign this signature, clear it first using ClearSignature.”
But it’s technically possible to both sign and timestamp the same signature field, as demonstrated in this stackoverflow link : java - How to sign a PDF with embedded timestamp and LTV enabled? - Stack Overflow

Thanks for your help.

1 Like

Hello, I’m Ron, an automated tech support bot :robot:

While you wait for one of our customer support representatives to get back to you, please check out some of these documentation pages:


1 Like

Could anyone from the support answer me? Every other posts got answers but mine seems ignored (I also get no answer using the support website). :sweat_smile:

Seems like a pretty common use case for digital signatures. Please read it carefully because I was already pointed to the doc, and the answer is definitely not in the doc for this use case (applying both a certificate and a timestamp on the same signature field).

Thanks for your help and have a great day. :slightly_smiling_face:

1 Like

Sorry for the lack of an update. I have reproduced what you reported and have been working with the team to get you code sample you need. In the meantime, thank you for your patience.


Thank you again for your patience.

In my case I have a signature field signed with our certificate (using signOnNextSave)
In your typescript code you are creating and adding a signature field.

To clarify, your objective is to do the following with our SDK API:

  1. Create a new approval Signature field (as opposed to a Certified/Author signature field)
  2. Sign the new signature field
  3. Timestamp the signature

Or do you mean you are trying to edit/sign pre-existing signed signature fields?

1 Like

Hello Ryan,

My use case is creating a new approval signature on the fly, as shown in my code sample. Then signing the field, and finally timestamping the signature as well. Everything in one API call.

But I guess part 2. and 3. would work on a pre-existing empty signature field as well?

1 Like

Thank you for your patience while I sorted this question out with the team.

There was a complication with just our NodeJS API which I also had to wait for. Before trying to run the attached code below please make sure to update to our latest developer preview SDK build.

This fix above will be in our upcoming 9.3 SDK release which is expected mid-June. See here on how to get notified.

Attached is NodeJS code to add an approval Signature field, sign it, and add Time Stamp Authority (TSA) data.

DigitalSignaturesTest.js.txt (4.2 KB)

In case it is useful for others, attached here is also C# code to do the same.

DigitalSignaturesTest.cs (4.2 KB)

1 Like

Thanks for the code sample. Unfortunatly, the js file isn’t downloadable / viewable. Could you put it in a gist on github instead?

Also, is it possible to install nightly release through npm? I’m using @pdftron/pdfnet-node - npm and it would be awesome if I could access the nightlies from here. Maybe you could tag a release like a 9.3.0-beta.0 ?

1 Like

Hello Ryan.

I am trying to achieve exactly the same, as jgoux described.

However in C# and signing PDF by X509Certificate2 instance; therefore I am using custom
SignatureHandlerId sigHandlerId = doc.AddSignatureHandler(signatureHandler); that works well, when just signing by signatureField.SignOnNextSaveWithCustomHandler(sigHandlerId);, however I cannot make it work together with TSA and LTV.

Is there any chance, how to combine your C# sample to sign PDF using custom SignatureHandler, add Timestamp and optionaly enable LTV?

Thanks for any help.

1 Like