Add timestamp token from external service

Apryse SDK
Product Version:

Please describe your issue and provide steps to reproduce it:
we are trying to add a timestamp to a signature.
Both the signature and the timestamp come from an external API.
For the signature it works well with a CMSSignature

But I don’t see how I can add a timestamp token in the document / signature.
From our API we receive :
Base64 encoded DER representation of timestamp token according to RFC3161. It includes the TSA signing certificate in SignedData.CertificatesSet.

The documentation only shows how to call a TSA directly but this is not our use case.
Is there any way to do that with the SDK?

Current code to sign :

const page1 = await doc.getPage(1);
  const digsig_field = await doc.createDigitalSignatureField("test");
  const widgetAnnot = await PDFNet.SignatureWidget.createWithDigitalSignatureField(doc, new PDFNet.Rect(143, 287, 219, 306), digsig_field);
  await page1.annotPushBack(widgetAnnot);
  await digsig_field.createSigDictForCustomSigning('Adobe.PPKLite', PDFNet.DigitalSignatureField.SubFilterType.e_ETSI_CAdES_detached, 7500);
  let sigTime = new PDFNet.Date();
  await sigTime.setCurrentTime();
  await'static/test5.pdf', PDFNet.SDFDoc.SaveOptions.e_incremental);

  const pdfDigest = await digsig_field.calculateDigest(PDFNet.DigestAlgorithm.Type.e_SHA256);
  const signedAttrs = await PDFNet.DigitalSignatureField.generateCMSSignedAttributes(pdfDigest);
  const signedAttrs_digest = await PDFNet.DigestAlgorithm.calculateDigest(PDFNet.DigestAlgorithm.Type.e_SHA256, signedAttrs);

  const result = await performDigitalSigning(toHexString(signedAttrs_digest));  
  let sig;
  let certificate;
  let timestampToken;
  if(!result ) {
  } else {
    sig = result.signature;
    certificate = result.certificate;
    timestampToken = result.timestampToken;
  const signer_cert = await PDFNet.X509Certificate.createFromBuffer(pemToBuffer(certificate));

  var chain_certs = [];
  const digest_algorithm_oid = await PDFNet.ObjectIdentifier.createFromDigestAlgorithm(PDFNet.DigestAlgorithm.Type.e_SHA256);
  const signature_algorithm_oid = await PDFNet.ObjectIdentifier.createFromIntArray([1,2,840,113549,1,1]); //RSA encryption PKCS1
  const cms_signature = await PDFNet.DigitalSignatureField.generateCMSSignature(signer_cert, chain_certs, digest_algorithm_oid, signature_algorithm_oid, hexToUint8Array(sig), signedAttrs)
  await doc.saveCustomSignature(cms_signature,digsig_field,'static/test5.pdf');


Hi MichaelL,

Can you please confirm if you are using WebViewer? If so, which version (I saw Product Version: latest, just need to confirm).

You might want to check the following forum posts:


Hello Bojan

As I mentioned in my post, we are using Apryse SDK, so it’s server side and not with webviewer. We use the latest SDK version with node.js

I had seen the two posts you mentionned but they do not answer my problem (or I don’t understand how it works).

  • GenerateContentsWithEmbeddedTimestamp and using TimestampingConfiguration assumes that we need to contact a TSA. But as I said, we already have the timestamp token so we do not need to contact the TSA

Please see this forum post which covers custom signing (HSM) using NodeJS.

Hello Ryan

As I mentioned in my first post, the signing is not the problem.
We have achieved it, and it works (the example you mentionned helped me). The whole code is in my first post…

I am trying now to add a timestamp to the signature, with the requirements I mentionned earlier.

@MichaelL sorry for the confusion, and for the delay in a response. I am still reviewing with my team on how you can accomplish this task, and will update you once I know more.

I got confirmation from the team that at this time there is no specific API to allow this, and no realistic way to do it yourself (working at a lower level). The team has a work item to add support for this, but no time estimate at this time.

we are trying to add a timestamp to a signature.

What is your timeline?

Hello Ryan,

Thanks for the followup!
I don’t have a precise timeline right now but we are expecting to produce an MVP in the next few months to integrate digital signatures in some processes. Keep me updated :slight_smile:

Best regards