Timestamp Authority

Timestamping can be used to independently and irrefutably prove the time certain actions occur, like the time a document was signed. So as to keep documents legal over long periods of time (e.g. long-term validation LTV) or just to keep a timestamped audit of the document, timestamp authorities can be used.

Most timestamp authorities charge for the timestamp service, the integrating part is responsible to use this feature wisely. We recommend using a free timestamp service when making the first development tests to prevent unexpected expenses.

Configuration TSA

eSign allows for the configuration of TSA using the esign.config file, as shown in the following code block:

TSA esign.config

{
    ...

    "_comment" : "List of TSA services by provider",
    "tsa" : [
        {
            "provider" : String,
            "url": String,
            "user" : String,
            "pass" : String
        }
    ]

    ...
}

As for the values to be configured in the esign.config file, the table below explains what each field represents and what values it expects to receive:

Table 1. TSA values description
Value	Type	Description
provider	string	If set to the value "default" the TSA will be used in all timestamp operations by default, otherwise, any value placed here will be used to restrict the use of this TSA certificate to a given organization (check Configure TSA by certificate issuer).
url	string	TSA’s service url where the timestamps are to be fetched
user	string	The username for the timestamp service authentication purposes
pass	string	The password for the timestamp service authentication purposes

Configure TSA by signature type

It is possible to configure which types of signing methods will use TSA to certificate the signature. In esign.config the property "signing.signmethods.tsa" allows the selection of these methods. It accepts an enumeration of signing methods (as long as they are made available in the property signing.signmethods").

Example of a configuration where TSA is only using for handwritten and smartcard signatures

{
    ...
    "properties": {
        "signing.signmethods.tsa": "HANDWRITTEN,SMARTCARD"
    }
    ...
}

Configure TSA by certificate issuer

It is also possible to configure a TSA that will only be used on signing certificates issued by a given organization.

For instance, by setting the "provider" property to "AMA - AGÊNCIA PARA A MODERNIZAÇÃO ADMINISTRATIVA", eSign will only add TSA’s to signatures that use certificates issued by this entity.