<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 2.0cm 2.0cm 2.0cm;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:331682787;
mso-list-type:hybrid;
mso-list-template-ids:678176880 -1 68157465 68157467 68157455 68157465 68157467 68157455 68157465 68157467;}
@list l0:level1
{mso-level-text:"%1\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style>
</head>
<body lang="IT" link="blue" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">Hi, <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I signed a file with Infocert timestamp but due to an error I did the timestamp under the “signature level” and I’ve obtained this .p7m file with three signatures, which one of them appears with the timestamp attached on it. What I really
need, is the .tsd file with both the three signatures and the timestamp (kind of splitted from the signatures itself).<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Is there a way to “extract” this specific timestamp, like extracting its .TSR / .TST files, in order to attach it to the .p7m file itself, and obtain an .TSD file, how you can see in the attachments?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><img width="647" height="432" style="width:6.7395in;height:4.4947in" id="Immagine_x0020_5" src="cid:image006.jpg@01D8D5BA.31E23010"><o:p></o:p></p>
<p class="MsoNormal">Since the timestamp was probably not executed on the file but on the signature itself, I guess I should first get the hashed .TSQ of the .p7m file, and next, I should generate a new .TSR / .TST (could I extract the .PEM certificates from
the previous timestamps in order to accomplish this step with the -TS reply -queryfile -inkey -signature)? My original idea, if it can work, was just "changing the level of the timestamp”: extracting the .TSR/.TST from the .P7M, and attaching “as it is” to
the file in order to get that .TSD or .M7M file: I’m just not sure if it’s that easy because I learned the .TSR is generated from the .TSQ of the file.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">As an alternative, I thinked of generating another .TSR file with a self-signed certificate in order to backdate its timestamp. I obtained the .TSR file but I don’t know how to merge it now to the .P7M file in order to get the .TSD (Dike
require a .TST file).<o:p></o:p></p>
<p class="MsoNormal">Also, it looks this generated .TSR file does miss a valid certificate (not sure what it means), it doesn’t have any timestamp (I need to backdate it in order to match it to the other .P7M timestamp, I’m not sure at what steps I can put
the timestamp), and it is not conformed to the EIDAS specification (a self-signed certificate could be conformed? Or this specification just refers to accredited TSA autorities and there’s no way I can get it for this .TSR?).
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><img width="647" height="432" style="width:6.7395in;height:4.4947in" id="Immagine_x0020_4" src="cid:image007.jpg@01D8D5BA.31E23010"><o:p></o:p></p>
<p class="MsoNormal"><img width="647" height="432" style="width:6.7395in;height:4.4947in" id="Immagine_x0020_3" src="cid:image008.jpg@01D8D5BA.31E23010"><o:p></o:p></p>
<p class="MsoNormal">The steps I made in order to generate this .TSR of the .P7M file, are these:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<ol style="margin-top:0cm" start="1" type="1">
<li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level1 lfo1">ts -query -data "C:\Users\aless\OneDrive\Desktop\Atto cessione quote.pdf.p7m.p7m" -out "C:\Users\aless\OneDrive\Desktop\Atto.tsq"<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level1 lfo1">openssl genrsa -out "C:\Users\aless\Onedrive\Desktop\tsaroot.key" 4096<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level1 lfo1">openssl req -new -x509 -days 1826 -key "C:\Users\aless\Onedrive\Desktop\tsaroot.key" -out "C:\Users\aless\Onedrive\Desktop\tsaroot.crt"<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level1 lfo1">openssl genrsa -des3 -out "C:\users\aless\Onedrive\Desktop\tsa.key" 4096<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level1 lfo1">openssl req -new -key "C:\Users\aless\Onedrive\Desktop\tsa.key" -out "C:\Users\aless\Onedrive\Desktop\tsa-csr"<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level1 lfo1">openssl x509 -req -days 730 -in "C:\Users\aless\Onedrive\Desktop\tsa.csr" -CA "C:\Users\aless\OneDrive\Desktop\tsaroot.crt" -CAkey "C:\Users\aless\OneDrive\Desktop\tsaroot.key" -set_serial
01 -out "C:\Users\aless\OneDrive\Desktop\tsa.crt" -extfile "C:\Users\aless\OneDrive\Desktop\extKey.cnf"<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level1 lfo1">openssl pkcs12 -export -out "C:\Users\aless\OneDrive\Desktop\tsa.p12" -inkey "C:\Users\aless\OneDrive\Desktop\tsa.key" -in "C:\Users\aless\OneDrive\Desktop\tsa.crt" -chain -CAfile
"C:\Users\aless\OneDrive\Desktop\tsaroot.crt"<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level1 lfo1">openssl ts -reply -queryfile "C:\Users\aless\OneDrive\Desktop\atto.tsq" -inkey "C:\Users\aless\OneDrive\Desktop\file.key.pem" -signer "C:\Users\aless\OneDrive\Desktop\file.crt.pem"
-out "C:\Users\aless\OneDrive\Desktop\atto.tsr"<o:p></o:p></li></ol>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Note: I didn’t touch anything before executing those commands, I just installed OpenSSL binary for Windows. I also had to “comment” those lines in the openssl.cfg file because the compiler was not finding the demoCA folders at the latest
step:<o:p></o:p></p>
<p class="MsoNormal"># certificate = $dir/cacert.pem # The CA certificate<o:p></o:p></p>
<p class="MsoNormal"># certs = $dir/cacert.pem # Certificate chain to include in reply<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks so much if you can help me</p>
</div>
</body>
</html>