I'm not sure it is a problem with rfc3161ng or with Free TSA, but shouldn't the code below validate fine?
import rfc3161ng
rt = rfc3161ng.RemoteTimestamper('https://freetsa.org/tsr')
tst = rt.timestamp(data=b'John Doe', include_tsa_certificate=True)
rfc3161ng.check_timestamp(tst, data=b'John Doe', certificate=b'')Unless i'm missing something, the certificate is tst (and rfc3161ng.load_certificate seems to find it as expected), but it fails with InvalidSignature.
Note that this will work just fine:
rfc3161ng.check_timestamp(tst, data=b'John Doe', certificate=open('tsa.crt', 'rb').read())Edit: after some playing around, the issue is that there are multiple certificates, and the one to use for validation is the 2nd one. So something like that will work:
decoded_tst, _ = decoder.decode(tst, asn1Spec=rfc3161ng.TimeStampToken())
rfc3161ng.check_timestamp(tst, data=b'John Doe', certificate=encoder.encode(decoded_tst.content['certificates'][1][0]))
I'm not sure it is a problem with
rfc3161ngor with Free TSA, but shouldn't the code below validate fine?Unless i'm missing something, the certificate is tst (and
rfc3161ng.load_certificateseems to find it as expected), but it fails withInvalidSignature.Note that this will work just fine:
Edit: after some playing around, the issue is that there are multiple certificates, and the one to use for validation is the 2nd one. So something like that will work: